GamingRepair[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GamingRepair.exe
Size

557KB
MD5

8a4e72a29c08ae2cd13bc8ec414b8fc6
SHA1

26f8d73bc6f5ace5cec6e3652fc6410a71298498
SHA256

6513546697c3c9deb50d8dbb0cc9aa0be55487538ed482ec16b6264579de1539
SHA512

77eba566c65de1327bcacadb1483f538b4e5da67c3607398d745173ade25e987f59524a5ecf065dd5f95e26654cbb5a48dc80fae995d5d2dd63c63b2cd98fb98
SSDEEP

12288:QOGawDO1TlmkDeURScjm86djDteqR6NUcw+FyPW6yo+:QrD0TlmG7TA6FFqyo+

Score

1^/10

Malware Config

Signatures

Files

GamingRepair.exe
.exe windows:10 windows x64 arch:x64

6453adc714009f1c78b12f276c165cb8

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:fa:7e:ae:c6:d6:db:0f:ab:12:dd:d0:24:9d:c4:a1:f0:b9:cc:69:21:2e:6d:2e:3a:ba:68:e1:e8:9a:ec:59
Signer

Actual PE Digest

66:fa:7e:ae:c6:d6:db:0f:ab:12:dd:d0:24:9d:c4:a1:f0:b9:cc:69:21:2e:6d:2e:3a:ba:68:e1:e8:9a:ec:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GamingRepair.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
_crt_atexit
_register_onexit_function
terminate
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_errno
_initialize_onexit_table
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
_fseeki64
getchar
__stdio_common_vsnprintf_s
setvbuf
fsetpos
_set_fmode
__p__commode
ungetc
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fgetpos
fwrite
_setmode
_fileno
__acrt_iob_func
fgetwc
fgetc
ungetwc
__stdio_common_vswprintf_s
fputwc
fflush
fclose

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsnicmp
wcsnlen
__strncnt
islower
wcscpy_s
strncmp
strcmp
strcpy_s
_wcsicmp
_stricmp
strcspn
tolower
isspace
isupper
_wcsdup

ntdll

RtlUnwindEx
RtlLookupFunctionEntry
NtQueryMutant
RtlPcToFileHeader
RtlGetVersion
DbgPrintEx
NtQueryInformationProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateEventExW
ResetEvent
InitializeCriticalSectionEx
WaitForSingleObjectEx
DeleteCriticalSection
TryAcquireSRWLockExclusive
ReleaseMutex
SetWaitableTimer
InitializeSRWLock
SetEvent
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockShared
ReleaseSemaphore
LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
GetCurrentThread
GetCurrentThreadId
CreateProcessA
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
OpenProcessToken
ResumeThread
CreateThread
GetExitCodeThread
OpenThreadToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
LCMapStringEx
GetCPInfo
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

newdev

DiUninstallDevice

setupapi

SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupGetInfInformationA
SetupQueryInfVersionInformationA
SetupDiDestroyDeviceInfoList

api-ms-win-crt-locale-l1-1-0

_unlock_locales
___lc_codepage_func
___lc_collate_cp_func
__pctype_func
___mb_cur_max_func
localeconv
_lock_locales
_configthreadlocale
setlocale
___lc_locale_name_func

api-ms-win-crt-heap-l1-1-0

_callnewh
_realloc_base
calloc
_set_new_mode
malloc
_calloc_base
_malloc_base
_free_base
free

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

frexp
pow
powf
ldexp

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getdays
_Strftime
_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_W_Getmonths

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
Sleep

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegDeleteTreeW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
CreateDirectoryW
DeleteFileW
SetFileTime
SetFileAttributesW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
FindFirstFileW
GetFileTime
FindClose

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsConcatString
WindowsDeleteString
WindowsCreateString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoInitializeEx
CoTaskMemFree
CoUninitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
K32GetModuleFileNameExW

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCommandLineW
ExpandEnvironmentStringsW
GetStdHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
ControlServiceExW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6453adc714009f1c78b12f276c165cb8

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

66:fa:7e:ae:c6:d6:db:0f:ab:12:dd:d0:24:9d:c4:a1:f0:b9:cc:69:21:2e:6d:2e:3a:ba:68:e1:e8:9a:ec:59Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-util-l1-1-0

newdev

setupapi

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 8KB - Virtual size: 11KB

.pdata Size: 16KB - Virtual size: 13KB

.didat Size: 4KB - Virtual size: 152B

.rsrc Size: 4KB - Virtual size: 1KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

66:fa:7e:ae:c6:d6:db:0f:ab:12:dd:d0:24:9d:c4:a1:f0:b9:cc:69:21:2e:6d:2e:3a:ba:68:e1:e8:9a:ec:59
Signer

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 152B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB