privateloader | 24efb0eb88a8d9c000f272048a027346_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24efb0eb88a8d9c000f272048a027346_JaffaCakes118
Size

19.9MB
MD5

24efb0eb88a8d9c000f272048a027346
SHA1

b710831a005fab0655bacb91d10b3c22dc9d203a
SHA256

1b11cd26a11956ee664600fef39917a8f19ba2db4c9add4fedf7756d17dd9e24
SHA512

1210892b9c46fac00fc76aac7cb396db13e6b5a618586e9b84737eeb187f44fa12e63289cdba80acbcbd62c7ab390a47cd20003eadcee512b2aecc0bd639a9d6
SSDEEP

393216:bM4sSDS3LbDL6OjIT153Le0bmLGUpVZCjxyI3noxfJOJKOAUc:b/sSm3LXL5jIT153Le/pVZCjcIY+KOhc

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/files/Game/Bin/TS4.exe
unpack002/files/Game/Bin/TS4_x64.exe

Files

24efb0eb88a8d9c000f272048a027346_JaffaCakes118
.rar
The Sims 4 Island Living v 1.53.115.1020/The Sims 4 Island Living v 1.53.115.1020.rar
.rar
files/Game/Bin/OrangeEmu.dll
.dll windows:6 windows x86 arch:x86

3a5c4b818870d7370dfca9d2bdc5d67f

Code Sign

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95
Certificate

Issuer

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 21:46

Not After

17/02/2018, 21:46

Subject

CN=Windows Phone,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/07/2012, 22:23

Not After

24/07/2027, 22:33

Subject

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:25:b9:68:68:77:2c:49:f5:05:20:22:26:af:e1:bc:1c:25:21:6c:7f:5a:f9:c1:8b:fb:f9:45:07:17:ec:b2
Signer

Actual PE Digest

22:25:b9:68:68:77:2c:49:f5:05:20:22:26:af:e1:bc:1c:25:21:6c:7f:5a:f9:c1:8b:fb:f9:45:07:17:ec:b2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
GetTickCount
VirtualQuery
VirtualFree
VirtualAlloc
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
Thread32First
Sleep
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
GetProcAddress
OpenThread
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
ResumeThread
FreeResource
TlsGetValue
FindResourceW
LoadResource
SetWaitableTimer
lstrcmpiA
VerSetConditionMask
CreateDirectoryW
WaitForSingleObject
FormatMessageA
WriteFile
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
GetFileAttributesW
CreateFileW
GetEnvironmentVariableA
VerifyVersionInfoW
GetLastError
SetLastError
QueueUserAPC
EnterCriticalSection
LoadLibraryA
LockResource
PostQueuedCompletionStatus
WaitForMultipleObjects
SetEnvironmentVariableA
CreateIoCompletionPort
DeleteCriticalSection
TlsAlloc
DeleteFileW
LocalFree
TlsFree
SetFileAttributesW
CreateThread
LoadLibraryW
WriteConsoleW
TerminateProcess
WideCharToMultiByte
OpenProcess
K32GetModuleBaseNameW
GetQueuedCompletionStatus
DisableThreadLibraryCalls
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesExW
AreFileApisANSI
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThread
GetModuleFileNameW
ReadConsoleW
GetModuleFileNameA
SetEndOfFile
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetActiveWindow
MessageBoxA
CharUpperBuffW
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetFolderPathA
SHGetFolderPathW

ws2_32

htons
ntohs
WSAGetLastError
bind
WSASetLastError
closesocket
listen
WSASend
WSASocketW
WSARecv
WSAStartup
WSACleanup
ioctlsocket
setsockopt

mswsock

GetAcceptExSockaddrs
AcceptEx

wtsapi32

WTSSendMessageW

Exports

Exports

�К��Ge��>CġhC�l�򲀁�/7sՅ>{ ��X*�cQ��/�8+�aH��{�� ֦�:�vS�[mb��L{�e��3Ǐ#�rL�"F5��g9�mKʴ�`�J|?D��4-w �j�V�h1x�[u��i5h] �`�UL��6��P<.ռ��e`��-��!�<)B� *��Ck��K�d�=5_�n+��-q��=��YG��M�;�ą{�GʣT��&��SĬ)�l��Ĝ;hƲ,��O}�qGAo��Q?K-١��[��I/_{gJ�Mm� �rF�ə�3�ԩaD��U�S-t��lV��꽴��ɡ~��m��5��1��o��BŸ�!%�)*-s�s��n��bm�;k�� bE8t�!�Q`нC��2H��7UZ�z�q��Q��o>�<��*QV��tq��:�K�Yٚ��fԗ��Ja5íѣ��]q 5g%�Y��H��$��&z� 3$��/�y��^�F+H�x&�0�q&0QN`#X�뜛�c�7 ��!��L��9�|F��-�'��M�[��n�-\�!N�]��:�=�j*�r1�&:\��y��&zݙ��pq;�+H�ʤ��d�0=��(W?��!�s�oM�l��\ၶ��7�"Z叭0�`-��Zԑ��|��f�sO�Y��S�]��Ɖ��^��f?�&0n�n��qd�7x�9־''xY��AH��T�~~X��hf{��?RR<��h��A��Z�lDk� ��%� 2��}`��0��B.&��Z��f�Zxߗc�R�]"VGR6]{��̟2��v��O��r\�Vns��>��Y��f��,��7C��~g��2�+�lZ�Z֨�H'�1�wB�� ZH�})�#@�jK"_�@��0z�v6��x�d��*ű;V�2��ƍ�O|�!x�U�5��Y=�&B��l>9Oyޝ1��4�%�fw��6Us(!a��W��'�E@��Q�#�w��.��`G��fHi�B��,�[��ոz��=�i��t�f_�p��.��9O��Ş�$#g4��n�<�@�r�dx1)0K"�ȸ��Q��C��%,ځ�.>O�r�B0�<�|4��aI��wiH9pWї� U��7(��)W�I�K�&X�A��D@�v��Q��K�6]w3�M:aTj��&�u�Ī��E�wM�~7E��1��*<V��z��Af��s��(�d�X��&a��U�eE��]l�Y֤�W�&�k3�@�_��܍�H��e�&8G��7��b/ �K|a��fkS�qR�Þ� ݙRș�y} �ۖϔKi�0I@p�l��c��;;^Y�d�k�Kv��y��G�2+�f��9�т�&��b�pJYlD�˚�Ʃ�׉�V��QH `"��Ŋ}��n��z�.��Jl��,m�.�8�)��7q�ԯ˫xkr�4q�t 5�m ,"ʦ�R5މ{_(�t5��u��?�DEp��ʠ��X��SH�R4l2ʜ��t�^�LK��9��~]Ⱦn�"1��i�ݓ=��"��vn8֗}�nk�=�_%��K�� e�n�0��د��T��oBJb,��r��>�+��,�z 7|��0��(e ��"��Q�k�fL�e4Ld�_��{�b�|E��x��R��'3�w��T��=TF}�U�8q3n~1x�2� �YaI��1��*C�W̸�g��랇+8-9�MV.��j.�y[9@�5�Y�s )X�ʻ�]�i�E� ��W�De �Q��k�V�}rt{51�ꚝ�m��0c3;�o��g0@Q�A�*��483xZ�W��[� Gly;ʗ��OT2Q�9K�U�4�u�Q��֍�~!0#��U׃!��%�R,Oz��X�� ;��bS��ſlD��Zh�<�h��Xٔ>!S��8�C�uY��E��ʙ�*j��f�#��ċڍ;6��r:~�\��*Ѥq��~��:�J��器�y�I�d��آ�h�3�SJ�1�G�e��'.2��j��8��+}<��U��B�6�ڏ$�9�A��p�{'�@{8��S��Ѻa��k�x��l�Ĳ@a�Zm4��L��Z��x��I�]n~�߯fIjFWH ��qy��]uGW��X��h�L�� 7q%� ��T��suAؑG5�p�o��y. ��g2�k��Ԡ;��<&U]%�aD�¯�r�]$z@CrR��v�'^��>*�|�[E�M=��stZ�CK%|cKJ��bж��f( ��%�j��C7S8~.�$�̼��g�%�)�5�F��T��$V�|m)\��M ��@3y�Y��b␒��q�C�>��%r�>��T�-�+�?��'G@��.�ha�2i0��cJo�D��c��[�k_d#Y�~$�� Y&� P�� ۔�ee{?I�C��3$��I�+z�ڗ�nfY?H T�{Vӈ�� `cݖ�k��̷�Kac[�)x��j�-wyo'�ֳ�a��;��µ�⊖0z4��6��VJn��~({��♊Rя�[��=�īb�G"�1�2��Ev�Pn��Co�$x%��>1V�nʹ�]Lb+�Q�L^��Q��i�E�Z �]�F�A��KM��ֱ�I�g�|�%~�[W�Ѻa��z��.[��+��4-��$�/��߭��`//�PH��M f��:�`�l=�# �Ö::�C@�6g0זk��iJ�n��6�a�fO�x��->87�m�i��'I�819��\��o��t��\4 ؠ��b�Lk��x�R��BB�7��t�C��H�L3��@70��C,��J{;S[�=��k��5�<�b
CDX

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lootbox
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lootbox
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
files/Game/Bin/OrangeEmu64.dll
.dll windows:6 windows x64 arch:x64

06bbc1e978b062c585155dfdeda22e9e

Code Sign

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95
Certificate

Issuer

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 21:46

Not After

17/02/2018, 21:46

Subject

CN=Windows Phone,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/07/2012, 22:23

Not After

24/07/2027, 22:33

Subject

CN=Microsoft Windows Phone Production PCA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:e8:77:09:f5:38:aa:5b:cd:3a:38:07:f4:19:c3:ac:fc:29:08:06:f2:48:a6:42:13:6d:31:c0:74:8a:5a:d5
Signer

Actual PE Digest

18:e8:77:09:f5:38:aa:5b:cd:3a:38:07:f4:19:c3:ac:fc:29:08:06:f2:48:a6:42:13:6d:31:c0:74:8a:5a:d5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
GetTickCount
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
Thread32First
Sleep
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
GetProcAddress
OpenThread
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
ResumeThread
FreeResource
TlsGetValue
FindResourceW
LoadResource
SetWaitableTimer
lstrcmpiA
VerSetConditionMask
CreateDirectoryW
WaitForSingleObject
FormatMessageA
WriteFile
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
GetFileAttributesW
CreateFileW
GetEnvironmentVariableA
VerifyVersionInfoW
GetLastError
SetLastError
QueueUserAPC
EnterCriticalSection
LoadLibraryA
LockResource
PostQueuedCompletionStatus
WaitForMultipleObjects
SetEnvironmentVariableA
CreateIoCompletionPort
DeleteCriticalSection
TlsAlloc
DeleteFileW
LocalFree
TlsFree
SetFileAttributesW
CreateThread
LoadLibraryW
WriteConsoleW
TerminateProcess
WideCharToMultiByte
OpenProcess
K32GetModuleBaseNameW
GetQueuedCompletionStatus
DisableThreadLibraryCalls
SetStdHandle
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
DuplicateHandle
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesExW
AreFileApisANSI
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
ReadFile
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsProcessorFeaturePresent
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThread
GetModuleFileNameW
ReadConsoleW
GetModuleFileNameA
SetEndOfFile
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
CreateFileA
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
LocalFree
ReadFile
WriteConsoleW
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetActiveWindow
MessageBoxA
CharUpperBuffW
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetFolderPathA
SHGetFolderPathW

ws2_32

htons
ntohs
WSAGetLastError
bind
WSASetLastError
closesocket
listen
WSASend
WSASocketW
WSARecv
WSAStartup
WSACleanup
ioctlsocket
setsockopt

mswsock

GetAcceptExSockaddrs
AcceptEx

wtsapi32

WTSSendMessageW

Exports

Exports

CDX
f�;հ��GCs�͋��,ϐ ��9��.��ˇ��{9��q�`��Se�\�lV��c��t��d@�B�s�m��!�W<�ܲ�8��?��X]ǐ�{��<9x��*��g�B��A�* �&�1��h[�~��"{��[��mF�P��2��e��ɫ��)#��Eb2"��K��n��0�|U�0��t>aYC6��6�w��Vֻ�љc�KTD�3�x��7��yО_�1>�kX{DJg��5��#��w�>k*1��ui��$��?J-P�$�'�Pf��Y��1ބި��7�_L�̌��¸��[)Mf9��c��G�%��ǎb�`PٷS�^=��e~b�i[=��$I��a��`�zy w�S�� ?��<W��]1�J1S��89�|�L,�OE� �.A��m��܇!��'�9) �Bh�d^�m8>��6��Κc�Y��H��~��)�I ��:8Ƥѡ�"��%\Q�ͫ��J/�{�W�T+sim!�w0Y8��>��W ?\��e�?�S:0'��O΋yo��+ &R��ܻ��7w}@^㺱 �~:v��y&d\��{��H�6�%f�t5,��tRܺ�v�ӡJ4�Wo��_��BkW��YOP}�5Ղx��M��U+1}g8k��0hc��&�r v�u��A��NĶπb��m��\��@'Q�/�K��V1�o��k!e�B7��K�Ca��Гzn.�t��T&��3fR��ј�b�(�x��]b�K"�AX� �q�W1"�g��v�⥱@(��b�L0��q��N/K�_�*��I�Y��|CY��Q��&>|�B��C�֟8P:�&a�v��0��\�9�\��J�~o��H�6��N��F��8P�<�X�/$�X;��'��-��b6��9�q��}��O��9�tlL��C2��j�lC��@�P��;+_�=B�>z�)=ܺK5� �#9 )^w0�ؔ�� W��W��L�!~~.�g��$��\��ď��!CF�P͓u#��\(8TfX�-Z��ڦX�_��ȏYt��?8(��@p��-��ȳ��?�=;��B��?�ujV�lk�h<S�77�WTH��KR��-3�N��b��R?�Ҭ3�E��[6��&PaZ z�y��Ĥk��텇�FC��V�:��s�9�p�U��s��2O�Z��n�3C�с�lR�K8R�k��x��\�� )uy=�n�'g�P .&LYt�jt�kY��irjX��GX^ߤ��d1�kh��#.��%Ű��W��v��~<�/��9�7�gHeH�V��$dJ��-��d��<8fմ�_*�Jv9gb�Hy.�sB��G�ၟw$P�MR�Rvu8�}��\g�;��PM�&�e��W��)t��&9ܰ#�-ރB�v�et> ȧ ,��H?��#U�-+E�,��*��}�f ڣ�O�De��2��5�|�S�6��a��`��?��(��bL*�`\��9�h�� xt(:�*�y�,ڗ��Y��^�ǛL��F�T�/q��$h��U#�w�x��3��*{l��V�c�кKn[X@V��c�O�M��7({g"�䷆J65ס9�}�>$�Z�l�~�SI�S��U��j�ӛ�i�;JdbS�;�$R��<��A�N�k2��bK;�Hv;L��m ��^��o��O�+<9\k>M�O��L�H�t�&�|IC�� a V��~�?�Qׄ��k�z�a�_,�p��6Μ-��o�� @�.��uF,��{��@�4 �{��ں��eee�+x��^��;��]tiÁ�nx`<7��D��ٜ��@��#e@��!��\+��[I��,��&n��ⴽ[bN�J��'q�ѯgd�-��I��Utu`�?)�R��K��N~�q� �ƌ��pK��h�}�~O�wH�KEQ�� q��| /ľ��R� 03Z[�,�C2��#��l�I��ث��Z�N��t$�� T\�CY�[N6�0Y��Cy��擄j��m�N#-�L�u��e�X��L��P(E�m��m��P��;.s�iF^��nw� H;�{໶��O�٬W�7`�@��#s�SJ�5�ү�=��3e�A��,��KKi�ӵǿ%Ć�6�[┪��.��H��J��Sh�S�{1�B��}�݇/�DsѼRn�r��A��P�6d��9��J"K�)�<��P$�� .��^��}��W�<�:|��8��t��R�|y�Ā^�~n�db�P�:C��NZ��"c��㦹`0��q��飜��̅i��|��v��}j;ƖC<!n��T��ˆr��BB�$�pD�R�i7i�+��Y��6��C�s<��#4�iꈼh�Zl'��U`�$�R\sg��(-��ʍ@`��`c%�;��0z��K�~��t�7�?��:K��y��Cy�)�p�K��})��@��/�EQ�\p��+)i�G�]P2��%��g�Bcg�R�*5XY?��~�9��D `��?#�fo��q�A��'�bm��~�e/r�R�U��xM�x��͎�o��:�3f�c�K��ubl0�)ʤ��]�<B�s��]n�h,�E!��.��Bi�^>G��X�� >G�`�I��ENm�FS[�S>��N04c�eܯ��(��pFB�zEyYж!7B j� �!T.��A�D�D�߹V�H��g��n�& _H;@��o-;(�7*ռ i:r�j��2:5<�~��Q�G��0��ʣ��T��t� ��#O}�?_��n�zi�ߖ�0cX}��ZO��\��]�vc�9Z�U�)<2�

Sections

.text
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lootbox
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lootbox
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
files/Game/Bin/TS4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TS4\_compile\Sims4\Release\TS4.pdb

Exports

Exports

AmdPowerXpressRequestHighPerformance
DSS
NvOptimusEnablement
SetTelemetryTrampolineFunctions

Sections

.text
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 451KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 860KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ooa
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lootbox
Size: 4KB - Virtual size: 22.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
files/Game/Bin/TS4_x64.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\TS4\_compile\Sims4\Releasex64\TS4_x64.pdb

Exports

Exports

AmdPowerXpressRequestHighPerformance
DSS
NvOptimusEnablement
SetTelemetryTrampolineFunctions

Sections

.text
Size: 20.5MB - Virtual size: 20.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 585KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ooa
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lootbox
Size: 4KB - Virtual size: 28.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
files/Game/Bin/codex.cfg
patchnotes.txt

Sharing

General

Malware Config

Signatures

Files

3a5c4b818870d7370dfca9d2bdc5d67f

Code Sign

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95Certificate

Extended Key Usages

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0bCertificate

Key Usages

22:25:b9:68:68:77:2c:49:f5:05:20:22:26:af:e1:bc:1c:25:21:6c:7f:5a:f9:c1:8b:fb:f9:45:07:17:ec:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

mswsock

wtsapi32

Exports

Exports

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 11KB - Virtual size: 20KB

.lootbox Size: 1.4MB - Virtual size: 1.4MB

.lootbox Size: 384KB - Virtual size: 384KB

.reloc Size: 25KB - Virtual size: 24KB

.rsrc Size: 26KB - Virtual size: 26KB

06bbc1e978b062c585155dfdeda22e9e

Code Sign

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95Certificate

Extended Key Usages

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0bCertificate

Key Usages

18:e8:77:09:f5:38:aa:5b:cd:3a:38:07:f4:19:c3:ac:fc:29:08:06:f2:48:a6:42:13:6d:31:c0:74:8a:5a:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

mswsock

wtsapi32

Exports

Exports

Sections

.text Size: 486KB - Virtual size: 486KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 14KB - Virtual size: 25KB

.pdata Size: 23KB - Virtual size: 23KB

.lootbox Size: 2.3MB - Virtual size: 2.3MB

.lootbox Size: 473KB - Virtual size: 473KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 26KB - Virtual size: 26KB

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 17.7MB - Virtual size: 17.7MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 451KB - Virtual size: 812KB

.tls Size: 512B - Virtual size: 4KB

_RDATA Size: 15KB - Virtual size: 16KB

.rsrc Size: 105KB - Virtual size: 108KB

.reloc Size: 860KB - Virtual size: 864KB

.ooa Size: 1KB - Virtual size: 4KB

.lootbox Size: 4KB - Virtual size: 22.2MB

Headers

DLL Characteristics

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95
Certificate

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

22:25:b9:68:68:77:2c:49:f5:05:20:22:26:af:e1:bc:1c:25:21:6c:7f:5a:f9:c1:8b:fb:f9:45:07:17:ec:b2
Signer

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 11KB - Virtual size: 20KB

.lootbox
Size: 1.4MB - Virtual size: 1.4MB

.lootbox
Size: 384KB - Virtual size: 384KB

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 26KB - Virtual size: 26KB

33:00:00:00:95:dd:0e:34:66:c7:05:3e:e7:00:00:00:00:00:95
Certificate

33:00:00:00:0b:fc:f9:8e:58:4c:15:50:bf:00:00:00:00:00:0b
Certificate

18:e8:77:09:f5:38:aa:5b:cd:3a:38:07:f4:19:c3:ac:fc:29:08:06:f2:48:a6:42:13:6d:31:c0:74:8a:5a:d5
Signer

.text
Size: 486KB - Virtual size: 486KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 14KB - Virtual size: 25KB

.pdata
Size: 23KB - Virtual size: 23KB

.lootbox
Size: 2.3MB - Virtual size: 2.3MB

.lootbox
Size: 473KB - Virtual size: 473KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 17.7MB - Virtual size: 17.7MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 451KB - Virtual size: 812KB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 105KB - Virtual size: 108KB

.reloc
Size: 860KB - Virtual size: 864KB

.ooa
Size: 1KB - Virtual size: 4KB

.lootbox
Size: 4KB - Virtual size: 22.2MB

.text
Size: 20.5MB - Virtual size: 20.5MB

.rdata
Size: 6.1MB - Virtual size: 6.1MB

.data
Size: 585KB - Virtual size: 1.0MB

.pdata
Size: 1.3MB - Virtual size: 1.3MB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 105KB - Virtual size: 108KB

.reloc
Size: 237KB - Virtual size: 240KB

.ooa
Size: 1KB - Virtual size: 4KB

.lootbox
Size: 4KB - Virtual size: 28.8MB