BoneTown[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

BoneTown.exe
Size

3.9MB
MD5

34fff210742cb66432cc257e56f7d4c4
SHA1

2f5e4115b91a10e54ee0e97ee4e2b4ae39dbffa2
SHA256

3b1ab126e3e909f89b443e70f8dce91e2d539d7de608c2c59e3afdcbf6ebe5be
SHA512

bc9d086c80e6257764ecb954bbcc5a9f80505891ca8e8343b129cf6e9b363b5ebacc8c49a1e8a586cab0fecff3f564bcf6b3951e285f4204be13293ab61d2721
SSDEEP

49152:zr4SytrQeuDqcpMtppwN3bmA/LQBc1r0FfayRfZJjp9MZR+o3lLBx1md2nj1wRSX:zESFoermCTiT7GRPLpHwR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BoneTown.exe

Files

BoneTown.exe
.exe windows:6 windows x64 arch:x64

7628a738dfd2e07e103d470782451eea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Steam\BoneTown\BoneTown\BoneTown_Shipping64.pdb

Imports

user32

SetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
ToAscii
OpenClipboard
ClipCursor
GetCursorPos
SetCursorPos
AdjustWindowRectEx
DestroyIcon
MessageBoxW
LoadIconW
CloseClipboard
GetDesktopWindow
UpdateWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
SendMessageW
GetClipboardData
MapVirtualKeyW
SetForegroundWindow
DefWindowProcW
RegisterClassW
PostQuitMessage
TranslateMessage
DispatchMessageW
PeekMessageW
GetKeyState
SetCapture
ReleaseCapture
GetSystemMetrics
GetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
ShowCursor

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

GetDeviceCaps
GetTextMetricsW
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32W
GetGlyphOutlineW
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW

winmm

mixerOpen
mixerGetNumDevs
auxGetVolume
auxSetVolume
auxGetDevCapsW
auxGetNumDevs
mciGetErrorStringW
mciSendCommandW
mixerGetLineInfoW
mixerClose
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails

ws2_32

WSACleanup
WSAStartup
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSAGetLastError
WSAAsyncSelect
accept
bind
closesocket
connect
ioctlsocket
htonl
htons
inet_addr
listen
ntohs
recv
recvfrom
send
sendto
setsockopt
socket
gethostbyname

ole32

PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize

shell32

ShellExecuteW

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DReflect

fmod64

FSOUND_Stream_Stop
FSOUND_GetCurrentPosition
FSOUND_GetPaused
FSOUND_IsPlaying
FSOUND_3D_SetMinMaxDistance
FSOUND_3D_SetAttributes
FSOUND_SetCurrentPosition
FSOUND_SetMinHardwareChannels
FSOUND_SetMaxHardwareChannels
FSOUND_Init
FSOUND_Stream_SetTime
FSOUND_Stream_GetTime
FSOUND_Stream_SetLoopCount
FSOUND_Stream_Open
FSOUND_Sample_Free
FSOUND_Close
FSOUND_Sample_GetLength
FSOUND_Update
FSOUND_GetError
FSOUND_Sample_GetDefaults
FSOUND_GetVersion
FSOUND_Stream_GetLengthMs
FSOUND_SetPaused
FSOUND_GetNumHWChannels
FSOUND_PlaySoundEx
FSOUND_StopSound
FSOUND_SetVolume
FSOUND_SetFrequency
FSOUND_Stream_Close
FSOUND_Sample_Load
FSOUND_Stream_PlayEx
FSOUND_3D_Listener_SetAttributes
FSOUND_SetLoopMode

steam_api64

SteamAPI_RegisterCallback
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_GetHSteamUser
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks

kernel32

InitOnceExecuteOnce
GetCurrentProcessId
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
CreateSemaphoreW
ReleaseSemaphore
GetLogicalDriveStringsW
GetDriveTypeW
ExitProcess
Sleep
DebugBreak
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
CopyFileW
GetLastError
SetFilePointer
GetFileSize
FindNextFileW
FindFirstFileW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
ReadFile
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
LoadLibraryW
GetProcAddress
FreeLibrary
ReadConsoleInputW
GetNumberOfConsoleInputEvents
AllocConsole
SetConsoleTitleW
WriteFile
FlushFileBuffers
GetStdHandle
GetModuleHandleW
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameW
WaitForSingleObject
CloseHandle
CreateFileW
OutputDebugStringW
IsDebuggerPresent
GetEnvironmentVariableW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

__CxxFrameHandler3
__std_terminate
__RTDynamicCast
_purecall
strstr
memcpy
memset
_CxxThrowException
memcmp
__std_exception_copy
__std_exception_destroy
memmove
strchr
strrchr
longjmp
__C_specific_handler
__intrinsic_setjmp

api-ms-win-crt-math-l1-1-0

log
acos
asin
fmod
pow
tan
lroundf
atan2
__setusermatherr
ceil
floor
sqrt
ceilf
floorf
powf
sin
cos

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf
_fileno
fread
__stdio_common_vsprintf
fflush
__stdio_common_vsscanf
fwrite

api-ms-win-crt-runtime-l1-1-0

_errno
_crt_atexit
exit
_configure_narrow_argv
_initialize_narrow_environment
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
_register_onexit_function
terminate
_beginthread
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_free
_aligned_malloc
free
_set_new_mode
calloc
realloc
_callnewh

api-ms-win-crt-string-l1-1-0

_strnicmp
_strupr
strtok
strncpy
strncmp
strcspn
isspace
_stricmp
isdigit
isalnum
isalpha
_strlwr

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof
strtod
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7628a738dfd2e07e103d470782451eea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

gdi32

winmm

ws2_32

ole32

shell32

dxgi

d3d11

d3dcompiler_47

fmod64

steam_api64

kernel32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 855KB - Virtual size: 854KB

.data Size: 201KB - Virtual size: 3.8MB

.pdata Size: 151KB - Virtual size: 150KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 855KB - Virtual size: 854KB

.data
Size: 201KB - Virtual size: 3.8MB

.pdata
Size: 151KB - Virtual size: 150KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 41KB - Virtual size: 41KB