2024-06-07_2313ae5860c890d6c01c33f69e7cf996_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-07_2313ae5860c890d6c01c33f69e7cf996_ryuk
Size

9.5MB
MD5

2313ae5860c890d6c01c33f69e7cf996
SHA1

2e6f049a1b31283c813b580346ebdc3cc0843264
SHA256

04ffdc889be71e62fe5f193e02c7178f504ac041a79164d2deb738b3c3939b9e
SHA512

d077c9a3e74f7aa0855ada54ad1b9bcd18a11a404a6adccb8931a1be18f76d51ab98d36fac6f5a0fee92a947d932a8ec601dac3d0a543cd763d62a63b924fcd3
SSDEEP

98304:K9ipDX1Dro6DwokteODsbhXAUTlKNmfThPIe1MLVbs:KGXRrLxkNDIhXAWThPIe1MLVbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_2313ae5860c890d6c01c33f69e7cf996_ryuk

Files

2024-06-07_2313ae5860c890d6c01c33f69e7cf996_ryuk
.exe windows:6 windows x64 arch:x64

d08e4f839d530a333cc03e5e3899657d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\w\vt2-stingray\vt2\release\chaos_wastes_2024_04_11\engine\win64_dx12\release\vermintide2_dx12.pdb

Imports

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeEndPeriod

dinput8

DirectInput8Create

xinput9_1_0

XInputSetState
XInputGetState

physxcooking_64

PxCreateCooking

physx_64

??0PxArticulationReducedCoordinateGeneratedInfo@physx@@QEAA@XZ
??0PxShapeGeneratedInfo@physx@@QEAA@XZ
??0PxBoxGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxHeightFieldGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationGeneratedInfo@physx@@QEAA@XZ
??0PxTriangleMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxAggregateGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationJointGeneratedInfo@physx@@QEAA@XZ
PxRegisterPhysicsSerializers
PxUnregisterPhysicsSerializers
PxGetPhysicsBinaryMetaData
??0PxHeightFieldDescGeneratedInfo@physx@@QEAA@XZ
??0PxPlaneGeometryGeneratedInfo@physx@@QEAA@XZ
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxHeightFieldGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxTriangleMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxConvexMeshGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxPlaneGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxCapsuleGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxSphereGeometry@2@@Z
?getGeometry@PxShapeGeometryPropertyHelper@physx@@QEBA_NPEBVPxShape@2@AEAVPxBoxGeometry@2@@Z
??0PxRigidStaticGeneratedInfo@physx@@QEAA@XZ
??0PxMaterialGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationJointReducedCoordinateGeneratedInfo@physx@@QEAA@XZ
??0PxMeshScaleGeneratedInfo@physx@@QEAA@XZ
??0PxConvexMeshGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxArticulationLinkGeneratedInfo@physx@@QEAA@XZ
??0PxRigidDynamicGeneratedInfo@physx@@QEAA@XZ
??0PxCapsuleGeometryGeneratedInfo@physx@@QEAA@XZ
??0PxSphereGeometryGeneratedInfo@physx@@QEAA@XZ
PxAddCollectionToPhysics
PxGetPhysics
PxRegisterHeightFields
PxCreateBasePhysics

physxcommon_64

?getTriangle@PxMeshQuery@physx@@SAXAEBVPxHeightFieldGeometry@2@AEBVPxTransform@2@IAEAVPxTriangle@2@PEAI3@Z
?sweep@PxMeshQuery@physx@@SA_NAEBVPxVec3@2@MAEBVPxGeometry@2@AEBVPxTransform@2@IPEBVPxTriangle@2@AEAUPxSweepHit@2@V?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@PEBIM_N@Z
?PxTransformFromSegment@physx@@YA?AVPxTransform@1@AEBVPxVec3@1@0PEAM@Z
?computePenetration@PxGeometryQuery@physx@@SA_NAEAVPxVec3@2@AEAMAEBVPxGeometry@2@AEBVPxTransform@2@23@Z
?getTriangle@PxMeshQuery@physx@@SAXAEBVPxTriangleMeshGeometry@2@AEBVPxTransform@2@IAEAVPxTriangle@2@PEAI3@Z
?PxCreateCollection@@YAPEAVPxCollection@physx@@XZ
?findOverlapHeightField@PxMeshQuery@physx@@SAIAEBVPxGeometry@2@AEBVPxTransform@2@AEBVPxHeightFieldGeometry@2@1PEAIIIAEA_N@Z
?findOverlapTriangleMesh@PxMeshQuery@physx@@SAIAEBVPxGeometry@2@AEBVPxTransform@2@AEBVPxTriangleMeshGeometry@2@1PEAIIIAEA_N@Z
?raycast@PxGeometryQuery@physx@@SAIAEBVPxVec3@2@0AEBVPxGeometry@2@AEBVPxTransform@2@MV?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@IPEIAUPxRaycastHit@2@@Z
?distanceSegmentSegmentSquared@Gu@physx@@YAMAEBVPxVec3@2@000PEAM1@Z
?sweep@PxGeometryQuery@physx@@SA_NAEBVPxVec3@2@MAEBVPxGeometry@2@AEBVPxTransform@2@12AEAUPxSweepHit@2@V?$PxFlags@W4Enum@PxHitFlag@physx@@G@2@M@Z

physxfoundation_64

??0ThreadImpl@shdfnd@physx@@QEAA@XZ
?wait@SyncImpl@shdfnd@physx@@QEAA_NI@Z
?quit@ThreadImpl@shdfnd@physx@@QEAAXXZ
?getSize@ThreadImpl@shdfnd@physx@@SAIXZ
??1ThreadImpl@shdfnd@physx@@QEAA@XZ
?setAffinityMask@ThreadImpl@shdfnd@physx@@QEAAII@Z
?setName@ThreadImpl@shdfnd@physx@@QEAAXPEBD@Z
?snprintf@shdfnd@physx@@YAHPEAD_KPEBDZZ
??0SyncImpl@shdfnd@physx@@QEAA@XZ
?signalQuit@ThreadImpl@shdfnd@physx@@QEAAXXZ
?incRefCount@Foundation@shdfnd@physx@@SAXXZ
?waitForQuit@ThreadImpl@shdfnd@physx@@QEAA_NXZ
?quitIsSignalled@ThreadImpl@shdfnd@physx@@QEAA_NXZ
?decRefCount@Foundation@shdfnd@physx@@SAXXZ
?stricmp@shdfnd@physx@@YAHPEBD0@Z
PxGetFoundation
?PxDiagonalize@physx@@YA?AVPxVec3@1@AEBVPxMat33@1@AEAVPxQuat@1@@Z
?getAllocator@shdfnd@physx@@YAAEAVPxAllocatorCallback@2@XZ
?getInstance@Foundation@shdfnd@physx@@SAAEAV123@XZ
?error@Foundation@shdfnd@physx@@QEAAXW4Enum@PxErrorCode@3@PEBDH1ZZ
PxCreateFoundation
PxSetProfilerCallback
??1SyncImpl@shdfnd@physx@@QEAA@XZ
?set@SyncImpl@shdfnd@physx@@QEAAXXZ
?reset@SyncImpl@shdfnd@physx@@QEAAXXZ
?getSize@SyncImpl@shdfnd@physx@@SAIXZ
??0SListImpl@shdfnd@physx@@QEAA@XZ
??1SListImpl@shdfnd@physx@@QEAA@XZ
?push@SListImpl@shdfnd@physx@@QEAAXPEAVSListEntry@23@@Z
?pop@SListImpl@shdfnd@physx@@QEAAPEAVSListEntry@23@XZ
?getSize@SListImpl@shdfnd@physx@@SAIXZ
?getDefaultStackSize@ThreadImpl@shdfnd@physx@@SAIXZ
?getId@ThreadImpl@shdfnd@physx@@SA_KXZ
?start@ThreadImpl@shdfnd@physx@@QEAAXIPEAVRunnable@23@@Z

lua51

lua_concat
luaL_checkinteger
luaL_newstate
luaL_ref
lua_createtable
lua_tocfunction
luaL_openlib
lua_gethook
lua_pushthread
lua_xmove
lua_newuserdata
luaL_optnumber
lua_newstate
lua_tonumber
lua_pushboolean
lua_isuserdata
lua_tointeger
lua_tolstring
lua_isstring
lua_topointer
lua_objlen
lua_gethookmask
lua_atpanic
lua_call
lua_pushfstring
lua_touserdata
lua_equal
lua_next
luaL_error
luaL_callmeta
lua_setfield
lua_gettable
luaL_checktype
lua_pushlightuserdata
lua_pushvfstring
lua_getfenv
lua_type
lua_rawequal
lua_settable
luaL_checkany
luaL_checklstring
lua_pushnil
lua_resume
lua_replace
luaL_argerror
lua_pushvalue
luaL_newmetatable
luaL_openlibs
luaL_loadbuffer
lua_settop
luaL_checkoption
lua_insert
lua_yield
lua_setmetatable
lua_rawseti
luaL_register
lua_setfenv
lua_getlocal
luaL_loadfile
lua_toboolean
lua_getinfo
luaL_gsub
lua_pcall
lua_gc
lua_typename
luaL_typerror
lua_getupvalue
luaL_optlstring
lua_getfield
lua_gethookcount
lua_iscfunction
lua_rawset
lua_close
lua_getmetatable
luaL_findtable
lua_dump
lua_pushlstring
lua_setupvalue
luaL_loadstring
lua_isnumber
luaopen_jit
luaopen_ffi
luaopen_bit
luaL_where
lua_pushinteger
lua_pushcclosure
lua_setlocal
lua_sethook
lua_rawgeti
luaL_checkudata
lua_pushstring
lua_newthread
lua_remove
lua_lessthan
luaL_optinteger
luaL_checkstack
luaL_unref
lua_getstack
lua_error
lua_load
luaL_checknumber
lua_pushnumber
lua_tothread
lua_checkstack
lua_gettop
luaL_getmetafield
lua_cpcall
lua_status
lua_rawget

steam_api64

SteamAPI_RestartAppIfNecessary
SteamAPI_UnregisterCallback
SteamInternal_FindOrCreateGameServerInterface
SteamAPI_RegisterCallback
SteamGameServer_GetHSteamUser
SteamAPI_Shutdown
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamInternal_CreateInterface
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamInternal_ContextInit
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface

crypt32

CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject

wldap32

ord33
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord35
ord79
ord30
ord200
ord301
ord32

amd_ags_x64

agsDriverExtensionsDX12_DestroyDevice
agsInitialize
agsDeInitialize
agsDriverExtensionsDX12_PopMarker
agsDriverExtensionsDX12_PushMarker
agsDriverExtensionsDX12_CreateDevice

hid

HidD_GetSerialNumberString
HidP_GetCaps
HidP_GetValueCaps
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetManufacturerString
HidD_GetProductString

kernel32

TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
InitializeSListHead
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InterlockedPushEntrySList
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
CreateEventW
GetOverlappedResultEx
CancelIo
GetOverlappedResult
VerifyVersionInfoW
MultiByteToWideChar
CreateFileA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
GetFileType
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
GetTickCount64
SleepEx
InitializeCriticalSectionEx
InitializeCriticalSection
RtlCaptureContext
WaitForSingleObjectEx
GetTickCount
LoadLibraryA
SetFilePointerEx
WriteFile
ReadFile
VirtualQuery
FormatMessageW
GetLargePageMinimum
VirtualAlloc
VirtualFree
GetThreadContext
K32GetProcessMemoryInfo
GlobalUnlock
GlobalLock
CreateEventA
ResetEvent
SetEvent
TerminateThread
GetThreadId
CreateThread
RaiseException
GetCurrentThread
SetThreadPriority
SetThreadAffinityMask
OpenThread
ResumeThread
SuspendThread
GetSystemTime
SetConsoleTitleW
AllocConsole
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
WriteConsoleW
FreeConsole
ReadConsoleInputW
AttachConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
MoveFileW
DeleteFileW
GetFileAttributesExW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
FindClose
GetTempPathW
RemoveDirectoryW
DeviceIoControl
FindNextFileW
FindFirstFileExW
GetFileSizeEx
FindFirstFileW
CreateDirectoryW
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
GetCurrentDirectoryW
K32GetModuleInformation
GetModuleHandleExA
RtlCaptureStackBackTrace
GetEnvironmentVariableW
RtlLookupFunctionEntry
EnterCriticalSection
RemoveVectoredExceptionHandler
GetCurrentProcessId
SetFileInformationByHandle
GetFileAttributesW
CreateFileW
GetProcessId
FormatMessageA
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
SwitchToThread
WideCharToMultiByte
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GlobalMemoryStatusEx
GetProcAddress
GetVersionExA
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
SetPriorityClass
IsDebuggerPresent
lstrcmpW
SetThreadExecutionState
DeleteCriticalSection
LocalFree
CloseHandle
GetLastError
Sleep
GetCommandLineA
SetCurrentDirectoryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
SetEndOfFile
HeapSize
CreateEventExA
GlobalAlloc
GetModuleFileNameA
GetCommandLineW
GetCurrentProcess
OutputDebugStringA
SetErrorMode
GetModuleHandleA

user32

LoadCursorA
SetWindowPos
DestroyWindow
GetWindowRect
PostMessageA
GetFocus
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
WindowFromPoint
ScreenToClient
AdjustWindowRectEx
ReleaseCapture
SetCapture
GetCapture
BringWindowToTop
IsChild
RegisterClassExW
UnregisterClassW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
FillRect
GetWindowTextLengthW
DefWindowProcW
GetSystemMetrics
InvalidateRect
ShowWindow
GetWindowPlacement
GetClientRect
SetWindowLongW
SetLayeredWindowAttributes
ClientToScreen
GetWindowLongW
FlashWindowEx
ReleaseDC
CreateIconIndirect
DestroyCursor
GetDC
GetAsyncKeyState
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
MessageBoxA
GetWindowTextW
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
IsIconic
ShowCursor
SetForegroundWindow
UpdateWindow
PtInRect
SetWindowLongPtrA
GetParent
GetDesktopWindow
GetWindowLongPtrA
PeekMessageA
SystemParametersInfoA
SetCursor
ClipCursor
TranslateMessage
RegisterRawInputDevices
SetFocus
DefWindowProcA
AdjustWindowRect
GetForegroundWindow
GetRawInputData
RegisterClassW
SetClassLongPtrA
SetWindowsHookExA
GetCursorInfo
IsWindow
SetWindowTextW
CallNextHookEx
CreateWindowExW
DispatchMessageA

gdi32

CreateBitmap
GetDeviceCaps
CreateDIBSection
DeleteObject
GetStockObject

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateGuid
CoInitializeEx
CoUninitialize

advapi32

CryptAcquireContextA
RegCloseKey
RegGetValueA
RegQueryInfoKeyA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
LsaAddAccountRights
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
LookupPrivilegeValueA
LsaOpenPolicy
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
CryptReleaseContext

netapi32

NetWkstaGetInfo
NetApiBufferFree

vcomp140

omp_get_thread_num

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW

ws2_32

bind
accept
WSAStartup
WSACleanup
WSAPoll
shutdown
closesocket
__WSAFDIsSet
select
WSASetLastError
WSAIoctl
freeaddrinfo
gethostname
ntohl
listen
getaddrinfo
getpeername
getsockname
send
socket
ntohs
connect
recvfrom
recv
getsockopt
htonl
htons
sendto
setsockopt
gethostbyname
WSAGetLastError
ioctlsocket

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmNotifyIME

iphlpapi

GetAdaptersAddresses

dbghelp

SymSetOptions
StackWalk64
EnumerateLoadedModules64
SymGetLineFromAddrW64
SymInitializeW
SymFunctionTableAccess64
SymFromAddrW
SymSetSearchPathW
UnDecorateSymbolNameW
SymLoadModuleEx
SymGetModuleBase64
SymCleanup
ImageDirectoryEntryToDataEx
SymGetModuleInfoW64

sl.interposer

slGetNewFrameToken
CreateDXGIFactory
D3D11CreateDevice
slGetFeatureFunction
CreateDXGIFactory1
D3D12CreateDevice
slInit
D3D12GetDebugInterface
slShutdown
slSetConstants
slEvaluateFeature
slSetTag
slFreeResources
D3D12SerializeRootSignature
slSetD3DDevice
slIsFeatureSupported
slUpgradeInterface

bcrypt

BCryptGenerateSymmetricKey
BCryptCreateHash
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptDeriveKeyPBKDF2

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
ffxFsr2ContextCreate
ffxFsr2ContextDestroy
ffxFsr2ContextDispatch
ffxFsr2ContextGenerateReactiveMask
ffxFsr2GetInterfaceDX12
ffxFsr2GetJitterOffset
ffxFsr2GetJitterPhaseCount
ffxFsr2GetRenderResolutionFromQualityMode
ffxFsr2GetScratchMemorySizeDX12
ffxFsr2GetUpscaleRatioFromQualityMode
ffxFsr2ResourceIsNull
ffxGetCommandListDX12
ffxGetDX12ResourcePtr
ffxGetDeviceDX12
ffxGetResourceDX12

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d08e4f839d530a333cc03e5e3899657d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

dinput8

xinput9_1_0

physxcooking_64

physx_64

physxcommon_64

physxfoundation_64

lua51

steam_api64

crypt32

wldap32

amd_ags_x64

hid

kernel32

user32

gdi32

shell32

ole32

advapi32

netapi32

vcomp140

setupapi

ws2_32

imm32

iphlpapi

dbghelp

sl.interposer

bcrypt

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 59KB - Virtual size: 12.0MB

.pdata Size: 265KB - Virtual size: 264KB

.rodata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 324B

.tls Size: 1024B - Virtual size: 657B

.gehcont Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 59KB - Virtual size: 12.0MB

.pdata
Size: 265KB - Virtual size: 264KB

.rodata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 324B

.tls
Size: 1024B - Virtual size: 657B

.gehcont
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 23KB