c73b6d85c3783d65acdbc8b7d9afd855f781916e6ac7de4baa808fe21ff27bf0

Sharing

Copy URL

Twitter E-mail

General

Target

c73b6d85c3783d65acdbc8b7d9afd855f781916e6ac7de4baa808fe21ff27bf0
Size

499KB
MD5

b122a19333797af317f706b472a74f7d
SHA1

fa1751c13aad730dad22c95fa1e99ef3d3d5cbef
SHA256

c73b6d85c3783d65acdbc8b7d9afd855f781916e6ac7de4baa808fe21ff27bf0
SHA512

349b4cd54a1e251973fa435e2c307314a434ea0401d4a29f9504176171fdfd588f4daa396dc3555f9601229dd4a2c467ba31001f36042d541df33ba9514a9e4c
SSDEEP

6144:/LuO74WPPL+heSGJeaiLmyvbY4wB7+kW3WgQV0OlNG20q+ngY:P+hLaid87+PWgQNj0q+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c73b6d85c3783d65acdbc8b7d9afd855f781916e6ac7de4baa808fe21ff27bf0

Files

c73b6d85c3783d65acdbc8b7d9afd855f781916e6ac7de4baa808fe21ff27bf0
.exe windows:5 windows x86 arch:x86

cf909008f747fabd0fbc623e3a9a95a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Perforce\lw_coj\di\releases\md_patch1_pc\bin\lib\x86\vs2008\ReleaseWithDebugInfo\ModernDaysGame_x86_rwdi.pdb

Imports

msvcr90

strcpy_s
strcat_s
_splitpath
??3@YAXPAX@Z
wcscpy_s
??_V@YAXPAX@Z
strrchr
_strlwr
vsprintf
sprintf_s
strncpy
fwrite
_vsnprintf
atoi
strftime
_snprintf
malloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy
memset
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
strstr
free
strncmp
sprintf
_stricmp
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
vsprintf_s
_except_handler3

engine_x86_rwdi

GetEngineDllVersion
?SteamClientStarted@IGame@@SA_NXZ
ShowSplashscreen
InitializeGameScript
?RunTest@Repl@Net@@YAXXZ
?WaitForPipelineThreads@IGame@@QAEXXZ
?SetRootDirectory@IGame@@QAE_NPBD@Z
?SetLocaleID@IGame@@QBE_NPBD@Z
?Initialize@IGame@@QAEHPADHPAUHICON__@@KK@Z
?SteamTerminate@IGame@@SAXXZ
DestroyGame
InitializeGameScriptFn
CreateGame
?DestroyMountHelper@Mount@@YAXPAVIMountHelper@1@@Z
?CreateMountHelper@Mount@@YAPAVIMountHelper@1@PBD00@Z
HideSplashscreen
UninitializeGameScript
?SteamInitialize@IGame@@SA_NPBD@Z
?OnPaint@IGame@@QAEXXZ
?GetSystemLocale@IGame@@SA?AV?$string_base@D@ttl@@XZ

filesystem_x86_rwdi

?load_wide_string@fs@@YAPA_WPBD@Z
?CrashShowMessageBox@@YAX_N@Z
?shutdown@fs@@YAXXZ
?init@fs@@YA_NPBDH0_N1@Z
?CrashGetLogFileName@@YAPBDXZ
?CrashClose@@YAXXZ
?_CLog@@YAXIIPBDZZ
?root_path@fs@@YA?BV?$string_base@D@ttl@@PBD@Z
?_CLFilter@@YAII@Z

memdump_x86_rwdi

g_StartupValidator

dbghelp

MiniDumpWriteDump

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCurrentThread
DuplicateHandle
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
CloseHandle
CreateFileA
GetLocalTime
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
GetVersionExA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetLastError
CreateDirectoryA
GetCommandLineA
lstrlenA
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess

user32

LoadImageA
TranslateMessage
MessageBoxA
PeekMessageA
DispatchMessageA

gdi32

DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteA

game_x86_rwdi

ShutdownGameScriptDLL
InitializeGameScriptDLL

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf909008f747fabd0fbc623e3a9a95a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

engine_x86_rwdi

filesystem_x86_rwdi

memdump_x86_rwdi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

game_x86_rwdi

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 30KB

.rsrc Size: 458KB - Virtual size: 458KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 30KB

.rsrc
Size: 458KB - Virtual size: 458KB