7a5a16488c3e745c1f3b72b87385fc23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7a5a16488c3e745c1f3b72b87385fc23_JaffaCakes118
Size

13.7MB
MD5

7a5a16488c3e745c1f3b72b87385fc23
SHA1

2b4434393c08de3d16202effc7e016a31c9820b8
SHA256

09de5244cba698ce85e29b0c3a702cc68b504b1764d187f5f756ac0cb02f84ee
SHA512

7622734e941caced87991a03f4b88ca28e3794ad13b2d4b32f472483415791b90364ab4d77bfcbe727748bed3d65e4e3ed32b254a7f4c86bc292ce7cb08240bd
SSDEEP

393216:IKKS4o03SeS8RDmzFrIDUL5L5lIZttHbKiwIOhV:IKE1pDmzZIILyZ/HbKaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Steamclient.dll
unpack001/buddha.dll
unpack001/steam_api.dll
unpack001/t6mp.exe
unpack001/t6sp.exe
unpack001/t6zm.exe

Files

7a5a16488c3e745c1f3b72b87385fc23_JaffaCakes118
.zip
SKIDROW.ini
Steamclient.dll
.dll windows:5 windows x86 arch:x86

9b62e5da05a71ff4e6ddc6929d06c3ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

user32

MessageBoxW

wininet

InternetOpenA
InternetCloseHandle
InternetCrackUrlA

kernel32

GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
CreateFileA
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
InterlockedCompareExchange
VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
VirtualProtectEx
WriteProcessMemory
SetLastError
GetModuleHandleA
GetProcAddress
ExitProcess
SetEnvironmentVariableA
GetModuleFileNameA
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetLastError
GetPrivateProfileStringA
GetEnvironmentVariableA
WritePrivateProfileStringA
GetVolumeInformationA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
HeapAlloc
CreateDirectoryA
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapCreate
HeapDestroy
HeapSize
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
WriteFile
GetModuleFileNameW
GetLocaleInfoW
ReadFile
CloseHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc

Exports

Exports

?_Patch@@YAHIPBXI@Z
CreateInterface
FORCE
LEADING
SKIDROW
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STMSIG
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
buddha.dll
.dll windows:4 windows x86 arch:x86

31ee44564b785ae16dbf2468803e1d68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SKIDROW

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 553B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.skr0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.skr1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changelog.txt
skidrow.nfo
steam_api.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
t6mp.exe
.exe windows:5 windows x86 arch:x86

89c00b8743d9ab236f87f36469488646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\t6\code\src\obj\t6\codmpSteam_CEG_bin\t6mp.pdb

Imports

steam_api

SteamGameServer_Shutdown
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_Init
SteamUtils
SteamApps
SteamAPI_RestartAppIfNecessary
SteamFriends
SteamUser

winmm

waveInGetNumDevs
timeEndPeriod
timeBeginPeriod
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails
mixerGetDevCapsA
mixerGetNumDevs
timeGetTime

wsock32

inet_ntoa
htonl
recv
closesocket
accept
__WSAFDIsSet
htons
socket
send
WSAGetLastError
select
shutdown
WSAStartup
gethostbyname
ioctlsocket
ntohs
recvfrom
WSACleanup
gethostname
bind
sendto
setsockopt
ntohl

faultrep

ReportFault

dxgi

CreateDXGIFactory1

dsound

ord11
ord6

kernel32

TerminateThread
GetExitCodeThread
SleepEx
FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CompareStringW
HeapQueryInformation
GetExitCodeProcess
CreatePipe
LoadLibraryW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExpandEnvironmentStringsA
CreateDirectoryA
MoveFileA
HeapAlloc
CreateFileW
InterlockedExchange
CloseHandle
GetFileInformationByHandleEx
HeapFree
CreateFileA
GetCurrentThreadId
GetTickCount
lstrlenW
GetStartupInfoW
GetModuleFileNameA
InterlockedIncrement
CreateSemaphoreA
InterlockedCompareExchange
Sleep
GetCurrentProcessId
GetModuleHandleA
GetLastError
ReleaseSemaphore
GetFileInformationByHandle
OpenFileById
GetTimeZoneInformation
GetProcessHeap
lstrcmpiW
FileTimeToSystemTime
GetProcessTimes
FindResourceW
GetFileTime
HeapSize
UnmapViewOfFile
WriteFile
GetSystemTimeAsFileTime
SetLastError
GetCurrentProcess
GetFullPathNameW
InterlockedDecrement
GetEnvironmentStringsW
GetComputerNameA
ExitProcess
GetFileAttributesA
GetConsoleWindow
SizeofResource
LoadLibraryA
GetModuleHandleExA
GetSystemTime
QueryPerformanceFrequency
VirtualQuery
GetCommandLineW
GetCurrentDirectoryW
LockResource
CreateEventA
RtlUnwind
GetFullPathNameA
SetEvent
CreateFileMappingA
MapViewOfFile
DebugBreak
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
LoadResource
GetProcAddress
lstrlenA
FreeLibrary
QueryPerformanceCounter
SetFilePointer
GetFileSize
ReadFile
RaiseException
ResetEvent
GetProcessAffinityMask
DuplicateHandle
GetCurrentThread
CreateThread
SuspendThread
ResumeThread
SetThreadPriority
InterlockedExchangeAdd
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
SetProcessAffinityMask
GetThreadPriority
OutputDebugStringA
GetDriveTypeA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
MulDiv
SetPriorityClass
SetThreadExecutionState
WideCharToMultiByte
GetSystemInfo
GetSystemDirectoryW
OpenFileMappingA
GetModuleFileNameW
GetWindowsDirectoryW
OpenEventA
HeapCreate
HeapDestroy
CreateSemaphoreW
GetModuleHandleW
OpenProcess
PulseEvent
FindClose
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
GetDriveTypeW
HeapReAlloc
ExitThread
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableW
SetEnvironmentVariableA
SetHandleCount
MultiByteToWideChar
EncodePointer
DecodePointer
ReleaseMutex
CreateMutexA
GetVersion
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
WaitForSingleObject

user32

SetWindowTextA
CallWindowProcA
PostQuitMessage
DestroyWindow
CloseWindow
LoadCursorA
RegisterClassA
LoadImageA
CreateWindowExA
SendMessageA
DefWindowProcA
RegisterWindowMessageA
AdjustWindowRect
SetWindowPos
GetSystemMetrics
LoadIconA
RegisterClassExA
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
SetCursor
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
DispatchMessageA
TranslateMessage
ShowWindow
ClientToScreen
GetCursorPos
ScreenToClient
GetForegroundWindow
SetFocus
SetCursorPos
GetActiveWindow
GetWindowRect
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
GetDC
ReleaseDC
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
MoveWindow
GetClientRect
MessageBoxA
ShowCursor
GetClassLongA
AdjustWindowRectEx
IsWindow
GetMenuItemCount
SetClassLongA
EnumDisplaySettingsA
DeleteMenu
GetMenuItemID
GetSystemMenu
GetUserObjectInformationW
GetProcessWindowStation
MapVirtualKeyA

gdi32

GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetObjectA
StretchBlt
GetBitmapBits
BitBlt
CreateDCA
GetDeviceCaps
SetDeviceGammaRamp
CreateFontA
CreateSolidBrush
DeleteDC

advapi32

CryptAcquireContextA
CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExW
CryptGenRandom
RegOpenKeyExW
SetSecurityDescriptorDacl
RegCloseKey
InitializeSecurityDescriptor

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2

oleaut32

VariantInit
VariantClear

wininet

InternetOpenA
InternetReadFile
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle

xinput1_3

ord4
ord2
ord3

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

ws2_32

getsockopt
WSASetLastError
getsockname
connect
inet_ntoa

psapi

GetProcessMemoryInfo

binkw32

_BinkNextFrame@4
_BinkControlBackgroundIO@8
_BinkGetRealtime@12
_BinkSetMemory@8
_BinkDoFrame@4
_BinkWaitStopAsyncThread@4
_BinkStartAsyncThread@8
_BinkSetSoundTrack@8
_BinkOpen@8
_BinkGetError@0
_BinkDoFrameAsyncWait@8
_BinkClose@4
_BinkGetRects@8
_BinkRequestStopAsyncThread@4
_BinkRegisterFrameBuffers@8
_BinkSetIOSize@4
_BinkPause@8
_BinkGetFrameBuffersInfo@8
_BinkDoFrameAsync@12

d3d11

D3D11CreateDeviceAndSwapChain
D3D11CreateDevice

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.conceal
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 53.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
t6sp.exe
.exe windows:5 windows x86 arch:x86

7012c8bb82baaddc12159b218b19e041

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\t6\code\src\obj\t6\codSteam_CEG_bin\t6sp.pdb

Imports

steam_api

SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_Init
SteamUtils
SteamApps
SteamFriends
SteamAPI_RestartAppIfNecessary
SteamUser

winmm

mixerGetLineControlsA
timeEndPeriod
timeBeginPeriod
mixerOpen
mixerSetControlDetails
mixerGetDevCapsA
waveInGetNumDevs
mixerGetNumDevs
timeGetTime
mixerClose
mixerGetControlDetailsA
mixerGetLineInfoA

wsock32

recv
WSAGetLastError
gethostbyname
ioctlsocket
sendto
closesocket
bind
htons
setsockopt
inet_ntoa
socket
gethostname
WSAStartup
select
recvfrom
send
__WSAFDIsSet
shutdown

faultrep

ReportFault

dxgi

CreateDXGIFactory1

dsound

ord6
ord11

kernel32

FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CompareStringW
HeapQueryInformation
GetExitCodeProcess
CreatePipe
LoadLibraryW
SetConsoleCtrlHandler
CreateDirectoryA
CreateMutexA
HeapAlloc
CreateFileW
InterlockedExchange
CloseHandle
GetFileInformationByHandleEx
HeapFree
CreateFileA
GetCurrentThreadId
GetTickCount
lstrlenW
GetStartupInfoW
GetModuleFileNameA
InterlockedIncrement
CreateSemaphoreA
InterlockedCompareExchange
Sleep
GetCurrentProcessId
GetModuleHandleA
GetLastError
ReleaseSemaphore
GetFileInformationByHandle
OpenFileById
GetTimeZoneInformation
GetProcessHeap
lstrcmpiW
FileTimeToSystemTime
GetProcessTimes
GetCurrentProcess
UnmapViewOfFile
HeapSize
SetLastError
GetFullPathNameW
GetEnvironmentStringsW
GetComputerNameA
GetModuleHandleExA
ExitProcess
GetFileAttributesA
GetConsoleWindow
SizeofResource
LoadLibraryA
GetSystemTime
WriteFile
QueryPerformanceFrequency
VirtualQuery
GetCommandLineW
GetCurrentDirectoryW
LockResource
CreateEventA
WaitForSingleObject
GetFullPathNameA
SetEvent
CreateFileMappingA
MapViewOfFile
ReleaseMutex
AddVectoredExceptionHandler
GetFileTime
LoadResource
GetProcAddress
DebugBreak
GetSystemTimeAsFileTime
FindResourceW
InterlockedDecrement
InterlockedExchangeAdd
QueryPerformanceCounter
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
CreateThread
FreeLibrary
SetFilePointer
GetFileSize
ReadFile
RaiseException
ResetEvent
GetProcessAffinityMask
DuplicateHandle
GetCurrentThread
SuspendThread
ResumeThread
SetThreadPriority
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
SetProcessAffinityMask
GetThreadPriority
OutputDebugStringA
GetDriveTypeA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
MulDiv
SetPriorityClass
SetThreadExecutionState
WideCharToMultiByte
GetSystemInfo
GetSystemDirectoryW
OpenFileMappingA
GetModuleFileNameW
GetWindowsDirectoryW
OpenEventA
HeapCreate
HeapDestroy
CreateSemaphoreW
GetModuleHandleW
OpenProcess
PulseEvent
FindClose
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
GetDriveTypeW
ExitThread
HeapReAlloc
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
DecodePointer
EncodePointer
GetVersion
FlushConsoleInputBuffer
MultiByteToWideChar
RtlUnwind
ReadConsoleInputA
SetConsoleMode
RemoveVectoredExceptionHandler
MoveFileA

user32

MoveWindow
MapVirtualKeyA
CloseWindow
SetWindowTextA
CallWindowProcA
GetMonitorInfoA
DestroyWindow
DefWindowProcA
LoadCursorA
RegisterClassA
PostQuitMessage
RegisterWindowMessageA
LoadImageA
CreateWindowExA
SendMessageA
AdjustWindowRect
SetWindowPos
GetSystemMetrics
LoadIconA
RegisterClassExA
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
DispatchMessageA
TranslateMessage
SetCursor
GetClientRect
ShowWindow
ClientToScreen
GetCursorPos
ScreenToClient
GetForegroundWindow
SetFocus
GetWindowRect
SetCursorPos
GetActiveWindow
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
GetDC
ReleaseDC
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
MessageBoxA
ShowCursor
GetClassLongA
AdjustWindowRectEx
IsWindow
GetMenuItemCount
SetClassLongA
PeekMessageA
EnumDisplaySettingsA
DeleteMenu
GetMenuItemID
GetSystemMenu
GetUserObjectInformationW
GetProcessWindowStation
MonitorFromWindow

gdi32

DeleteDC
DeleteObject
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
GetDeviceCaps
CreateFontA
SetDeviceGammaRamp

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteA
SHGetFolderPathA

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitializeEx

xinput1_3

ord4
ord3
ord2

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ws2_32

getsockname
WSASetLastError
connect
inet_ntoa
ntohs

psapi

GetProcessMemoryInfo

binkw32

_BinkSetSoundTrack@8
_BinkDoFrame@4
_BinkClose@4
_BinkStartAsyncThread@8
_BinkGetError@0
_BinkOpen@8
_BinkWaitStopAsyncThread@4
_BinkGetRealtime@12
_BinkSetMemory@8
_BinkDoFrameAsyncWait@8
_BinkGetRects@8
_BinkRequestStopAsyncThread@4
_BinkRegisterFrameBuffers@8
_BinkNextFrame@4
_BinkGetFrameBuffersInfo@8
_BinkPause@8
_BinkControlBackgroundIO@8
_BinkDoFrameAsync@12
_BinkSetIOSize@4

d3d11

D3D11CreateDeviceAndSwapChain
D3D11CreateDevice

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.conceal
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 53.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
t6zm.exe
.exe windows:5 windows x86 arch:x86

9cc79816fbafeb17de88928ebf133de0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\t6\code\src\obj\t6\codmpSteam_CEG_ZM_bin\t6zm.pdb

Imports

steam_api

SteamGameServer_Shutdown
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_Init
SteamUtils
SteamApps
SteamAPI_RestartAppIfNecessary
SteamFriends
SteamUser

winmm

waveInGetNumDevs
timeEndPeriod
timeBeginPeriod
mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails
mixerGetDevCapsA
mixerGetNumDevs
timeGetTime

wsock32

inet_ntoa
htonl
recv
closesocket
accept
__WSAFDIsSet
htons
socket
send
WSAGetLastError
select
shutdown
WSAStartup
gethostbyname
ioctlsocket
ntohs
recvfrom
WSACleanup
gethostname
bind
sendto
setsockopt
ntohl

faultrep

ReportFault

dxgi

CreateDXGIFactory1

dsound

ord11
ord6

kernel32

TerminateThread
GetExitCodeThread
SleepEx
FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CompareStringW
HeapQueryInformation
GetExitCodeProcess
CreatePipe
LoadLibraryW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExpandEnvironmentStringsA
CreateDirectoryA
MoveFileA
HeapAlloc
CreateFileW
InterlockedExchange
CloseHandle
GetFileInformationByHandleEx
HeapFree
CreateFileA
GetCurrentThreadId
GetTickCount
lstrlenW
GetStartupInfoW
GetModuleFileNameA
InterlockedIncrement
CreateSemaphoreA
InterlockedCompareExchange
Sleep
GetCurrentProcessId
GetModuleHandleA
GetLastError
ReleaseSemaphore
GetFileInformationByHandle
OpenFileById
GetTimeZoneInformation
GetProcessHeap
lstrcmpiW
FileTimeToSystemTime
GetProcessTimes
GetCurrentProcess
HeapSize
UnmapViewOfFile
WriteFile
GetSystemTimeAsFileTime
SetLastError
GetFullPathNameW
InterlockedDecrement
GetEnvironmentStringsW
GetComputerNameA
GetModuleHandleExA
ExitProcess
GetFileAttributesA
GetConsoleWindow
SizeofResource
LoadLibraryA
GetSystemTime
QueryPerformanceFrequency
VirtualQuery
GetCommandLineW
GetCurrentDirectoryW
LockResource
CreateEventA
WaitForSingleObject
GetFullPathNameA
RtlUnwind
CreateFileMappingA
MapViewOfFile
DebugBreak
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetFileTime
LoadResource
GetProcAddress
FindResourceW
lstrlenA
FreeLibrary
QueryPerformanceCounter
SetFilePointer
GetFileSize
ReadFile
RaiseException
ResetEvent
GetProcessAffinityMask
DuplicateHandle
GetCurrentThread
CreateThread
SuspendThread
ResumeThread
SetThreadPriority
InterlockedExchangeAdd
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
SetProcessAffinityMask
GetThreadPriority
OutputDebugStringA
GetDriveTypeA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
MulDiv
SetPriorityClass
SetThreadExecutionState
WideCharToMultiByte
GetSystemInfo
GetSystemDirectoryW
OpenFileMappingA
GetModuleFileNameW
GetWindowsDirectoryW
OpenEventA
HeapCreate
HeapDestroy
CreateSemaphoreW
GetModuleHandleW
OpenProcess
PulseEvent
FindClose
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
GetDriveTypeW
HeapReAlloc
ExitThread
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableW
SetEnvironmentVariableA
SetHandleCount
MultiByteToWideChar
EncodePointer
DecodePointer
ReleaseMutex
CreateMutexA
GetVersion
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
SetEvent

user32

SetWindowTextA
CallWindowProcA
PostQuitMessage
DestroyWindow
CloseWindow
LoadCursorA
RegisterClassA
LoadImageA
CreateWindowExA
SendMessageA
DefWindowProcA
RegisterWindowMessageA
AdjustWindowRect
SetWindowPos
GetSystemMetrics
LoadIconA
RegisterClassExA
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
SetCursor
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
DispatchMessageA
TranslateMessage
ShowWindow
ClientToScreen
GetCursorPos
ScreenToClient
GetForegroundWindow
SetFocus
SetCursorPos
GetActiveWindow
GetWindowRect
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
GetDC
ReleaseDC
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
MoveWindow
GetClientRect
MessageBoxA
ShowCursor
GetClassLongA
AdjustWindowRectEx
IsWindow
GetMenuItemCount
SetClassLongA
EnumDisplaySettingsA
DeleteMenu
GetMenuItemID
GetSystemMenu
GetUserObjectInformationW
GetProcessWindowStation
MapVirtualKeyA

gdi32

GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
GetObjectA
StretchBlt
GetBitmapBits
BitBlt
CreateDCA
GetDeviceCaps
SetDeviceGammaRamp
CreateFontA
CreateSolidBrush
DeleteDC

advapi32

CryptAcquireContextA
CryptReleaseContext
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExW
CryptGenRandom
RegOpenKeyExW
SetSecurityDescriptorDacl
RegCloseKey
InitializeSecurityDescriptor

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2

oleaut32

VariantInit
VariantClear

wininet

InternetOpenA
InternetReadFile
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle

xinput1_3

ord4
ord2
ord3

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

ws2_32

getsockopt
WSASetLastError
getsockname
connect
inet_ntoa

psapi

GetProcessMemoryInfo

binkw32

_BinkNextFrame@4
_BinkControlBackgroundIO@8
_BinkGetRealtime@12
_BinkSetMemory@8
_BinkDoFrame@4
_BinkWaitStopAsyncThread@4
_BinkStartAsyncThread@8
_BinkSetSoundTrack@8
_BinkOpen@8
_BinkGetError@0
_BinkDoFrameAsyncWait@8
_BinkClose@4
_BinkGetRects@8
_BinkRequestStopAsyncThread@4
_BinkRegisterFrameBuffers@8
_BinkSetIOSize@4
_BinkPause@8
_BinkGetFrameBuffersInfo@8
_BinkDoFrameAsync@12

d3d11

D3D11CreateDeviceAndSwapChain
D3D11CreateDevice

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.conceal
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 53.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b62e5da05a71ff4e6ddc6929d06c3ad

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

user32

wininet

kernel32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 68KB - Virtual size: 77KB

.STMSIG Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 26KB

31ee44564b785ae16dbf2468803e1d68

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 553B

.data Size: - Virtual size: 4KB

.skr0 Size: - Virtual size: 24KB

.skr1 Size: 59KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 228B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

89c00b8743d9ab236f87f36469488646

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

winmm

wsock32

faultrep

dxgi

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

xinput1_3

wtsapi32

ws2_32

psapi

binkw32

d3d11

Exports

Exports

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 68KB - Virtual size: 77KB

.STMSIG
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 553B

.data
Size: - Virtual size: 4KB

.skr0
Size: - Virtual size: 24KB

.skr1
Size: 59KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 228B

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.conceal
Size: 8KB - Virtual size: 8KB

.interpr
Size: 26KB - Virtual size: 25KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 3.0MB - Virtual size: 53.7MB

.tls
Size: 7KB - Virtual size: 6KB

.version
Size: 512B - Virtual size: 4B

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 256KB - Virtual size: 255KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.conceal
Size: 8KB - Virtual size: 7KB

.interpr
Size: 26KB - Virtual size: 25KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 3.0MB - Virtual size: 53.7MB

.tls
Size: 7KB - Virtual size: 6KB

.version
Size: 512B - Virtual size: 4B

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 256KB - Virtual size: 255KB