tombraiderleendscrashfix15112014[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

tombraiderleendscrashfix15112014.zip
Size

7.1MB
MD5

25b01eec072db511c3473ed67b6efc74
SHA1

aab0d92e43b30e87494bb2c37ed1d587ec4f2a41
SHA256

c8748e9c5776d42f943befb110893be7f642183432791615cb16789d488c5b66
SHA512

48867ee5df19a04fde399c832b8c39e336250ca9943c8003b557453a35f9ee38ddc39ed568733bbc5cfd32997c646e912ddd4af6f367a94c2fd7e3d3fb275bc9
SSDEEP

196608:wwJS+eehZm7RcJX2GCB0EBECJgvU203tkRSBI0nfB/x7DennJM:/Soh4S8G+EWgvUX9kRSBI0VxHenJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/retail/trl.exe
unpack001/steam/trl.exe

Files

tombraiderleendscrashfix15112014.zip
.zip
retail/trl.exe
.exe windows:4 windows x86 arch:x86

97c40df8fce8bf917ecbfcac9de9fa6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
Sleep
ReadFile
CreateFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
MultiByteToWideChar
CreateFileW
GetFileSize
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
WriteFile
DeleteFileW
GetOverlappedResult
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
VirtualAlloc
VirtualFree
GlobalFree
GlobalAlloc
DuplicateHandle
GetVersionExA
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetSystemInfo
SetFilePointer
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
RaiseException
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
InterlockedExchange
HeapSize
HeapCreate
HeapDestroy
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
SetThreadAffinityMask
SetThreadPriority
SetPriorityClass
GetCurrentThreadId
SuspendThread
GetCurrentProcess
TerminateProcess
CloseHandle
ExitProcess
CreateMutexA
GetLastError
LCMapStringW
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
DeleteCriticalSection
VirtualProtect
VirtualLock
TerminateThread
CreateThread

user32

SetWindowPos
ShowWindow
GetWindowPlacement
SetFocus
GetClassNameA
EnumWindows
DestroyWindow
MessageBoxA
SystemParametersInfoA
SetWindowTextW
SetWindowTextA
GetWindowRect
SetForegroundWindow
LoadIconA
GetDlgItem
EndDialog
DialogBoxParamW
DefWindowProcA
SetCursorPos
ShowCursor
ClientToScreen
EndPaint
FillRect
GetClientRect
BeginPaint
PostQuitMessage
CreateWindowExA
MessageBoxW
SendMessageA
CheckDlgButton
RegisterClassA
LoadCursorA
GetMessageA
mouse_event
TranslateMessage
MonitorFromWindow
GetMonitorInfoA
SetCursor
GetDesktopWindow
SendDlgItemMessageW
GetForegroundWindow
IsDlgButtonChecked
EnableWindow
SendDlgItemMessageA
InvalidateRect
DispatchMessageA
GetCursorPos
PeekMessageA

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyW
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
SysAllocString

binkw32

_BinkSetVolume@12
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkOpen@8
_BinkPause@8
_BinkClose@4
_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkNextFrame@4

winmm

waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutGetPosition
timeGetTime
waveOutGetDevCapsA

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shad
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

credo
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

absurdum
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

quia
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dev0
Size: 217KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dev1
Size: 2.4MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dev2
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
steam/trl.exe
.exe windows:4 windows x86 arch:x86

7c4cb3748362c1303ea20f10e7b5e159

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tr7\output\win32_gm\game\tr7.pdb

Imports

kernel32

DuplicateHandle
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
Sleep
ReadFile
CreateFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
MultiByteToWideChar
CreateFileW
GetFileSize
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
WriteFile
DeleteFileW
GetOverlappedResult
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
VirtualAlloc
VirtualFree
GlobalFree
GlobalAlloc
SetThreadAffinityMask
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetSystemInfo
SetFilePointer
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
RaiseException
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
HeapCreate
HeapDestroy
VirtualQuery
InterlockedExchange
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
SetThreadPriority
GetVersionExA
SetPriorityClass
GetCurrentThreadId
SuspendThread
GetCurrentProcess
TerminateProcess
GetSystemTime
ExitProcess
CreateMutexA
GetLastError
CloseHandle
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
VirtualProtect
VirtualLock
TerminateThread
CreateThread

user32

ShowCursor
SetCursor
LoadCursorA
SetForegroundWindow
SetWindowPos
ShowWindow
GetWindowPlacement
SetFocus
GetClassNameA
EnumWindows
MessageBoxA
SystemParametersInfoA
DestroyWindow
SetWindowTextA
GetWindowRect
SendMessageA
LoadIconA
GetDlgItem
EndDialog
DialogBoxParamW
DefWindowProcA
SetCursorPos
ClientToScreen
EndPaint
FillRect
GetClientRect
BeginPaint
MessageBoxW
SetWindowTextW
IsDlgButtonChecked
PostQuitMessage
CreateWindowExA
RegisterClassA
GetMessageA
mouse_event
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SendDlgItemMessageW
CheckDlgButton
GetForegroundWindow
EnableWindow
SendDlgItemMessageA
InvalidateRect
DispatchMessageA
GetCursorPos
PeekMessageA
TranslateMessage

gdi32

GetStockObject

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
SysAllocString

binkw32

_BinkSetVolume@12
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkOpen@8
_BinkPause@8
_BinkClose@4
_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkNextFrame@4

winmm

waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutGetPosition
timeGetTime
waveOutGetDevCapsA

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shad
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bind
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97c40df8fce8bf917ecbfcac9de9fa6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

binkw32

winmm

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 75KB - Virtual size: 76KB

.data Size: 4.5MB - Virtual size: 4.5MB

.shad Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 14KB - Virtual size: 16KB

credo Size: 4.3MB - Virtual size: 4.3MB

absurdum Size: 47KB - Virtual size: 48KB

quia Size: 2.1MB - Virtual size: 2.1MB

.dev0 Size: 217KB - Virtual size: 7.3MB

.dev1 Size: 2.4MB - Virtual size: 2.7MB

.dev2 Size: 348KB - Virtual size: 348KB

7c4cb3748362c1303ea20f10e7b5e159

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

binkw32

winmm

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 116KB - Virtual size: 4.5MB

.shad Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 16KB - Virtual size: 14KB

.bind Size: 4KB - Virtual size: 4KB

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 75KB - Virtual size: 76KB

.data
Size: 4.5MB - Virtual size: 4.5MB

.shad
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 14KB - Virtual size: 16KB

credo
Size: 4.3MB - Virtual size: 4.3MB

absurdum
Size: 47KB - Virtual size: 48KB

quia
Size: 2.1MB - Virtual size: 2.1MB

.dev0
Size: 217KB - Virtual size: 7.3MB

.dev1
Size: 2.4MB - Virtual size: 2.7MB

.dev2
Size: 348KB - Virtual size: 348KB

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 116KB - Virtual size: 4.5MB

.shad
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 16KB - Virtual size: 14KB

.bind
Size: 4KB - Virtual size: 4KB