DOOM64_x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DOOM64_x64.exe
Size

5.9MB
MD5

61b1490824abb468cdc8daf8bc0115da
SHA1

98ecdd10bf3db3643610d6735856b7fe61a83c8e
SHA256

9fe16f104112a03313337147c3b20edb42c6691be4e09a9fe6af2bfd90d29496
SHA512

52c84a32120286eb65753bc8d24c8f94613541007df3bfec68ac9a4de04ff7cd786ebd7f8b6ddfe6d3bc7e19b95dd843435d95e9043a41869fa49a204e751ea9
SSDEEP

49152:FOqxXvdIPH2chaWLPklXlV1Ds5WxrKK+5t1XdDNwMj0JG5Qk9tCK6Hzj/o9uMYTW:naWlVVl6LpV0sFAzM+64YKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DOOM64_x64.exe

Files

DOOM64_x64.exe
.exe windows:6 windows x64 arch:x64

64390c2ff15b6eb9a37e383091458912

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\devstuff\doom64ex\kex3_osiris\bin64\osiris_x64.pdb

Imports

sdl2

SDL_SetMainReady
SDL_iconv_string
SDL_ShowSimpleMessageBox
SDL_HapticRumbleSupported
SDL_JoystickIsHaptic
SDL_HapticNewEffect
SDL_HapticOpenFromJoystick
SDL_GetDisplayMode
SDL_HapticUpdateEffect
SDL_HapticDestroyEffect
SDL_HapticRumblePlay
SDL_HapticRunEffect
SDL_HapticRumbleInit
SDL_JoystickGetDeviceInstanceID
SDL_HapticQuery
SDL_HapticClose
SDL_HapticRumbleStop
SDL_HapticUnpause
SDL_HapticPause
SDL_MinimizeWindow
SDL_GetWindowWMInfo
SDL_GetPerformanceFrequency
SDL_Delay
SDL_GetPerformanceCounter
SDL_UpdateWindowSurface
SDL_RWFromFile
SDL_ConvertSurface
SDL_UpperBlitScaled
SDL_FreeSurface
SDL_LoadBMP_RW
SDL_GetWindowSurface
SDL_GameControllerGetAxis
SDL_GetRelativeMouseState
SDL_StopTextInput
SDL_GameControllerAddMappingsFromRW
SDL_GameControllerGetJoystick
SDL_StartTextInput
SDL_GetModState
SDL_GameControllerGetAttached
SDL_PollEvent
SDL_WarpMouseInWindow
SDL_GameControllerName
SDL_GetMouseState
SDL_GameControllerGetVendor
SDL_GameControllerOpen
SDL_wcslen
SDL_SetRelativeMouseMode
SDL_GameControllerGetProduct
SDL_GameControllerClose
SDL_SetHint
SDL_JoystickInstanceID
SDL_NumJoysticks
SDL_RWFromConstMem
SDL_PumpEvents
SDL_GetHint
SDL_GetWindowSize
SDL_GetPrefPath
SDL_SetWindowTitle
SDL_CreateWindow
SDL_GetCurrentDisplayMode
SDL_GetWindowFlags
SDL_GetWindowBordersSize
SDL_GL_SetSwapInterval
SDL_LoadObject
SDL_UnloadObject
SDL_GL_CreateContext
SDL_GetClipboardText
SDL_GL_GetSwapInterval
SDL_DisableScreenSaver
SDL_GetDisplayName
SDL_SetWindowDisplayMode
SDL_GL_SetAttribute
SDL_GetDesktopDisplayMode
SDL_SetClipboardText
SDL_GL_GetProcAddress
SDL_ShowCursor
SDL_QuitSubSystem
SDL_Quit
SDL_GetError
SDL_DestroyWindow
SDL_SetWindowGrab
SDL_GetNumVideoDisplays
SDL_GetClosestDisplayMode
SDL_Init
SDL_GL_MakeCurrent
SDL_GL_DeleteContext
SDL_LoadFunction
SDL_GetCPUCount
SDL_GetDisplayUsableBounds
SDL_ShowMessageBox
SDL_GetBasePath
SDL_GetNumDisplayModes
SDL_free
SDL_GL_SwapWindow
SDL_strlen
SDL_IsGameController

opengl32

wglGetCurrentContext

ws2_32

ioctlsocket
sendto
freeaddrinfo
htons
htonl
recvfrom
socket
WSAStartup
getaddrinfo
closesocket
bind
WSACleanup
ntohs
connect
recv
send
shutdown
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
GetAddrInfoW
FreeAddrInfoW
WSAGetLastError

fmod

?release@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?init@System@FMOD@@QEAA?AW4FMOD_RESULT@@HIPEAX@Z
?set3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_VECTOR@@000@Z
?close@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getUserData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?update@System@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?set3DMinMaxDistance@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z
?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z
?set3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0@Z
?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
?setPan@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?setMode@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?setPitch@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?setVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterFloat@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HM@Z
?getBypass@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?setBypass@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?setChannelGroup@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVChannelGroup@2@@Z
?setLoopPoints@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIII@Z
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?createDSPByType@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PEAPEAVDSP@2@@Z
?createChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDPEAPEAVChannelGroup@2@@Z
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z
?getMasterChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z
FMOD_System_Create
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?removeDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@@Z
?setParameterInt@DSP@FMOD@@QEAA?AW4FMOD_RESULT@@HH@Z
?setLoopPoints@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@IIII@Z

steam_api64

SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamInternal_ContextInit
SteamAPI_RestartAppIfNecessary
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamInternal_FindOrCreateUserInterface
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_GetHSteamUser
SteamAPI_Init

kernel32

WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
VirtualQuery
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
FileTimeToLocalFileTime
GetSystemInfo
lstrcpyA
LoadLibraryA
lstrlenA
GetModuleFileNameA
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
GetNumaNodeProcessorMaskEx
SetThreadPriority
SetThreadAffinityMask
CreateProcessA
GetCurrentProcessId
Process32Next
CreateToolhelp32Snapshot
CreateThread
SetHandleInformation
Process32First
WideCharToMultiByte
MoveFileExW
MultiByteToWideChar
SetFileAttributesW
RemoveDirectoryW
lstrlenW
DeleteFileW
GetFileAttributesExW
CreateFileW
GetFileAttributesW
AllocConsole
GetProcAddress
GetFileInformationByHandle
WriteFile
GetStdHandle
SetConsoleTitleA
DebugBreak
RaiseException
GetLastError
GetLocaleInfoA
TerminateProcess
OutputDebugStringA
GetCurrentProcess
CreateDirectoryW
GetModuleHandleA
FormatMessageA
LocalFree
GetCurrentThreadId
CloseHandle
CreateFileA
SetFilePointer
ReadFile
GetVolumeInformationA
GetThreadId
CreatePipe
GetSystemDirectoryA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcessHeap
HeapFree
HeapAlloc
GetCommandLineW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
FlushFileBuffers

user32

wvsprintfA
wsprintfA
CallNextHookEx
UnhookWindowsHookEx
SendMessageA
LoadIconA
SetWindowsHookExA

shell32

CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteA

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear

advapi32

RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey

msvcp140

_Thrd_yield
_Cnd_signal
_Mtx_trylock
_Query_perf_counter
_Cnd_init_in_situ
_Thrd_hardware_concurrency
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
_Thrd_sleep
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Thrd_join
_Cnd_init
_Mtx_destroy
_Xtime_get_ticks
_Thrd_detach
_Thrd_id
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DReflect
D3DCompile

winhttp

WinHttpConnect
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSetStatusCallback

iphlpapi

GetAdaptersAddresses

vcruntime140

strchr
_CxxThrowException
__intrinsic_setjmp
__std_type_info_compare
memcmp
__RTDynamicCast
__C_specific_handler
memset
memmove
memcpy
longjmp
memchr
strrchr
__std_exception_copy
__std_exception_destroy
strstr
_purecall
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_aligned_malloc
calloc
_aligned_free
_callnewh
_aligned_realloc
realloc

api-ms-win-crt-runtime-l1-1-0

_errno
_exit
_invalid_parameter_noinfo
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
abort
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_wassert
_get_narrow_winmain_command_line
_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
exit
terminate

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fread
fseek
ferror
fgets
fputc
fputs
__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__p__commode
_getcwd
_wfreopen
fwrite
_kbhit
_set_fmode
fflush
ftell
fclose
__acrt_iob_func
__stdio_common_vswprintf
fopen
__stdio_common_vfprintf
rewind

api-ms-win-crt-convert-l1-1-0

atol
_strtoui64
strtoull
atoi
mbsrtowcs_s
strtol
strtod
atoll
wcsrtombs_s
atof
_strtoi64

api-ms-win-crt-string-l1-1-0

isupper
strtok
toupper
strncmp
strcat_s
strcspn
wcsncpy_s
iscntrl
_strnicmp
strncpy
isxdigit
tolower
isdigit
strcmp
_stricmp
strncpy_s

api-ms-win-crt-math-l1-1-0

ldexp
atan
ceil
sin
roundf
modff
cos
__setusermatherr
floor
log
sqrtf
sinf
powf
exp
log10f
floorf
tanf
ceilf
pow
log2
atan2f
cosf
sqrt

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
asctime
_ctime64

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64i32
_fullpath
_wfindfirst64i32
_stat64i32

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-conio-l1-1-0

_getch

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 676KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64390c2ff15b6eb9a37e383091458912

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sdl2

opengl32

ws2_32

fmod

steam_api64

kernel32

user32

shell32

ole32

oleaut32

advapi32

msvcp140

d3d11

d3dcompiler_47

winhttp

iphlpapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-conio-l1-1-0

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 676KB - Virtual size: 2.8MB

.pdata Size: 165KB - Virtual size: 164KB

_RDATA Size: 6KB - Virtual size: 5KB

.rsrc Size: 362KB - Virtual size: 361KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 676KB - Virtual size: 2.8MB

.pdata
Size: 165KB - Virtual size: 164KB

_RDATA
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 362KB - Virtual size: 361KB