SteamService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SteamService.exe
Size

550KB
MD5

c584b6ceae14c90f563bd7feb38cd9b6
SHA1

a2966e8260851cc69b7e64d48e48defd1905ef6a
SHA256

c5fe997aedc79ebaf9b0615508ded3864f626f194fad492d3bbdd6148455c464
SHA512

c509a0be1645ee77245e99a3ccc904134910711e918de1e91afff7ac70768c560b1c338a1e1e572baa4e85c54ca11d3f372cc2cab59f2de8e904c188bc15d47d
SSDEEP

6144:QaD144l/7m0JdXU9EFMWZS+/OdZmC/4IiEh+GIIIIIIIhIIIIIIIIIIIIIIIU:BD144FtPXmEW0jOdZDRi3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamService.exe

Files

SteamService.exe
.exe windows:6 windows x64 arch:x64

c6fb9307585ae79d4ff36208658320aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ATK\Desktop\dev\inceptor-main\inceptor\temp\SteamServices-temp.pdb

Imports

kernel32

VirtualAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
puts
__acrt_iob_func
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
terminate
_crt_at_quick_exit
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 471B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6fb9307585ae79d4ff36208658320aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 996B

.idata Size: 4KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 337B

.rsrc Size: 264KB - Virtual size: 264KB

.reloc Size: 512B - Virtual size: 471B

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 996B

.idata
Size: 4KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 264KB - Virtual size: 264KB

.reloc
Size: 512B - Virtual size: 471B