DDNet[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

DDNet.exe
Size

4.1MB
MD5

116fe18a85563b8c2abac9782c5be9ed
SHA1

500b502c4eda560dfdac5fc64423ff5770aa12ad
SHA256

9f5c1204c67cca61e79683157d88fc91e7797619478287e05d5fa5303aaef7d4
SHA512

ffa4a6faf96fd24a42f26fd7633c51b3998bb91fe05c8f42de1077323e636d722aa18d4ae040ff3d97c42a1a65ad8462611a76c1e3495c68974cc488ca96f79c
SSDEEP

49152:LvpYexbOHk9YIJvMcNku0LOyatkRzxv2Iie/IYGiCY5hTACUjNhpGN+REYLbEI5m:L+COhzwteSRGESlL1QCzuho55dJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DDNet.exe

Files

DDNet.exe
.exe windows:6 windows x64 arch:x64

Password: 123456

aec379f3a36081c2d16f62227503004d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libfreetype

FT_Done_Face
FT_Done_FreeType
FT_Error_String
FT_Get_Char_Index
FT_Get_Kerning
FT_Init_FreeType
FT_Library_Version
FT_Load_Char
FT_Load_Glyph
FT_New_Memory_Face
FT_Set_Pixel_Sizes

libpng16-16

png_create_info_struct
png_create_read_struct
png_create_write_struct
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_get_bit_depth
png_get_channels
png_get_color_type
png_get_compression_type
png_get_error_ptr
png_get_filter_type
png_get_image_height
png_get_image_width
png_get_interlace_type
png_get_io_ptr
png_get_rowbytes
png_get_valid
png_read_image
png_read_info
png_read_update_info
png_set_IHDR
png_set_error_fn
png_set_expand_gray_1_2_4_to_8
png_set_palette_to_rgb
png_set_read_fn
png_set_sig_bytes
png_set_strip_16
png_set_tRNS_to_alpha
png_set_write_fn
png_sig_cmp
png_write_end
png_write_image
png_write_info

sdl2

SDL_CaptureMouse
SDL_CloseAudioDevice
SDL_CreateSystemCursor
SDL_CreateWindow
SDL_DestroyWindow
SDL_EventState
SDL_FlashWindow
SDL_FreeCursor
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_GetDrawableSize
SDL_GL_MakeCurrent
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GameControllerClose
SDL_GameControllerGetAxis
SDL_GameControllerGetButton
SDL_GameControllerOpen
SDL_GetClipboardText
SDL_GetClosestDisplayMode
SDL_GetCurrentAudioDriver
SDL_GetCurrentDisplayMode
SDL_GetCurrentVideoDriver
SDL_GetDesktopDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayMode
SDL_GetDisplayName
SDL_GetError
SDL_GetGlobalMouseState
SDL_GetKeyboardFocus
SDL_GetKeyboardState
SDL_GetMouseState
SDL_GetNumDisplayModes
SDL_GetNumVideoDisplays
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetRelativeMouseState
SDL_GetRendererOutputSize
SDL_GetScancodeFromKey
SDL_GetVersion
SDL_GetWindowDisplayIndex
SDL_GetWindowFlags
SDL_GetWindowFromID
SDL_GetWindowPosition
SDL_GetWindowSize
SDL_GetWindowWMInfo
SDL_Init
SDL_InitSubSystem
SDL_IsGameController
SDL_JoystickGetAxis
SDL_JoystickGetGUID
SDL_JoystickGetGUIDString
SDL_JoystickGetHat
SDL_JoystickInstanceID
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_MinimizeWindow
SDL_NumJoysticks
SDL_OpenAudioDevice
SDL_PauseAudioDevice
SDL_PollEvent
SDL_PumpEvents
SDL_Quit
SDL_QuitSubSystem
SDL_RestoreWindow
SDL_SetClipboardText
SDL_SetCursor
SDL_SetHint
SDL_SetRelativeMouseMode
SDL_SetTextInputRect
SDL_SetWindowBordered
SDL_SetWindowDisplayMode
SDL_SetWindowFullscreen
SDL_SetWindowGrab
SDL_SetWindowPosition
SDL_SetWindowResizable
SDL_SetWindowSize
SDL_ShowCursor
SDL_ShowSimpleMessageBox
SDL_StartTextInput
SDL_StopTextInput
SDL_Vulkan_CreateSurface
SDL_Vulkan_GetInstanceExtensions
SDL_WarpMouseInWindow
SDL_WasInit
SDL_free
SDL_getenv
SDL_setenv

avformat-60

av_dump_format
av_interleaved_write_frame
av_write_trailer
avformat_alloc_output_context2
avformat_free_context
avformat_new_stream
avformat_write_header
avio_closep
avio_open

avcodec-60

av_packet_alloc
av_packet_free
av_packet_rescale_ts
avcodec_alloc_context3
avcodec_find_encoder
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_from_context
avcodec_receive_packet
avcodec_send_frame

avutil-58

av_channel_layout_from_mask
av_dict_copy
av_dict_free
av_frame_alloc
av_frame_free
av_frame_get_buffer
av_frame_make_writable
av_log_set_level
av_opt_set
av_opt_set_int
av_opt_set_sample_fmt
av_rescale_q
av_rescale_rnd
av_samples_fill_arrays
av_strerror

swscale-7

sws_freeContext
sws_getCachedContext
sws_scale

swresample-4

swr_alloc
swr_convert
swr_free
swr_get_delay
swr_init

libopusfile

op_channel_count
op_open_memory
op_pcm_total
op_read

vulkan-1

vkDestroyDevice
vkEnumerateDeviceExtensionProperties
vkEnumerateInstanceLayerProperties
vkGetDeviceQueue
vkQueueSubmit
vkQueueWaitIdle
vkDeviceWaitIdle
vkAllocateMemory
vkFreeMemory
vkMapMemory
vkUnmapMemory
vkFlushMappedMemoryRanges
vkInvalidateMappedMemoryRanges
vkBindBufferMemory
vkBindImageMemory
vkGetBufferMemoryRequirements
vkGetImageMemoryRequirements
vkCreateFence
vkDestroyFence
vkGetInstanceProcAddr
vkWaitForFences
vkCreateSemaphore
vkDestroySemaphore
vkCreateBuffer
vkDestroyBuffer
vkCreateImage
vkDestroyImage
vkGetImageSubresourceLayout
vkCreateImageView
vkDestroyImageView
vkCreateShaderModule
vkDestroyShaderModule
vkCreateGraphicsPipelines
vkDestroyPipeline
vkCreatePipelineLayout
vkDestroyPipelineLayout
vkCreateSampler
vkDestroySampler
vkCreateDescriptorSetLayout
vkDestroyDescriptorSetLayout
vkCreateDevice
vkGetPhysicalDeviceMemoryProperties
vkCreateInstance
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceFormatProperties
vkEnumeratePhysicalDevices
vkDestroyInstance
vkCreateFramebuffer
vkUpdateDescriptorSets
vkFreeDescriptorSets
vkAllocateDescriptorSets
vkDestroyDescriptorPool
vkResetFences
vkDestroyFramebuffer
vkQueuePresentKHR
vkAcquireNextImageKHR
vkGetSwapchainImagesKHR
vkDestroySwapchainKHR
vkCreateSwapchainKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkDestroySurfaceKHR
vkCmdExecuteCommands
vkCmdEndRenderPass
vkCmdBeginRenderPass
vkCmdPushConstants
vkCmdPipelineBarrier
vkCmdClearAttachments
vkCmdCopyBufferToImage
vkCmdBlitImage
vkCmdCopyImage
vkCmdCopyBuffer
vkCmdDrawIndexed
vkCmdDraw
vkCmdBindVertexBuffers
vkCmdBindIndexBuffer
vkCmdBindDescriptorSets
vkCmdSetScissor
vkCmdSetViewport
vkCmdBindPipeline
vkResetCommandBuffer
vkEndCommandBuffer
vkBeginCommandBuffer
vkFreeCommandBuffers
vkAllocateCommandBuffers
vkDestroyCommandPool
vkCreateCommandPool
vkDestroyRenderPass
vkCreateRenderPass
vkCreateDescriptorPool

steam_api

SteamAPI_ISteamFriends_GetPersonaName
SteamAPI_GetHSteamPipe
SteamAPI_Shutdown
SteamAPI_ManualDispatch_Init
SteamAPI_ManualDispatch_FreeLastCallback
SteamAPI_ManualDispatch_GetNextCallback
SteamAPI_ManualDispatch_RunFrame
SteamAPI_SteamApps_v008
SteamAPI_ISteamApps_GetLaunchCommandLine
SteamAPI_SteamFriends_v017
SteamAPI_ISteamFriends_ClearRichPresence
SteamAPI_ISteamFriends_SetRichPresence
SteamAPI_Init

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

opengl32

wglGetProcAddress
glDrawElements
glViewport
glVertexPointer
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
glTexCoordPointer
glScissor
glReadPixels
glReadBuffer
glPixelStorei
glOrtho
glMatrixMode
glLoadIdentity
glGetString
glGetIntegerv
glGenTextures
glFinish
glEnableClientState
glEnable
glDrawArrays
glDisableClientState
glDisable
glDepthMask
glDeleteTextures
glColorPointer
glClearColor
glClear
glBlendFunc
glBindTexture
glAlphaFunc

imm32

ImmGetCandidateListW
ImmGetContext
ImmReleaseContext

libcurl

curl_easy_cleanup
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_setopt
curl_free
curl_getdate
curl_global_cleanup
curl_global_init
curl_multi_add_handle
curl_multi_cleanup
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_strerror
curl_multi_wakeup
curl_slist_append
curl_slist_free_all
curl_version_info

sqlite3

sqlite3_bind_int
sqlite3_bind_text
sqlite3_close
sqlite3_column_int
sqlite3_column_text
sqlite3_errmsg
sqlite3_exec
sqlite3_finalize
sqlite3_open
sqlite3_prepare_v2
sqlite3_reset
sqlite3_step

zlib1

uncompress
crc32
compressBound
compress2

shlwapi

PathIsRelativeW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

socket
WSAStartup
ioctlsocket
closesocket
bind
__WSAFDIsSet
htons
WSAGetLastError
WSAStringToAddressA
recvfrom
getaddrinfo
freeaddrinfo
setsockopt
select
sendto

ole32

CoUninitialize
CoInitializeEx

shell32

SHChangeNotify
CommandLineToArgvW
ShellExecuteExW

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlUnwind
NtWriteFile
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

discord_game_sdk

DiscordCreate

libsodium

sodium_init
crypto_aead_xchacha20poly1305_ietf_encrypt

sentry

sentry_close
sentry_init
sentry_options_set_database_path
sentry_options_set_handler_path
sentry_options_new
sentry_options_set_dsn
sentry_options_set_release
sentry_options_set_environment
sentry_options_set_auto_session_tracking

kernel32

GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
WriteFile
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThreadId
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetFileSizeEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
CreateMutexA
WaitForSingleObjectEx
ReadConsoleW
GetACP
ExitProcess
GetModuleHandleW
HeapAlloc
GetProcessHeap
ReleaseMutex
lstrlenW
HeapReAlloc
HeapFree
QueryPerformanceFrequency
GetCurrentProcessId
SetFilePointerEx
GetCurrentProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
GetEnvironmentStringsW
SetLastError
QueryPerformanceCounter
FreeEnvironmentStringsW
GetUserDefaultLocaleName
MoveFileExW
FormatMessageW
LocalFree
GetModuleFileNameW
CreateThread
GetExitCodeProcess
TerminateProcess
CreateSemaphoreW
Sleep
WaitForSingleObject
ReleaseSemaphore
RemoveDirectoryW
GetFileAttributesW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetCommandLineW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleOutputCP
WriteConsoleW
SetConsoleMode
GetConsoleMode
AttachConsole
GetFileType
GetStdHandle
CreateNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
CloseHandle
ReadFile
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetTimeFormatW
GetOEMCP
HeapSize

advapi32

RegOpenKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
GetCurrentHwProfileW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 958KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123456

aec379f3a36081c2d16f62227503004d

Headers

DLL Characteristics

File Characteristics

Imports

libfreetype

libpng16-16

sdl2

avformat-60

avcodec-60

avutil-58

swscale-7

swresample-4

libopusfile

vulkan-1

steam_api

api-ms-win-core-synch-l1-2-0

opengl32

imm32

libcurl

sqlite3

zlib1

shlwapi

version

ws2_32

ole32

shell32

ntdll

discord_game_sdk

libsodium

sentry

kernel32

advapi32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 958KB - Virtual size: 957KB

.data Size: 117KB - Virtual size: 410KB

.pdata Size: 102KB - Virtual size: 101KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 958KB - Virtual size: 957KB

.data
Size: 117KB - Virtual size: 410KB

.pdata
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 22KB - Virtual size: 21KB