victoria3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

victoria3.exe
Size

71.6MB
MD5

812b3da4adcc7b9a4b67279880ad8b61
SHA1

01ce35419418a4dd390ae17efd87c5a3d7f91da4
SHA256

2fbd205c990ac97f3b8cb8d6977319d66e970e9361efbe68f24d2990e3474c58
SHA512

ae144dacf17bfdadca71d0db64c78ff922c7a39d206e781de9d4cc992b8f3c38d6b0c8f257c88b5f2a1c8ec1bfddb263dcfdd2d5bd84d9ebc55bbf11b97986e3
SSDEEP

393216:lmDrZDLjrsHKejYXwIvUeKRsb01mS51xp53yrU4GQZtVqzGDN2GzIgblVHFlA9TV:lW5PeCUZyw0V04WT+0

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
victoria3.exe

Files

victoria3.exe
.exe windows:6 windows x64 arch:x64

Password: Elisabe04

1c9e88f3cb4b4256de5074833b8987fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\mnt\gsg\caligula\caligula\outputdir_windows\binaries\victoria3.pdb

Imports

nvtt

?errorString@nvtt@@YAPEBDW4Error@1@@Z
??0InputOptions@nvtt@@QEAA@XZ
??1InputOptions@nvtt@@QEAA@XZ
?setTextureLayout@InputOptions@nvtt@@QEAAXW4TextureType@2@HHHH@Z
?setMipmapData@InputOptions@nvtt@@QEAA_NPEBXHHHHH@Z
?setMipmapGeneration@InputOptions@nvtt@@QEAAX_NH@Z
??0CompressionOptions@nvtt@@QEAA@XZ
??1CompressionOptions@nvtt@@QEAA@XZ
?setFormat@CompressionOptions@nvtt@@QEAAXW4Format@2@@Z
??0Compressor@nvtt@@QEAA@XZ
??1Compressor@nvtt@@QEAA@XZ
?enableCudaAcceleration@Compressor@nvtt@@QEAAX_N@Z
?process@Compressor@nvtt@@QEBA_NAEBUInputOptions@2@AEBUCompressionOptions@2@AEBUOutputOptions@2@@Z
?estimateSize@Compressor@nvtt@@QEBAHAEBUInputOptions@2@AEBUCompressionOptions@2@@Z
??0OutputOptions@nvtt@@QEAA@XZ
??1OutputOptions@nvtt@@QEAA@XZ
?setOutputHandler@OutputOptions@nvtt@@QEAAXPEAUOutputHandler@2@@Z
?setErrorHandler@OutputOptions@nvtt@@QEAAXPEAUErrorHandler@2@@Z

fmod

?getAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?setAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?getSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAHPEAW4FMOD_SPEAKERMODE@@0@Z
?setSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@HW4FMOD_SPEAKERMODE@@H@Z
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?getCPUUsage@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_CPU_USAGE@@@Z
?getSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?getFileUsage@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_J00@Z
?getUserData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?setUserData@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
FMOD_Debug_Initialize
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z
?setCallback@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PEAX3@Z@Z
?setUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?getPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?setPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z
FMOD_Memory_GetStats
?getUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?getName@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEADH@Z

fmodstudio

?getBus@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVBus@23@@Z
?setCallback@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW44@IPEAUFMOD_STUDIO_EVENTINSTANCE@@PEAX@ZI@Z
?isValid@EventInstance@Studio@FMOD@@QEBA_NXZ
?setTimelinePosition@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getBankCount@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?unload@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?unloadSampleData@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?loadSampleData@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getTimelinePosition@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_3D_ATTRIBUTES@@@Z
?get3DAttributes@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAUFMOD_3D_ATTRIBUTES@@@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?setParameterByID@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@M_N@Z
?setVolume@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getParameterDescriptionByName@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?isVirtual@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?setPaused@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getPaused@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?getBankList@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVBank@23@HPEAH@Z
?getParameterByName@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAM1@Z
?getParameterByID@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEAM1@Z
?getBusCount@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getBusList@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVBus@23@HPEAH@Z
?getInstanceCount@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getInstanceList@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@HPEAH@Z
?getPath@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEADHPEAH@Z
?getPath@VCA@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEADHPEAH@Z
?getPath@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEADHPEAH@Z
?setParameterByName@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?getVCAList@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVVCA@23@HPEAH@Z
?getVCACount@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getEventList@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventDescription@23@HPEAH@Z
?getEventCount@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getDescription@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventDescription@23@@Z
?getVCA@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVVCA@23@@Z
?getParameterDescriptionByIndex@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@HPEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?getParameterDescriptionCount@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?unloadSampleData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?loadSampleData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getMinMaxDistance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?is3D@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?getUserData@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAX@Z
?setListenerMask@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?setUserData@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?createInstance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@@Z
?getChannelGroup@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@3@@Z
?setUserData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?start@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?stop@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?release@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getParameterDescriptionByID@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?stopAllEvents@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?setVolume@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getVolume@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?setMute@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getMute@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?setPaused@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getPaused@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?unlockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setVolume@VCA@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getVolume@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?getVolume@VCA@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAM0@Z
?getBank@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVBank@23@@Z
?setParameterByID@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@M_N@Z
?getParameterDescriptionByID@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?getParameterByID@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@UFMOD_STUDIO_PARAMETER_ID@@PEAM1@Z
?getParameterDescriptionByName@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@@Z
?getParameterDescriptionList@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_PARAMETER_DESCRIPTION@@HPEAH@Z
?getParameterDescriptionCount@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?getEvent@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVEventDescription@23@@Z
?getLength@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?loadBankFile@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAPEAVBank@23@@Z
?getListenerAttributes@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@HPEAUFMOD_3D_ATTRIBUTES@@PEAUFMOD_VECTOR@@@Z
?setListenerAttributes@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_3D_ATTRIBUTES@@PEBUFMOD_VECTOR@@@Z
?update@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?initialize@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HIIPEAX@Z
?getCoreSystem@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAV13@@Z
?create@System@Studio@FMOD@@SA?AW4FMOD_RESULT@@PEAPEAV123@I@Z
?lockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getUserData@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAX@Z
?setUserData@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?getUserData@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAX@Z
?setNumListeners@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getNumListeners@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getPath@Bank@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEADHPEAH@Z

nakama-sdk

?createDefaultClient@Nakama@@YA?AV?$shared_ptr@VNClientInterface@Nakama@@@std@@AEBUNClientParameters@1@@Z

ws2_32

ntohl
getaddrinfo
freeaddrinfo
htonl
gethostname
shutdown
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
ioctlsocket
inet_ntop
getpeername
sendto
recvfrom
recv
listen
getsockname
connect
bind
accept
WSACleanup
select
__WSAFDIsSet
WSASetLastError
ntohs
inet_pton
socket
WSAStartup
htons
WSAGetLastError
closesocket
WSAIoctl
setsockopt
WSAEventSelect
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DReflect

dxgi

CreateDXGIFactory1

dxcompiler

DxcCreateInstance

shlwapi

PathAppendW
PathFileExistsW

crypt32

CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

advapi32

LookupPrivilegeValueA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
RegGetValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
GetUserNameA
RegQueryValueExW
RegOpenKeyExW

user32

DialogBoxIndirectParamW
PostThreadMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
SetWindowRgn
MonitorFromWindow
MonitorFromRect
CreateIconFromResource
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
IntersectRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
MapVirtualKeyW
ToUnicode
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetDlgItem
RegisterWindowMessageA
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
TrackMouseEvent
PeekMessageW
GetMessageExtraInfo
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
SetWindowPos
IsIconic
GetKeyState
GetAsyncKeyState
SetTimer
KillTimer
GetSystemMetrics
GetMenu
GetForegroundWindow
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SystemParametersInfoA
GetClipCursor
ClientToScreen
FillRect
ClipCursor
DrawTextW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
PostMessageW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExA
RegisterClassExA
DefWindowProcW
ShowWindow
IsWindowVisible
UnregisterClassA
SetCursor
ShowCursor
LoadCursorA
LoadCursorFromFileW
GetDesktopWindow
ReleaseDC
GetDC
MessageBoxA
ScreenToClient
GetCursorPos
GetKeyboardLayoutNameA
SetProcessDPIAware
EndDialog
GetDoubleClickTime

bcrypt

BCryptGenRandom

setupapi

CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Parent
CM_Locate_DevNodeA

winmm

waveOutOpen
waveOutClose
waveOutGetErrorTextW
waveOutGetDevCapsW
timeGetTime
timeBeginPeriod
waveOutGetNumDevs
waveInReset
waveInStart
waveInAddBuffer
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
timeEndPeriod

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetIMEFileNameA
ImmSetCandidateWindow

bink2w64

BinkNextFrame
BinkShouldSkip
BinkWait
BinkRegisterFrameBuffers
BinkAllocateFrameBuffers
BinkGetFrameBuffersInfo
BinkFreeGlobals
BinkGoto
BinkRequestStopAsyncThread
BinkClose
BinkDoFrameAsyncWait
BinkDoFrameAsync
BinkSetSoundOnOff
BinkGetError
BinkStartAsyncThread
BinkSetOSFileCallbacks
BinkWaitStopAsyncThread
BinkOpen

pops_api

POPS_AccountGetLanguages
POPS_AccountGetCountries
POPS_TelemetrySendMulti
POPS_AutoStandardTelemetryEnable
POPS_AccountCreate
POPS_TokenRetrieveCurrent
POPS_Initialize
POPS_SetFileIO
POPS_SetRootPath
POPS_RunCallbacks
POPS_Shutdown
POPS_AccountLogIn
POPS_AccountLogInWithAuthToken
POPS_AccountLogInSteamTicket
POPS_AccountResetPassword
POPS_AccountConnections
POPS_AccountConnectAccountSteam
POPS_AccountDisconnectAccountSteam
POPS_SocialProfileCreate
POPS_SocialProfileUpdate
POPS_SocialProfileRetrieve
POPS_AccountGetDetails
POPS_AccountGetGuid

steam_api64

SteamInternal_FindOrCreateUserInterface
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateGameServerInterface
SteamGameServer_GetHSteamUser
SteamInternal_GameServer_Init
SteamGameServer_Shutdown
SteamAPI_IsSteamRunning
SteamGameServer_RunCallbacks
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RunCallbacks

kernel32

VirtualAlloc
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
AllocConsole
FreeConsole
GetFileType
GetStdHandle
GetFullPathNameW
CreateDirectoryW
IsDebuggerPresent
LocalFree
SetEndOfFile
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
GetStringTypeW
RtlPcToFileHeader
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeSListHead
RtlLookupFunctionEntry
DecodePointer
GetNumaNodeProcessorMask
GetNumaHighestNodeNumber
VirtualUnlock
GetLargePageMinimum
VirtualQuery
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessorNumber
GetProcessTimes
FlsFree
FlsSetValue
FlsAlloc
SetConsoleTextAttribute
RtlUnwindEx
InterlockedPushEntrySList
RtlUnwind
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetStdHandle
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
HeapReAlloc
IsValidCodePage
GetOEMCP
HeapSize
ReadConsoleInputW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetModuleHandleW
WriteConsoleA
GetDynamicTimeZoneInformation
GetFileAttributesW
WriteConsoleW
GetModuleFileNameA
ReadProcessMemory
GetVersionExA
GetThreadContext
ResumeThread
SuspendThread
GetFileAttributesA
GetCurrentDirectoryA
RtlCaptureContext
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemPowerStatus
CompareStringA
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryExW
CreateEventW
ResetEvent
GetOverlappedResult
DeviceIoControl
CreateFileA
SetEnvironmentVariableA
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
FormatMessageA
CreateDirectoryA
SetFileAttributesA
FatalExit
SetConsoleCtrlHandler
GetLastError
AttachConsole
ExitProcess
SetThreadExecutionState
MulDiv
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
ConvertThreadToFiberEx
ConvertFiberToThread
RtlVirtualUnwind
GetACP
CreateSemaphoreA
GetExitCodeThread
ReleaseSemaphore
TryEnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
CreateFiberEx
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
GetFileInformationByHandle
SwitchToThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetLocaleInfoW
FindFirstFileExW
TlsAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetSystemTimeAsFileTime
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
WaitForSingleObjectEx
FormatMessageW
SetLastError
LoadLibraryW
GetSystemDirectoryW
Sleep
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteFileW
RemoveDirectoryW
GetFileAttributesExW
FlushFileBuffers
FindNextFileW
GetCurrentThreadId
GetModuleFileNameW
CreateThread
SetEvent
SetErrorMode
FindClose
GetFileSize
SetFilePointer
FindFirstFileW
GetConsoleWindow
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GlobalMemoryStatusEx
GetNativeSystemInfo
GetSystemDefaultUILanguage
GetLocaleInfoA
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
RtlCaptureStackBackTrace
ReadFile
WaitForSingleObject
CreateProcessA
WideCharToMultiByte
K32GetProcessMemoryInfo
SetThreadDescription
SetThreadPriority
CancelIo
SleepEx
GetFinalPathNameByHandleA
ReadDirectoryChangesW
GetSystemInfo
VirtualProtect
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
CreateProcessW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetThreadId
GetCurrentThread
TerminateProcess
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
CreateFileW
WriteFile
HeapFree
OutputDebugStringA
VirtualFree

gdi32

BitBlt
SetPixel
DeleteObject
GetPixel
CreateSolidBrush
DeleteDC
GetObjectA
CreateDIBSection
SelectObject
GetDeviceCaps
CreateBitmap
GetICMProfileW
GetDeviceGammaRamp
SetDeviceGammaRamp
CombineRgn
CreateRectRgn
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
CreateFontIndirectW
GetTextExtentPoint32A
GetTextMetricsW
CreateCompatibleBitmap
CreateDCW
CreateCompatibleDC
GetDIBits

shell32

SHCreateDirectoryExW
SHParseDisplayName
SHCreateShellItem
ord155
DragQueryFileW
DragFinish
ExtractIconExW
DragAcceptFiles
ShellExecuteW
ShellExecuteA
SHGetFolderPathW
CommandLineToArgvW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
PropVariantClear

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 51.6MB - Virtual size: 51.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Elisabe04

1c9e88f3cb4b4256de5074833b8987fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nvtt

fmod

fmodstudio

nakama-sdk

ws2_32

d3d11

d3dcompiler_47

dxgi

dxcompiler

shlwapi

crypt32

advapi32

user32

bcrypt

setupapi

winmm

version

imm32

bink2w64

pops_api

steam_api64

kernel32

gdi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 51.6MB - Virtual size: 51.6MB

.rdata Size: 11.8MB - Virtual size: 11.8MB

.data Size: 5.1MB - Virtual size: 6.7MB

.pdata Size: 2.4MB - Virtual size: 2.4MB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 699KB - Virtual size: 698KB

.text
Size: 51.6MB - Virtual size: 51.6MB

.rdata
Size: 11.8MB - Virtual size: 11.8MB

.data
Size: 5.1MB - Virtual size: 6.7MB

.pdata
Size: 2.4MB - Virtual size: 2.4MB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 699KB - Virtual size: 698KB