MaxPayne3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MaxPayne3.exe
Size

21.5MB
MD5

e2e81048e9cb183ea7094b84af234958
SHA1

f3423def3532fc13bf0f817bad961eb0b1e9cebe
SHA256

0eae9300c56dfffb6df9bf3db30214cd5da093e138dfca436bd103fdbe3f07d8
SHA512

ec70acd3f5915f4cf4d2478a62e8abfe6605cfb8a1da4f971eb8e669650dc7aa7993633b6abaf41c5904a9740ebf1253b9d27841ab14b596e252227d984e8aef
SSDEEP

196608:NwpFxT2u1MJvbQn8LQbKIePxSMEHXpw7MoSvhbliS9QjhAGhNCK1RCrZV5rfuQBW:i2u1GaIQjeAHXRuS9HGhNB1RCr/5rb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MaxPayne3.exe

Files

MaxPayne3.exe
.exe windows:5 windows x86 arch:x86

6ac1e2f7faa23478979aab0c9560d53b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\payne\build\finalpc_update\MaxPayne3.pdb

Imports

binkw32

_BinkDoFrameAsyncWait@8
_BinkGetError@0
_BinkDoFrameAsync@12
_BinkShouldSkip@4
_BinkNextFrame@4
_BinkDoFrame@4
_BinkGoto@12
_BinkGetKeyFrame@12
_BinkClose@4
_BinkRegisterFrameBuffers@8
_BinkGetFrameBuffersInfo@8
_BinkOpen@8
_BinkSetIOSize@4
_BinkPause@8
_BinkWait@4
_BinkSetSpeakerVolumes@20
_BinkGetRealtime@12
_BinkControlBackgroundIO@8
_BinkSetVolume@12
_BinkSetFrameRate@8
_BinkFreeGlobals@0
_BinkOpenXAudio2@4
_BinkSetSoundSystem@8
_BinkRequestStopAsyncThread@4
_BinkWaitStopAsyncThread@4
_BinkSetSoundTrack@8
_BinkSetMemory@8
_BinkStartAsyncThread@8

steam_api

SteamAPI_Init
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamUserStats
SteamUtils
SteamAPI_RegisterCallback
SteamFriends
SteamApps
SteamUser

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

rpcrt4

UuidCreateSequential

dsound

ord1
ord8
ord6
ord9
ord3

psapi

GetPerformanceInfo

ws2_32

htons
ntohs
WSAGetLastError
send
recv
ioctlsocket
closesocket
gethostbyname
inet_addr
connect
socket
listen
bind
accept
getsockname
WSACleanup
WSAStartup
__WSAFDIsSet
select
setsockopt
sendto
recvfrom
ntohl
shutdown
htonl
gethostname

d3dcompiler_43

D3DReflect

imm32

ImmAssociateContext

dinput8

DirectInput8Create

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
RtlUnwind
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
RaiseException
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapCreate
GetEnvironmentStringsW
CompareStringA
GetEnvironmentStrings
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetModuleHandleExA
FreeEnvironmentStringsA
HeapSize
GetFileType
SetHandleCount
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
GetSystemTimeAsFileTime
GetFullPathNameA
GetDriveTypeA
GetStartupInfoA
GetModuleHandleW
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
EnterCriticalSection
SetErrorMode
ResetEvent
FreeEnvironmentStringsW
GetTickCount
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetCommandLineA
GetDiskFreeSpaceExA
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersionExA
GetUserDefaultUILanguage
WideCharToMultiByte
GlobalMemoryStatusEx
GetNativeSystemInfo
CreateDirectoryA
SwitchToThread
InterlockedExchangeAdd
InterlockedExchange
FoldStringW
CloseHandle
SetThreadPriority
GetThreadPriority
OpenThread
GetProcessAffinityMask
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
QueryPerformanceFrequency
WaitForMultipleObjects
CreateEventA
Sleep
OpenFile
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
VirtualQueryEx
OpenProcess
GetCurrentProcessId
ExitProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
CreateMutexA
ReleaseMutex
GetSystemInfo
ResumeThread
ExitThread
GetCurrentThread
GetCurrentThreadId
CreateThread
QueryPerformanceCounter
GetModuleHandleA
SetEvent
InterlockedCompareExchange
WriteFile
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
LocalFree
FormatMessageA
SetFilePointer
SetFilePointerEx
ReadFile
GetFileSizeEx
SetFileTime
GetFileAttributesA
SetFileAttributesA
FindNextFileA
GetModuleFileNameW
MoveFileA
RemoveDirectoryA
LoadLibraryW
SetThreadExecutionState
GetVersion
OutputDebugStringA
LoadLibraryExA
CreateProcessA
GetOverlappedResult
InitializeCriticalSection

user32

GetClientRect
GetCursorPos
GetWindowRect
ClipCursor
ShowCursor
EnumDisplayDevicesA
MessageBoxA
SetFocus
UpdateWindow
CreateWindowExA
AdjustWindowRect
SetRect
ReleaseDC
DefWindowProcA
ShowWindow
MessageBoxW
GetForegroundWindow
GetDesktopWindow
GetKeyboardState
GetKeyState
GetGUIThreadInfo
GetDC
RegisterClassA
LoadCursorA
LoadIconA
TranslateMessage
PeekMessageA
DispatchMessageA
PostMessageA
IsWindowVisible
GetWindowLongA
GetWindowPlacement
GetMonitorInfoA
SetWindowPos
CharLowerBuffA
SendMessageA
IsWindowUnicode
DefWindowProcW
ReleaseCapture
SetCapture
SetForegroundWindow
GetParent
GetSystemMetrics
DestroyWindow
UnregisterClassA
MapWindowPoints
SetWindowLongA
SystemParametersInfoA
ToUnicodeEx
MapVirtualKeyExA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
GetKeyboardLayout
GetKeyboardType
GetWindowThreadProcessId
SetWindowPlacement

gdi32

DeleteDC
GetDeviceCaps
GetStockObject
ExtEscape
CreateDCA

advapi32

RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoInitialize
CoSetProxyBlanket

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantInit

Sections

.rld0
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rld1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld2
Size: 4.0MB - Virtual size: 271.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld3
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rld4
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gsrld
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ac1e2f7faa23478979aab0c9560d53b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

binkw32

steam_api

version

winmm

rpcrt4

dsound

psapi

ws2_32

d3dcompiler_43

imm32

dinput8

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.rld0 Size: 13.6MB - Virtual size: 13.6MB

.rld1 Size: 2.1MB - Virtual size: 2.1MB

.rld2 Size: 4.0MB - Virtual size: 271.1MB

.rld3 Size: 28KB - Virtual size: 27KB

.rsrc Size: 205KB - Virtual size: 204KB

.rld4 Size: 1.6MB - Virtual size: 1.6MB

.gsrld Size: 1024B - Virtual size: 722B

.rld0
Size: 13.6MB - Virtual size: 13.6MB

.rld1
Size: 2.1MB - Virtual size: 2.1MB

.rld2
Size: 4.0MB - Virtual size: 271.1MB

.rld3
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 205KB - Virtual size: 204KB

.rld4
Size: 1.6MB - Virtual size: 1.6MB

.gsrld
Size: 1024B - Virtual size: 722B