Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Static task
static1
1 signatures
General
-
Target
BeamNG.drive.exe
-
Size
1.4MB
-
MD5
3d3aec622e978c9daee686366f8db68a
-
SHA1
33a2cd4ae742f0d02259a9ec00ce76a74403cb8d
-
SHA256
f799fea13926779023c82872bed23da7122694c6fc24914669d46a50029a317c
-
SHA512
34105c1501fd4807c228c9a30b9fd7ed459a870a9a712714698206e27089ec34be39997839bf0d032ca4572b47192a45ec19643d31cb2e51d928f4776f43bcc8
-
SSDEEP
24576:MPdhkk+3SCN518yj7zk8yLlZLX8nHHgUUpW1oO3Hl9xamcjietVV52/7U3U:0B0gq/kTp8ngvpW1J3FDSj14/n
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource BeamNG.drive.exe unpack001/$PLUGINSDIR/System.dll
Files
-
BeamNG.drive.exe.exe windows:4 windows x86 arch:x86
9dda1a1d1f8a1d13ae0297b47046b26e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
shell32
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
ole32
CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree
comctl32
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create
user32
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics
gdi32
GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
kernel32
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 76KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
509a34b3a68a773e0afb4259e68f9f82
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfW
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 662B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/temp_cleanup.ico
-
$TEMP/tidy.bat
-
$_4_/BeamNG.drive.exe.exe windows:6 windows x86 arch:x86
fb57bb63077ebe3c2df9990962836577
Code Sign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2013, 12:00Not After15/01/2038, 12:00SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
04:2f:8f:ea:75:6d:57:f1:ed:82:8b:17:ab:70:72:97Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before08/03/2024, 00:00Not After11/04/2027, 23:59SubjectSERIALNUMBER=HRB 29264 HB,CN=BeamNG GmbH,O=BeamNG GmbH,L=Bremen,ST=Bremen,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13064272656d656e,1.3.6.1.4.1.311.60.2.1.2=#13064272656d656e,1.3.6.1.4.1.311.60.2.1.3=#13024445Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2a:71:5a:47:3e:b0:9c:ba:70:de:f4:53:ab:3f:6d:51:1a:28:4b:b7:f4:bd:7b:dd:c3:cd:e1:e9:49:19:3c:4dSigner
Actual PE Digest2a:71:5a:47:3e:b0:9c:ba:70:de:f4:53:ab:3f:6d:51:1a:28:4b:b7:f4:bd:7b:dd:c3:cd:e1:e9:49:19:3c:4dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\jenkins\workspace\gameengine\build\game\branches\0.32.x\BeamNG.drive.pdb
Imports
powrprof
PowerGetActiveScheme
PowerSetActiveScheme
shlwapi
PathFileExistsW
PathIsDirectoryEmptyW
bcrypt
BCryptGenRandom
ws2_32
listen
shutdown
gethostname
ioctlsocket
getpeername
recvfrom
bind
getaddrinfo
recv
freeaddrinfo
htonl
getsockname
connect
accept
select
__WSAFDIsSet
WSAIoctl
setsockopt
inet_pton
inet_ntop
WSASetLastError
ntohs
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
WSAGetLastError
WSACleanup
WSAStartup
socket
sendto
htons
closesocket
advapi32
RegDeleteValueW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
RegGetValueW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
crypt32
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CryptStringToBinaryA
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateContext
kernel32
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
SetEnvironmentVariableW
GetDriveTypeW
TzSpecificLocalTimeToSystemTime
SetStdHandle
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
CloseHandle
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
GetCommandLineA
GetCommandLineW
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
SetErrorMode
LocalFree
GetModuleHandleW
VerSetConditionMask
GetStdHandle
CreateFileW
WriteFile
DuplicateHandle
GetLastError
WaitNamedPipeW
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
OpenProcess
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
FormatMessageW
VerifyVersionInfoW
AllocConsole
FreeConsole
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FlushFileBuffers
GetFileSize
ReadFile
SetFilePointerEx
InitializeCriticalSectionEx
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
MultiByteToWideChar
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetACP
GetLocaleInfoEx
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
GetVersionExW
GetTempPathW
DecodePointer
RaiseException
DeleteCriticalSection
GetOverlappedResult
CancelIo
CreateEventW
ReadDirectoryChangesW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
SetLastError
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
CreateFileA
GetFileSizeEx
WriteConsoleW
DeleteFileW
FindFirstFileExW
FreeEnvironmentStringsW
RemoveDirectoryW
SetFilePointer
InitializeCriticalSection
CreateThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetProcessHeap
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
HeapReAlloc
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
InitOnceExecuteOnce
SetConsoleMode
ReleaseMutex
CreateMutexA
VirtualAlloc
VirtualFree
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
LocalAlloc
GetSystemDirectoryW
LoadLibraryExW
lstrcmpW
ExpandEnvironmentStringsW
LCMapStringEx
GetCPInfo
CompareStringEx
EncodePointer
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
GetExitCodeThread
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
DeviceIoControl
GetOEMCP
GetEnvironmentStringsW
GetUserPreferredUILanguages
GetFileAttributesExW
GetStringTypeW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFileTime
user32
PostMessageW
GetSystemMetrics
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadIconW
SendMessageW
MessageBoxA
MessageBoxW
shell32
ShellExecuteW
SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW
ole32
CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
oleaut32
SysAllocString
SysFreeString
comctl32
ord345
Exports
Exports
NvOptimusEnablement
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ