l:\Rally_7\SourceMaterial\CodeBase\Game\Pc\Distribution\Rally7App.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb.exe
Resource
win10v2004-20240508-en
General
-
Target
ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb
-
Size
4.2MB
-
MD5
883aa03d5d9cf3652c253dac86013ccf
-
SHA1
37f27bacd0670c7a1ef8ca070ef899757cfc4d4a
-
SHA256
ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb
-
SHA512
bd1a78bba1d0b92849ad3d612491884521267b0f750caacb9f972b158f8ab0a9fa7826d284091819b0e3fc4fad3e8c1cfd5390ed008c4d8ac66f052572bd0974
-
SSDEEP
49152:KlKETdG68+00fwtgXbPfcEQrYOiOlgj97rsQfquTI6osBtUGeW:KlK9++gXbnPQfrlgR7rhXos
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb
Files
-
ab5b6a0cb32bc535952c68901a3d862d750dd43e23a701da8513567b127535cb.exe windows:4 windows x86 arch:x86
5b9db1a4451058d107d8b95629b4a130
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
dinput8
DirectInput8Create
dsound
ord11
kernel32
CreateMutexA
WaitForSingleObject
CreateProcessA
GetCurrentThreadId
GetComputerNameA
SetUnhandledExceptionFilter
SetFilePointer
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
Sleep
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
IsBadReadPtr
GetSystemInfo
IsProcessorFeaturePresent
CreateFileW
WideCharToMultiByte
GetVersionExA
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
InterlockedExchange
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
GetLastError
VirtualAlloc
HeapAlloc
lstrlenA
lstrcpyA
lstrcatA
lstrcpynA
FormatMessageA
LocalFree
GetFileTime
GetPrivateProfileStringA
IsBadStringPtrW
GetCurrentProcess
MultiByteToWideChar
IsBadStringPtrA
SetLastError
GetCurrentProcessId
GetSystemTime
MulDiv
HeapReAlloc
lstrcmpA
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
UnmapViewOfFile
GetPriorityClass
Process32Next
GetSystemDirectoryA
OutputDebugStringW
GetSystemTimeAsFileTime
GetStartupInfoA
ExitProcess
GetTickCount
QueryPerformanceFrequency
HeapFree
GetProcessHeap
CloseHandle
QueryPerformanceCounter
FindNextFileA
GetDiskFreeSpaceA
GetFileAttributesA
DeleteFileA
GetFileSize
ReadFile
CreateDirectoryA
CreateFileA
WriteFile
FindFirstFileA
FindClose
OutputDebugStringA
GetCurrentDirectoryA
CreateFileMappingA
VirtualFree
MapViewOfFile
OpenProcess
user32
TranslateMessage
PeekMessageA
MessageBoxA
DestroyWindow
InvalidateRect
SetFocus
SetForegroundWindow
ShowWindow
UpdateWindow
CreateWindowExA
GetSystemMetrics
RegisterClassA
ShowCursor
LoadIconA
GetAsyncKeyState
GetKeyNameTextA
GetIconInfo
GetDC
ReleaseDC
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadCursorA
SetRect
AdjustWindowRect
LoadMenuA
GetWindowLongA
DispatchMessageA
GetClientRect
ClipCursor
SetCursor
GetCursorPos
ScreenToClient
SendMessageA
SetWindowPos
GetClassLongA
SetWindowLongA
SetMenu
GetMenu
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DestroyAcceleratorTable
GetDlgItem
PostMessageA
DialogBoxParamA
EndDialog
EnableWindow
CheckRadioButton
IsDlgButtonChecked
wsprintfA
MessageBoxW
IsWindow
DefWindowProcA
SetCapture
ReleaseCapture
GetWindowRect
PostQuitMessage
gdi32
CreateCompatibleDC
SelectObject
GetDIBits
DeleteDC
CreateDIBSection
SetMapMode
GetObjectA
CreateFontA
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
ExtTextOutA
GetDeviceCaps
GetStockObject
DeleteObject
advapi32
RegCloseKey
GetUserNameA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
VariantClear
VariantInit
msvcp71
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??Bid@locale@std@@QAEIXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rdstate@ios_base@std@@QBEHXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Myptr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?_Nomemory@std@@YAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
msvcr71
strrchr
_strlwr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_callnewh
calloc
wcslen
strcoll
strcspn
strtod
strftime
clock
getenv
tmpnam
rename
remove
system
fscanf
_errno
strerror
strtoul
fputs
strpbrk
memchr
islower
iscntrl
ispunct
isupper
_iob
fgetc
ungetc
freopen
_wtoi64
wcstombs
wcscmp
wcscat
_beginthreadex
_access
_vscprintf
realloc
_mbsnbcat
_mbsstr
tmpfile
_CIcosh
_CIexp
isspace
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memmove
atoi
??_V@YAXPAX@Z
_CIacos
_CIasin
free
strstr
_strupr
_strdup
_purecall
_isnan
sprintf
rand
fclose
malloc
fread
fopen
srand
time
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
fwrite
fseek
ftell
_snprintf
strncpy
strncmp
_control87
vsprintf
wcscpy
_wcsupr
swprintf
_localtime64
_time64
_tzset
fprintf
floor
qsort
printf
vprintf
strchr
_strcmpi
atof
atol
sscanf
bsearch
isdigit
div
fflush
toupper
tolower
fgets
localtime
ceil
_findclose
_findnext
_findfirst
_finite
_ftol
_controlfp
longjmp
_setjmp3
_CIpow
_vsnprintf
frexp
_strdate
_strtime
ldexp
setlocale
_stricmp
isalnum
isalpha
isxdigit
_except_handler3
exit
_fpclass
_CItanh
_CIsinh
_CIfmod
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
d3d9
Direct3DCreate9
winmm
timeGetTime
Exports
Exports
UpdateParticleSystem
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 604KB - Virtual size: 602KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 172KB - Virtual size: 15.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 228KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ