DR1_us[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DR1_us.exe
Size

3.6MB
MD5

aa90431e19d1c659ac9128187c2093e0
SHA1

739412b4cfb5930e872907765c32db33cba665e1
SHA256

0c7baad1ffdbcae26cd672208d6c9410360b23f90c7848b77877ffa07799d75d
SHA512

30a316010a707e97a29225fe864c80bc44e5738665abc23e204e4b4601d0fe0dea242486955a31ac89158f94df63865c1664875f8fd1357653cd0d29d0afe106
SSDEEP

49152:7U+MENT+J76vh6+/fkR8OvKxq7GgCL3FAI+AKTHQR1uI21koIgqhgr:Y+w4hiRNS07GvVAI++u48q+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DR1_us.exe

Files

DR1_us.exe
.exe windows:5 windows x86 arch:x86

83c362e9fb93d75a78a8f38991fb0fcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Danganronpa\Development\Source\Prg\Prj\Vita\Win32\Master\DR1_us\DR1_us.pdb

Imports

freeimage

_FreeImage_CloseMemory@4
_FreeImage_LoadFromMemory@12
_FreeImage_SaveToMemory@16
_FreeImage_AcquireMemory@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetBits@4
_FreeImage_GetScanLine@8
_FreeImage_OpenMemory@8
_FreeImage_GetWidth@4
_FreeImage_GetHeight@4
_FreeImage_GetPalette@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_IsTransparent@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ColorQuantize@8
_FreeImage_Unload@4
_FreeImage_GetBPP@4
_FreeImage_Allocate@24
_FreeImage_PreMultiplyWithAlpha@4

steam_api

SteamAPI_Shutdown
SteamAPI_Init
SteamUtils
SteamUserStats
SteamAPI_WriteMiniDump
SteamAPI_SetMiniDumpComment

opengl32

glTexSubImage2D
glTexParameteri
glTexImage2D
glReadPixels
glReadBuffer
glPixelStorei
glGetTexImage
glGenTextures
glDepthFunc
glDepthMask
glDisable
glEnable
glFrontFace
glStencilFunc
glDeleteTextures
glClear
glClearColor
glClearDepth
glClearStencil
glDrawArrays
glDrawElements
glScissor
glStencilMask
glViewport
glBindTexture
glStencilOp
glGetIntegerv

glew32

__glewFramebufferTexture2DEXT
__glewFramebufferRenderbufferEXT
__glewDeleteFramebuffersEXT
__glewBindRenderbufferEXT
__glewBindFramebufferEXT
__glewRenderbufferStorageMultisampleEXT
__glewTexImage2DMultisample
__glewGenerateMipmap
__glewCheckFramebufferStatus
__glewBlitFramebuffer
__glewActiveTexture
__glewGenFramebuffersEXT
__glewGenRenderbuffersEXT
__glewRenderbufferStorageEXT
__glewBufferData
__glewBufferSubData
__glewDeleteBuffers
__glewGenBuffers
__glewAttachShader
__glewBindAttribLocation
__glewCreateProgram
__glewDeleteProgram
__glewCompileShader
__glewCreateShader
__glewDeleteShader
__glewGetActiveUniform
__glewGetProgramInfoLog
__glewGetProgramiv
__glewGetUniformLocation
__glewLinkProgram
__glewUniform1fv
__glewUniform1i
__glewUniform2fv
__glewUniform4fv
__glewUniformMatrix2fv
__glewUniformMatrix3fv
__glewUniformMatrix4fv
__glewUseProgram
_glewInit@0
__glewValidateProgram
__glewGetShaderInfoLog
__glewGetShaderiv
__glewShaderSource
__glewBindBuffer
__glewDisableVertexAttribArray
__glewEnableVertexAttribArray
__glewVertexAttribPointer
__glewBlendFuncSeparate
__glewBlendEquation
__glewUniform3fv

sdl2

SDL_SetWindowFullscreen
SDL_GetWindowSize
SDL_GetWindowWMInfo
SDL_Init
SDL_WaitEvent
SDL_GL_SetSwapInterval
SDL_DestroyWindow
SDL_GetError
SDL_GetNumDisplayModes
SDL_GetDisplayMode
SDL_GL_MakeCurrent
SDL_GL_SetAttribute
SDL_HapticRumbleStop
SDL_HapticRumblePlay
SDL_HapticRumbleInit
SDL_HapticClose
SDL_HapticOpenFromJoystick
SDL_GameControllerGetButton
SDL_GameControllerGetAxis
SDL_JoystickGetGUIDString
SDL_JoystickGetGUID
SDL_GL_SwapWindow
SDL_SetRelativeMouseMode
SDL_WasInit
SDL_InitSubSystem
SDL_GameControllerClose
SDL_GameControllerUpdate
SDL_GameControllerGetJoystick
SDL_GameControllerOpen
SDL_GameControllerAddMappingsFromRW
SDL_JoystickGetAttached
SDL_NumJoysticks
SDL_RWFromMem
SDL_free
SDL_malloc
SDL_ShowCursor
SDL_GL_DeleteContext
SDL_CreateWindow
SDL_SetWindowPosition
SDL_SetWindowSize
SDL_GL_CreateContext

shlwapi

PathAppendW

fmod

?setParameterInt@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HH@Z
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?removeDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAVDSP@2@@Z
?addDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAVDSP@2@@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getParameterData@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAXPAIPADH@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?setCallback@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PAUFMOD_SYSTEM@@IPAX11@ZI@Z
?setFileSystem@System@FMOD@@QAG?AW4FMOD_RESULT@@P6G?AW43@PBDPAIPAPAXPAX@ZP6G?AW43@33@ZP6G?AW43@33I13@ZP6G?AW43@3I3@ZP6G?AW43@PAUFMOD_ASYNCREADINFO@@3@Z9H@Z
?setDSPBufferSize@System@FMOD@@QAG?AW4FMOD_RESULT@@IH@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SPEAKERMODE@@H@Z
?setDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_System_Create
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPan@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?isPlaying@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setMode@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N2@Z
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?getMusicNumChannels@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setLoopPoints@Sound@FMOD@@QAG?AW4FMOD_RESULT@@IIII@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?createDSPByType@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PAPAVDSP@2@@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@PAHPAW4FMOD_SPEAKERMODE@@2@Z

d3dx9_43

D3DXCompileShader

kernel32

InterlockedPopEntrySList
InitializeSListHead
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
CreateEventW
SetEvent
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
SwitchToThread
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeLibrary
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringW
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
InterlockedPushEntrySList
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RegisterWaitForSingleObject
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetCurrentThread
SetLastError
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
HeapReAlloc
LoadLibraryExW
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
HeapFree
GetLastError
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
DecodePointer
EncodePointer
GetThreadPriority
UnregisterWait
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
ChangeTimerQueueTimer
FreeEnvironmentStringsW
GetNumaHighestNodeNumber
GetSystemInfo
GetModuleHandleW
FindNextFileW
FindFirstFileW
FindClose
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreW
GetUserDefaultLCID
MultiByteToWideChar
MoveFileExW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
LoadLibraryW
GetProcAddress
GetTickCount
GetLocalTime
SetThreadPriority
GetCurrentThreadId
Sleep
WaitForSingleObject
RaiseException
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SignalObjectAndWait
GetStartupInfoW

user32

ShowCursor
SetCursorPos
SetCursor
GetCursorPos
ClipCursor
ClientToScreen
GetDesktopWindow
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
ReleaseCapture
GetWindowRect
IsIconic
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
UpdateWindow
GetDC
ReleaseDC
AdjustWindowRectEx
ScreenToClient
SetWindowLongW
LoadIconW
GetKeyNameTextW
MapVirtualKeyW
GetRawInputData
RegisterRawInputDevices
SetCapture
SetWindowPos
GetClientRect
DestroyWindow

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
CreateCompatibleBitmap

shell32

SHGetFolderPathW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 849KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83c362e9fb93d75a78a8f38991fb0fcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

freeimage

steam_api

opengl32

glew32

sdl2

shlwapi

fmod

d3dx9_43

kernel32

user32

gdi32

shell32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 472KB - Virtual size: 472KB

.data Size: 118KB - Virtual size: 849KB

.tls Size: 512B - Virtual size: 17B

.rodata Size: 3KB - Virtual size: 2KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 501KB - Virtual size: 501KB

.bind Size: 392KB - Virtual size: 392KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 472KB - Virtual size: 472KB

.data
Size: 118KB - Virtual size: 849KB

.tls
Size: 512B - Virtual size: 17B

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 501KB - Virtual size: 501KB

.bind
Size: 392KB - Virtual size: 392KB