Unlock[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Unlock.zip
Size

906KB
MD5

6f6e0c889f9ac1a3f1ca8a659d664098
SHA1

3cbddafbfdb2ed22419457ef4d6dc49e05f594c8
SHA256

c11cc1115713f30a90d8ca98ab66f8a28e7073852bd01eb86480bd8104f68e42
SHA512

d5e549585decf79cb0366cdbd2bba9a514e2eb335485699c559d957830e55a75498f9e95251b7c2a24a5dd276ea3060f74084267af8debdcc508397108353fcd
SSDEEP

24576:jqgeQutsDh9wHOnvQJ26Py9nesCDeWuCT1vs83D:jqgsWwHOnIJ26Py9eRDerCZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Unlock/SDL3_image.dll
unpack001/Unlock/Unlock.exe

Files

Unlock.zip
.zip

Password: mrpcgamess2024
Pass.txt
Unlock/CSERHelper.dll
.dll windows:4 windows x86 arch:x86

Password: mrpcgamess2024

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

Actual PE Digest

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\p4clients\taylor_pubkeys\ThirdPartyCode\DebugNet\Release\BugslayerUtil.pdb

Imports

dbghelp

SymSetOptions
SymGetSymFromAddr
SymGetOptions
SymLoadModule64
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymGetModuleBase64
SymLoadModule
SymCleanup
SymInitialize
StackWalk64
UnDecorateSymbolName
SymFunctionTableAccess64

kernel32

GetThreadContext
OutputDebugStringW
WriteFile
IsDebuggerPresent
GetProfileIntW
SearchPathW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
WideCharToMultiByte
GetACP
RaiseException
GetModuleHandleW
SetUnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
FormatMessageW
lstrlenA
lstrcpynW
ReadProcessMemory
GlobalAlloc
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
ExitProcess
OutputDebugStringA
VirtualQueryEx
GetVersionExW
DisableThreadLibraryCalls
VirtualQuery
VirtualProtect
IsBadStringPtrA
IsBadStringPtrW
CreateFileW
CloseHandle
GetCurrentThreadId
OpenProcess
GetThreadPriority
SetThreadPriority
OpenThread
SuspendThread
ResumeThread
FreeLibrary
GlobalLock
GlobalUnlock
GetLocaleInfoW
FindResourceExW
LoadResource
LockResource
GetProcessHeap
HeapFree
lstrlenW
GetLastError
HeapAlloc
GetCurrentProcessId
SetLastError
InterlockedExchange
LocalAlloc
IsBadWritePtr
GlobalFree
HeapReAlloc
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TerminateProcess
HeapSize
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemInfo
LCMapStringA
LCMapStringW
InitializeCriticalSection
SetFilePointer
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RtlUnwind
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FlushFileBuffers

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

Exports

Exports

AddClientDV
AddCrashHandlerLimitModule
AddDiagAssertModule
AllocAndFillProcessModuleList
BSUAnsi2Wide
BSUGetModuleBaseNameA
BSUGetModuleBaseNameW
BSUGetModuleFileNameExA
BSUGetModuleFileNameExW
BSUIsInteractiveUser
BSUSetCurrentThreadNameA
BSUSetCurrentThreadNameW
BSUSetThreadNameA
BSUSetThreadNameW
BSUSymInitializeA
BSUSymInitializeW
BSUWide2Ansi
CreateCurrentProcessCrashDumpA
CreateCurrentProcessCrashDumpW
DiagAssertA
DiagAssertW
DiagOutputA
DiagOutputW
GetFaultReason
GetFirstStackTraceString
GetLimitModuleCount
GetLimitModulesArray
GetLoadedModules
GetNextStackTraceString
GetProcessThreadIds
GetRegisterString
GetSuperAssertionCount
HookImportedFunctionsByNameA
HookImportedFunctionsByNameW
HookOrdinalExportA
HookOrdinalExportW
IsMiniDumpFunctionAvailable
IsNT
IsNT4
IsServer2003
IsServer2003orBetter
IsW2K
IsW2KorBetter
IsXP
IsXPorBetter
MemStressInitializeA
MemStressInitializeW
MemStressTerminate
SetCrashHandlerFilter
SetDiagAssertFile
SetDiagAssertOptions
SetDiagOutputFile
SnapCurrentProcessMiniDumpA
SnapCurrentProcessMiniDumpW
SuperAssertionA
SuperAssertionW
ValidateAllBlocks

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock/GameOverlayRenderer.log
Unlock/SDL3_image.dll
.dll windows:6 windows x86 arch:x86

Password: mrpcgamess2024

fa5e9d9f3d8f50bad9502e46816eac5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\projects\SDL_image\build\RelWithDebInfo\SDL3_image.pdb

Imports

sdl3

SDL_DuplicateSurface
SDL_strncasecmp
SDL_ReadS32BE
SDL_ReadU32BE
SDL_RWsize
SDL_tanf
SDL_sqrtf
SDL_sqrt
SDL_sinf
SDL_roundf
SDL_pow
SDL_fmodf
SDL_fabsf
SDL_fabs
SDL_cosf
SDL_ceilf
SDL_atan2f
SDL_acosf
SDL_sscanf
SDL_strtoll
SDL_strtol
SDL_strstr
SDL_strchr
SDL_strlcpy
SDL_strlen
SDL_qsort
SDL_SetSurfaceBlendMode
SDL_memset
SDL_CreateSurfaceFrom
SDL_LoadFile_RW
SDL_isspace
SDL_isdigit
SDL_Log
SDL_floorf
SDL_BlitSurface
SDL_FillSurfaceRect
SDL_malloc
SDL_SurfaceHasColorKey
SDL_SetSurfaceColorKey
SDL_MapRGBA
SDL_strcmp
SDL_LoadBMP_RW
SDL_ReadS32LE
SDL_ReadU32LE
SDL_ReadU16LE
SDL_ReadU8
SDL_strncmp
SDL_UnloadObject
SDL_LoadFunction
SDL_LoadObject
SDL_ConvertSurfaceFormat
SDL_GetSurfaceProperties
SDL_CreateSurface
SDL_RWwrite
SDL_RWread
SDL_RWtell
SDL_GetNumberProperty
SDL_SetFloatProperty
SDL_SetNumberProperty
SDL_memcmp
SDL_realloc
SDL_CreateTextureFromSurface
SDL_DestroySurface
SDL_RWclose
SDL_RWseek
SDL_RWFromFile
SDL_Error
SDL_SetError
SDL_strrchr
SDL_toupper
SDL_free
SDL_calloc

kernel32

IsProcessorFeaturePresent
DecodePointer
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
InterlockedFlushSList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

Exports

Exports

IMG_FreeAnimation
IMG_Init
IMG_Linked_Version
IMG_Load
IMG_LoadAVIF_RW
IMG_LoadAnimation
IMG_LoadAnimationTyped_RW
IMG_LoadAnimation_RW
IMG_LoadBMP_RW
IMG_LoadCUR_RW
IMG_LoadGIFAnimation_RW
IMG_LoadGIF_RW
IMG_LoadICO_RW
IMG_LoadJPG_RW
IMG_LoadJXL_RW
IMG_LoadLBM_RW
IMG_LoadPCX_RW
IMG_LoadPNG_RW
IMG_LoadPNM_RW
IMG_LoadQOI_RW
IMG_LoadSVG_RW
IMG_LoadSizedSVG_RW
IMG_LoadTGA_RW
IMG_LoadTIF_RW
IMG_LoadTexture
IMG_LoadTextureTyped_RW
IMG_LoadTexture_RW
IMG_LoadTyped_RW
IMG_LoadWEBPAnimation_RW
IMG_LoadWEBP_RW
IMG_LoadXCF_RW
IMG_LoadXPM_RW
IMG_LoadXV_RW
IMG_Load_RW
IMG_Quit
IMG_ReadXPMFromArray
IMG_ReadXPMFromArrayToRGB888
IMG_SaveAVIF
IMG_SaveAVIF_RW
IMG_SaveJPG
IMG_SaveJPG_RW
IMG_SavePNG
IMG_SavePNG_RW
IMG_isAVIF
IMG_isBMP
IMG_isCUR
IMG_isGIF
IMG_isICO
IMG_isJPG
IMG_isJXL
IMG_isLBM
IMG_isPCX
IMG_isPNG
IMG_isPNM
IMG_isQOI
IMG_isSVG
IMG_isTIF
IMG_isWEBP
IMG_isXCF
IMG_isXPM
IMG_isXV

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock/Unlock.exe
.exe windows:6 windows x86 arch:x86

Password: mrpcgamess2024

ca26513771bc4647dea9c3f98846f809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

Polyline

user32

OffsetRect

advapi32

DeleteAce

kernel32

SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
WaitForSingleObject
CreateThread
VirtualAlloc
RaiseException
InitOnceBeginInitialize
InitOnceComplete
CloseHandle
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
SetEnvironmentVariableW
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BSs
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock/gamepacdll
.dll windows:5 windows x86 arch:x86

Password: mrpcgamess2024

1b4249e2c8bfeaecab5c4fba1a54a8d2

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e
Signer

Actual PE Digest

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steamvr_rel_win32\build\src\openvr_api\Retail\win32\openvr_api.pdb

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLastError
FindClose
Sleep
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
CloseHandle
CreateFileW
IsDebuggerPresent
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
RaiseException
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
MultiByteToWideChar
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
ReadFile
GetFullPathNameW
GetCurrentDirectoryW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
GetConsoleCP
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetTimeZoneInformation
VirtualQuery
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
SetEndOfFile
OutputDebugStringW

shell32

SHGetFolderPathW

Exports

Exports

VRControlPanel
VRDashboardManager
VRTrackedCameraInternal
VR_GetGenericInterface
VR_GetInitToken
VR_GetStringForHmdError
VR_GetVRInitErrorAsEnglishDescription
VR_GetVRInitErrorAsSymbol
VR_InitInternal
VR_IsHmdPresent
VR_IsInterfaceVersionValid
VR_IsRuntimeInstalled
VR_RuntimePath
VR_ShutdownInternal

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unlock/openvr_api.dll
.dll windows:5 windows x86 arch:x86

Password: mrpcgamess2024

1b4249e2c8bfeaecab5c4fba1a54a8d2

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e
Signer

Actual PE Digest

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steamvr_rel_win32\build\src\openvr_api\Retail\win32\openvr_api.pdb

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLastError
FindClose
Sleep
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
CloseHandle
CreateFileW
IsDebuggerPresent
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
RaiseException
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
MultiByteToWideChar
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
ReadFile
GetFullPathNameW
GetCurrentDirectoryW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
GetConsoleCP
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetTimeZoneInformation
VirtualQuery
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW
GetStringTypeW
SetEndOfFile
OutputDebugStringW

shell32

SHGetFolderPathW

Exports

Exports

VRControlPanel
VRDashboardManager
VRTrackedCameraInternal
VR_GetGenericInterface
VR_GetInitToken
VR_GetStringForHmdError
VR_GetVRInitErrorAsEnglishDescription
VR_GetVRInitErrorAsSymbol
VR_InitInternal
VR_IsHmdPresent
VR_IsInterfaceVersionValid
VR_IsRuntimeInstalled
VR_RuntimePath
VR_ShutdownInternal

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: mrpcgamess2024

Password: mrpcgamess2024

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

advapi32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

Password: mrpcgamess2024

fa5e9d9f3d8f50bad9502e46816eac5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sdl3

kernel32

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

Password: mrpcgamess2024

ca26513771bc4647dea9c3f98846f809

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

advapi32

kernel32

Sections

.text Size: 129KB - Virtual size: 128KB

.BSs Size: 4KB - Virtual size: 3KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 349KB - Virtual size: 352KB

.reloc Size: 8KB - Virtual size: 8KB

Password: mrpcgamess2024

1b4249e2c8bfeaecab5c4fba1a54a8d2

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 129KB - Virtual size: 128KB

.BSs
Size: 4KB - Virtual size: 3KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 349KB - Virtual size: 352KB

.reloc
Size: 8KB - Virtual size: 8KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e
Signer

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 9KB - Virtual size: 9KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

16:49:bf:26:ba:86:49:98:a3:65:82:e3:47:03:84:b8:f1:38:75:9e
Signer

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 9KB - Virtual size: 9KB