C:\BuildAgent\work\fd76be73d7b9a640\teardown.pdb
Static task
static1
1 signatures
General
-
Target
teardown.exe
-
Size
9.7MB
-
MD5
26fe637c3125c90d57e7a7d8d8bf4cfd
-
SHA1
8fa3829ac179a5fe0c25a192adfbf50f090d0189
-
SHA256
abc80dbc91433db19614733594ac306d39a7754beccfed541488b05781726820
-
SHA512
70e9619272e6d9492dab333a0e796bad960a779efc11caae78db4d39c98956054f8f810f3b55e9ba729bb512734848316c8a1484d0a863b3e729096bbbb5a8d6
-
SSDEEP
196608:+hWwFkOosulMVOY+yNhDcmBGR9N6wTBzW2K7+eF+nYJJaNl:+hWkRo5lOFDhBuVWDJFxAf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource teardown.exe
Files
-
teardown.exe.exe windows:6 windows x64 arch:x64
3924cab8a50bef9bc5134492e7fe7342
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mimalloc-override
mi_new_aligned_nothrow
mi_new_nothrow
mi_new_aligned
mi_new
mi_free_aligned
mi_free_size_aligned
mi_free_size
mi_free
wsock32
setsockopt
shutdown
select
htons
ntohl
gethostbyname
WSAStartup
WSACleanup
accept
bind
closesocket
getsockname
socket
htonl
listen
send
ntohs
connect
inet_ntoa
recv
ws2_32
getnameinfo
opengl32
glScissor
glStencilMask
glStencilOp
glTexImage2D
glTexParameteri
glReadPixels
glReadBuffer
wglMakeCurrent
glPolygonMode
glPixelStorei
glLineWidth
glGenTextures
glFlush
glFinish
glGetIntegerv
wglDeleteContext
glGetString
wglGetCurrentDC
glEnable
glDisable
glStencilFunc
wglCreateContext
glViewport
glPolygonOffset
glTexParameterfv
glDepthMask
glDepthFunc
glDeleteTextures
glCullFace
glColorMask
glClearColor
glClear
glBlendFunc
glBindTexture
glGetError
wglGetProcAddress
glTexSubImage2D
dxgi
CreateDXGIFactory1
dbghelp
SymFromAddr
MiniDumpWriteDump
SymInitialize
SymGetModuleBase64
SymFunctionTableAccess64
SymSetOptions
StackWalk64
SymCleanup
pros.sdk.x64
prosdk_http_request_get
prosdk_get_error_message
prosdk_container_transfer_upload_rawdata
prosdk_is_executing_requests
prosdk_term
hydra5_diagnostics_get_crash_reporter_token
prosdk_authorization_user_create
prosdk_user_connect_developer
prosdk_user_connect_epic_online_services
prosdk_user_connect_steam
prosdk_user_connect_xbox
prosdk_user_connect_psn_token
prosdk_user_get_connection_state
prosdk_http_request_get_framed
hydra5_diagnostics_release_crash_reporter_token
hydra5_diagnostics_crash_dump_upload_token
prosdk_disconnect_everything
prosdk_mods_mod_item_release
prosdk_user_get_kernel_session_id_visual_alias
prosdk_account_connect
prosdk_account_get_qr_code
prosdk_account_get_status
prosdk_mods_mod_list_result_release
prosdk_init
prosdk_mods_mod_complaint_type_array_release
prosdk_mods_connect
prosdk_mods_disconnect
prosdk_mods_get_connection_state
prosdk_mods_get_mod
prosdk_mods_get_mods_by_search_filter
prosdk_mods_get_complaint_type_array
prosdk_mods_subscribe_to_mod
prosdk_mods_unsubscribe_from_mod
prosdk_mods_submit_mod_complaint
prosdk_mods_add_mod
prosdk_mods_add_mod_version
prosdk_mods_upload_mod_image
prosdk_mods_rate_mod
prosdk_telemetry_user_event
prosdk_update
kernel32
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceFrequency
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
FindNextFileA
RemoveDirectoryA
VirtualProtect
CreateDirectoryA
DeleteFileA
FindClose
RtlVirtualUnwind
SetThreadAffinityMask
TerminateThread
SetThreadPriority
CreateThread
GetSystemInfo
Sleep
QueryPerformanceCounter
GetFileAttributesA
CreateSemaphoreA
CreateEventA
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
MoveFileExA
ConvertThreadToFiber
CreateFiber
ConvertFiberToThread
DeleteFiber
SwitchToFiber
GetProcAddress
GetModuleHandleA
GetModuleHandleExA
GetModuleFileNameW
VirtualQuery
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
SetErrorMode
SetUnhandledExceptionFilter
CloseHandle
CreateFileW
RtlCaptureContext
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
GetCurrentProcess
GetUserDefaultLocaleName
LocaleNameToLCID
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetDiskFreeSpaceExA
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateEventW
GetModuleHandleW
GetLocalTime
LoadLibraryA
FreeLibrary
LoadLibraryW
K32EnumProcessModules
GetCurrentDirectoryA
ReleaseSRWLockExclusive
FindFirstFileA
GetModuleFileNameA
InitializeSRWLock
GetLastError
FormatMessageA
SetFilePointerEx
ReadFile
GetFileTime
GetFileSizeEx
LocalFree
GetTickCount
WriteFile
GetFileType
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
OutputDebugStringA
LoadLibraryExA
WaitForMultipleObjectsEx
user32
GetWindowRect
AdjustWindowRectEx
MessageBoxA
ShowCursor
SetCursorPos
ClientToScreen
ReleaseCapture
SetClassLongPtrA
LoadCursorA
LoadIconA
ChangeDisplaySettingsExA
GetDisplayConfigBufferSizes
ReleaseDC
DisplayConfigGetDeviceInfo
GetMonitorInfoA
EnumDisplayMonitors
GetRawInputData
RegisterRawInputDevices
GetForegroundWindow
GetDC
SetCapture
SetFocus
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
SetForegroundWindow
QueryDisplayConfig
GetSystemMetrics
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongPtrA
gdi32
ChoosePixelFormat
SwapBuffers
SetPixelFormat
advapi32
GetSecurityInfo
shell32
ShellExecuteA
SHGetSpecialFolderPathA
ole32
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
oleaut32
VariantClear
VariantInit
SysAllocString
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
msvcp140
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Cnd_signal
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Query_perf_counter
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
steam_api64
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface
SteamAPI_RunCallbacks
SteamInternal_CreateInterface
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_Init
SteamAPI_Shutdown
dsound
ord1
bcrypt
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDestroyKey
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptGenRandom
BCryptDeriveKeyPBKDF2
vcruntime140
_purecall
memcpy
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
memmove
strstr
memchr
strchr
__C_specific_handler
longjmp
__std_type_info_destroy_list
strrchr
memcmp
__current_exception
__current_exception_context
__intrinsic_setjmp
__std_terminate
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-math-l1-1-0
ldexp
frexp
modf
acos
_fdclass
__setusermatherr
tanf
pow
floor
asin
asinf
logf
atanf
ceilf
tanh
tan
sqrt
floorf
sinh
sin
log10
expf
cos
fmod
exp
cosh
ceil
atan
sinf
powf
cosf
atan2f
acosf
sqrtf
fmodf
atan2
log
api-ms-win-crt-stdio-l1-1-0
ungetc
__stdio_common_vsnwprintf_s
__stdio_common_vsscanf
__stdio_common_vfprintf
fwrite
ftell
fseek
putchar
fread
fflush
fclose
_wfopen
_popen
_pclose
getc
__acrt_iob_func
fputs
_ftelli64
fgets
__stdio_common_vsprintf
_fseeki64
freopen
clearerr
_set_fmode
feof
ferror
fopen
_close
_filelength
_sopen_dispatch
__stdio_common_vsprintf_s
tmpfile
__p__commode
__stdio_common_vfscanf
setvbuf
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
terminate
_initialize_narrow_environment
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_control87
abort
_invalid_parameter_noinfo
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_crt_at_quick_exit
_cexit
system
_Exit
signal
_seh_filter_exe
_errno
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
exit
strerror
api-ms-win-crt-string-l1-1-0
isalnum
ispunct
_stricmp
isxdigit
isdigit
islower
isprint
isalpha
tolower
strcoll
strcspn
strnlen
strncat
strpbrk
isupper
strncmp
strncpy
toupper
_strdup
_wcsdup
isspace
iswprint
strcmp
iscntrl
api-ms-win-crt-utility-l1-1-0
rand
qsort
srand
api-ms-win-crt-heap-l1-1-0
free
_aligned_free
malloc
_set_new_mode
_aligned_malloc
calloc
realloc
api-ms-win-crt-convert-l1-1-0
strtoul
strtod
strtol
atoi
_atoi64
_strtoui64
strtoull
atof
api-ms-win-crt-time-l1-1-0
_localtime64
strftime
_time64
_localtime64_s
_mktime64
_difftime64
clock
_gmtime64
api-ms-win-crt-filesystem-l1-1-0
rename
remove
_stat64i32
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
setlocale
Exports
Exports
AmdPowerXpressRequestHighPerformance
D3D12SDKPath
D3D12SDKVersion
NvOptimusEnablement
Sections
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 332KB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 315KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bind Size: 201KB - Virtual size: 201KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ