SAS4-Win[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SAS4-Win.exe
Size

31.7MB
MD5

fff75173df86c8083b2f61b7cc96963a
SHA1

77a1394a8403d2edd7ccd8821193d344315b6273
SHA256

9332491f1177dd46e77ccf342b60b1a24b9fbbe9de46431ccd244d0e0d8dcbb6
SHA512

960a8f0e4b2189cade89909791f408e52ddea74f36bcc24133ccbedd9c3493a505d195bff84830460c998c2dc91af6b6e328fb252403b9d3e5ccb4e0ee35b5b9
SSDEEP

786432:Dg3Fqe3LBx6lGxAs6+/4py89zMTAp05/j8/eTD/frmksW5vvirAsdW3hmcx0oGfm:Dg3YOLBx6u6n489zJU/j8/eTD/frmksE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SAS4-Win.exe

Files

SAS4-Win.exe
.exe windows:6 windows x86 arch:x86

40b0346985eb61e22e0b34281431e6f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\96d93a9eda3586fa\SAS4\SAS4-Win.pdb

Imports

opengl32

wglGetProcAddress
wglGetCurrentContext
wglMakeCurrent
wglDeleteContext
wglCreateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

InitCommonControlsEx

steam_api

SteamAPI_IsSteamRunning
SteamAPI_WriteMiniDump
SteamAPI_UnregisterCallback
SteamInternal_FindOrCreateUserInterface
SteamAPI_RegisterCallback
SteamAPI_Init
SteamAPI_SetMiniDumpComment
SteamAPI_RestartAppIfNecessary
SteamAPI_GetHSteamUser
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamInternal_ContextInit
SteamAPI_RunCallbacks
SteamAPI_RegisterCallResult

kernel32

CreateFileW
GetCurrentThreadId
Sleep
GetLastError
GetCurrentProcessId
GetSystemTime
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadLibraryW
GetProcAddress
GetSystemTimeAsFileTime
GetSystemDefaultLocaleName
GetTickCount64
K32GetProcessMemoryInfo
QueryPerformanceFrequency
RaiseException
FreeLibrary
QueryPerformanceCounter
HeapFree
HeapAlloc
GetProcessHeap
OpenEventA
ResetEvent
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
OutputDebugStringA
GetModuleHandleA
GetTickCount
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
TlsAlloc
TlsFree
ReadFile
WaitForMultipleObjects
CreateWaitableTimerA
CreateEventW
ReadFileEx
GetOverlappedResult
LoadLibraryExW
GetModuleFileNameW
TlsSetValue
SetLastError
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
TerminateThread
QueueUserAPC
VerSetConditionMask
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
WaitForMultipleObjectsEx
GetCurrentProcess
WaitForSingleObjectEx
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
PeekNamedPipe
GetFileType
GetStdHandle
InitializeCriticalSectionEx
FormatMessageA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
AreFileApisANSI
CopyFileW
DeviceIoControl
RemoveDirectoryW
GetFileAttributesW
FindFirstFileW
CreateEventA
CloseHandle
SetEvent
SetWaitableTimer
SystemTimeToFileTime
SetFilePointer
FindClose
DeleteFileW
CreateDirectoryW
FormatMessageW
ResumeThread

user32

SetWindowPos
DispatchMessageW
GetDC
GetCursorInfo
PeekMessageW
TranslateMessage
LoadIconW
ToUnicode
DestroyWindow
SetCursor
SetWindowLongW
GetClientRect
GetDesktopWindow
SystemParametersInfoW
ShowWindow
LoadImageW
ReleaseDC
SendMessageW
GetWindowRect
MapVirtualKeyW
PostMessageW
AdjustWindowRectEx
DefWindowProcW
GetKeyboardState
LoadStringW
RegisterClassExW
MessageBoxW
CreateWindowExW
UpdateWindow

gdi32

SetPixelFormat
ChoosePixelFormat
GetDeviceCaps
SwapBuffers

advapi32

RegSetValueExW
RegGetValueW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
RegCreateKeyExW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptDestroyKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear

msvcp140

?do_length@?$codecvt@_WDU_Mbstatet@@@std@@MBEHAAU_Mbstatet@@PBD1I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??Bid@locale@std@@QAEIXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?classic@locale@std@@SAABV12@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Xtime_get_ticks
_Cnd_signal
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Thrd_sleep
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_detach
_Mtx_destroy
_Cnd_init
_Cnd_destroy_in_situ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?toupper@?$ctype@D@std@@QBEDD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAV?$basic_streambuf@DU?$char_traits@D@std@@@2@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_JD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?exceptions@ios_base@std@@QAEXH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ

dbghelp

MiniDumpWriteDump

ws2_32

htonl
WSAStartup
WSACleanup
gethostname
sendto
recvfrom
send
socket
recv
getpeername
ioctlsocket
setsockopt
WSAGetLastError
freeaddrinfo
htons
WSARecvFrom
shutdown
__WSAFDIsSet
accept
WSAIoctl
listen
getsockname
connect
WSARecv
getsockopt
bind
closesocket
WSASend
ntohl
WSASetLastError
WSASendTo
WSASocketW
getaddrinfo
ntohs
WSAAddressToStringW
select

mswsock

AcceptEx
GetAcceptExSockaddrs

vcruntime140

_CxxThrowException
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
strstr
longjmp
__std_terminate
__std_type_info_compare
memchr
__RTtypeid
_setjmp3
__RTDynamicCast
_set_se_translator
__std_exception_copy
__CxxFrameHandler3
memcpy
__CxxLongjmpUnwind
memset
__std_type_info_name
strrchr
memmove
__std_exception_destroy
_purecall
strchr

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-time-l1-1-0

clock
_gmtime64
_localtime64
_time64
strftime
_difftime64

api-ms-win-crt-convert-l1-1-0

strtol
atoi
atof
strtoll
strtof
mbstowcs
strtoul

api-ms-win-crt-runtime-l1-1-0

terminate
_invalid_parameter_noinfo_noreturn
strerror_s
abort
exit
_beginthreadex
_getpid
strerror
_invalid_parameter_noinfo
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
__sys_nerr
_controlfp_s
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit

api-ms-win-crt-string-l1-1-0

iswprint
isxdigit
isdigit
isprint
strncpy
strpbrk
isalnum
_stricmp
strncat
isspace
strncmp
toupper
tolower
isupper
islower
isgraph
isalpha
_strdup

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
floor
_except1
_libm_sse2_sqrt_precise
__setusermatherr
modf
_libm_sse2_cos_precise
ceil
remainder
remainderf
fminf
fmaxf
fmin
roundf
_CIatan2
_CIfmod
_dtest
_libm_sse2_acos_precise
_libm_sse2_pow_precise

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
_fileno
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vswprintf
fwrite
fgetc
fclose
__stdio_common_vsprintf
_read
fputs
puts
rewind
fflush
fputc
feof
fopen
_get_osfhandle
_fseeki64
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vfprintf
_lseeki64
_open
_close
_write
fgets
__stdio_common_vsprintf_p
fread
__stdio_common_vsnprintf_s
fseek
ferror
ftell
__stdio_common_vsscanf
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
realloc
_free_base
_malloc_base
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_stat64
rename
_unlock_file
_lock_file
_access
remove
_fstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

winmm

mmioRead
mmioGetInfo
mmioDescend
mmioAscend
mmioOpenW
mmioSetInfo
mmioSeek
mmioAdvance
mmioClose

wininet

InternetGetConnectedState

shlwapi

PathFindFileNameW
PathRemoveExtensionW

discord_game_sdk

DiscordCreate

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy
_mbspbrk
_mbschr

wldap32

ord211
ord60
ord45
ord46
ord143
ord35
ord50
ord41
ord22
ord26
ord27
ord32
ord301
ord200
ord79
ord30
ord33

crypt32

CertFreeCertificateContext

Sections

.text
Size: 22.6MB - Virtual size: 22.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 572KB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40b0346985eb61e22e0b34281431e6f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

version

comctl32

steam_api

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

dbghelp

ws2_32

mswsock

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

winmm

wininet

shlwapi

discord_game_sdk

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

wldap32

crypt32

Sections

.text Size: 22.6MB - Virtual size: 22.6MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 572KB - Virtual size: 6.8MB

.gfids Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 345B

.rsrc Size: 421KB - Virtual size: 420KB

.reloc Size: 3.8MB - Virtual size: 3.8MB

.bind Size: 166KB - Virtual size: 166KB

.text
Size: 22.6MB - Virtual size: 22.6MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 572KB - Virtual size: 6.8MB

.gfids
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 345B

.rsrc
Size: 421KB - Virtual size: 420KB

.reloc
Size: 3.8MB - Virtual size: 3.8MB

.bind
Size: 166KB - Virtual size: 166KB