60124810b14dbf155ea9c5a25217d0d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60124810b14dbf155ea9c5a25217d0d4_JaffaCakes118
Size

5.9MB
MD5

60124810b14dbf155ea9c5a25217d0d4
SHA1

8f10f912791b45230df4c87ad676c44e92a0ab6e
SHA256

eb3db117dbd350ebfe2236a70f18ef4809457245baf2660ec2742badc5ed38d2
SHA512

d32630627d29cdfcd236ed589d85d1b502c0b96d76465fe0d749d30fdf147d24382a84ddd8d2de5be46f91f850e661a4e806bd818abf9eab1f192baed0cf37e1
SSDEEP

98304:DVATHpkBOXUoqVyVojZQGU1bVGXlQYRO7tD4mH3uXPIxWAezoUiksSiho2YsJCFT:JATWWqZxGbVMU7tD4s3uXgwdMjS72FJs

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/KillProc.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
60124810b14dbf155ea9c5a25217d0d4_JaffaCakes118
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProc.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/bin/Steam.dll
unpack001/bin/steamclient.dll
unpack001/left4dead2.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

60124810b14dbf155ea9c5a25217d0d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProc.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FindProcesses
KillProcesses

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Name_Lang.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/loader.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
.ps1
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/spltmp.bmp
bin/Steam.dll
.dll windows:5 windows x86 arch:x86

6d0f100b57111b65a5c81b1db6e157a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\dejan\Documents\Visual Studio 2010\Projects\RevCrew\RevEmu\Release\Steam.pdb

Imports

user32

MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

CommandLineToArgvW

kernel32

CompareStringW
DeleteFileA
CreateFileW
GetProcessHeap
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThread
FlushInstructionCache
GetLastError
VirtualAlloc
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
SetLastError
GetPrivateProfileStringA
GetLocalTime
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetCommandLineW
GetModuleHandleW
OpenProcess
GetVolumeInformationA
Sleep
ReadProcessMemory
CreateProcessA
CreateDirectoryA
SetFileAttributesA
SetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryA
CloseHandle
CreateFileA
GetSystemTime
GetSystemDirectoryA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
FindClose
GetDriveTypeW
GetFullPathNameA
HeapReAlloc
GetDriveTypeA
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
HeapDestroy
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
SetFilePointer
ReadFile
HeapSize
GetCurrentDirectoryW
GetFileAttributesA
GetFileInformationByHandle
PeekNamedPipe
SetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeW
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile

Exports

Exports

?SteamForgetAllHints@@YAHPBDPAUTSteamError@@@Z
?SteamGetCacheFilePath@@YAHXZ
?SteamNumAppsRunning@@YAHXZ
?SteamPauseCachePreloading@@YAHPBDPAUTSteamError@@@Z
?SteamResumeCachePreloading@@YAHPBDPAUTSteamError@@@Z
CreateInterface
InternalSteamNumClientsConnectedToEngine
InternalSteamShouldShutdownEngine2
SteamAbortCall
SteamAbortOngoingUserIDTicketValidation
SteamAckSubscriptionReceipt
SteamBlockingCall
SteamChangeAccountName
SteamChangeEmailAddress
SteamChangeForgottenPassword
SteamChangeOfflineStatus
SteamChangePassword
SteamChangePersonalQA
SteamCheckAppOwnership
SteamCleanup
SteamClearError
SteamCloseFile
SteamCreateAccount
SteamCreateCachePreloaders
SteamCreateLogContext
SteamDecryptDataForThisMachine
SteamDeleteAccount
SteamEncryptDataForThisMachine
SteamEnumerateApp
SteamEnumerateAppDependency
SteamEnumerateAppIcon
SteamEnumerateAppLaunchOption
SteamEnumerateAppVersion
SteamEnumerateSubscription
SteamEnumerateSubscriptionDiscount
SteamEnumerateSubscriptionDiscountQualifier
SteamFindApp
SteamFindClose
SteamFindFirst
SteamFindNext
SteamFindServersGetErrorString
SteamFindServersIterateServer
SteamFindServersNumServers
SteamFlushCache
SteamFlushFile
SteamForgetAllHints
SteamGenerateSuggestedAccountNames
SteamGetAccountStatus
SteamGetAppCacheSize
SteamGetAppDependencies
SteamGetAppDir
SteamGetAppIds
SteamGetAppPurchaseCountry
SteamGetAppStats
SteamGetAppUpdateStats
SteamGetAppUserDefinedInfo
SteamGetAppUserDefinedRecord
SteamGetCacheDecryptionKey
SteamGetCacheDefaultDirectory
SteamGetCacheFilePath
SteamGetContentServerInfo
SteamGetCurrentEmailAddress
SteamGetEncryptedNewValveCDKey
SteamGetEncryptedUserIDTicket
SteamGetEncryptionKeyToSendToNewClient
SteamGetLocalClientVersion
SteamGetLocalFileCopy
SteamGetNumAccountsWithEmailAddress
SteamGetOfflineStatus
SteamGetSponsorUrl
SteamGetSubscriptionExtendedInfo
SteamGetSubscriptionIds
SteamGetSubscriptionPurchaseCountry
SteamGetSubscriptionReceipt
SteamGetSubscriptionStats
SteamGetTotalUpdateStats
SteamGetUser
SteamGetUserType
SteamGetVersion
SteamGetc
SteamHintResourceNeed
SteamInitializeUserIDTicketValidator
SteamInsertAppDependency
SteamIsAccountNameInUse
SteamIsAppSubscribed
SteamIsCacheLoadingEnabled
SteamIsFileImmediatelyAvailable
SteamIsFileNeededByCache
SteamIsLoggedIn
SteamIsSecureComputer
SteamIsSubscribed
SteamLaunchApp
SteamLoadCacheFromDir
SteamLoadFileToCache
SteamLog
SteamLogResourceLoadFinished
SteamLogResourceLoadStarted
SteamLogin
SteamLogout
SteamMountAppFilesystem
SteamMountFilesystem
SteamMoveApp
SteamNumAppsRunning
SteamOpenFile
SteamOpenFileEx
SteamOpenTmpFile
SteamOptionalCleanUpAfterClientHasDisconnected
SteamPauseCachePreloading
SteamPrintFile
SteamProcessCall
SteamProcessOngoingUserIDTicketValidation
SteamPutc
SteamReadFile
SteamRefreshAccountInfo
SteamRefreshAccountInfoEx
SteamRefreshLogin
SteamRefreshMinimumFootprintFiles
SteamRemoveAppDependency
SteamRepairOrDecryptCaches
SteamRequestAccountsByCdKeyEmail
SteamRequestAccountsByEmailAddressEmail
SteamRequestEmailAddressVerificationEmail
SteamRequestForgottenPasswordEmail
SteamResumeCachePreloading
SteamSeekFile
SteamSetAppCacheSize
SteamSetAppVersion
SteamSetCacheDefaultDirectory
SteamSetMaxStallCount
SteamSetNotificationCallback
SteamSetUser
SteamSetvBuf
SteamShutdownEngine
SteamShutdownUserIDTicketValidator
SteamSizeFile
SteamStartEngine
SteamStartLoadingCache
SteamStartValidatingNewValveCDKey
SteamStartValidatingUserIDTicket
SteamStartup
SteamStat
SteamStopLoadingCache
SteamSubscribe
SteamTellFile
SteamUninstall
SteamUnmountAppFilesystem
SteamUnmountFilesystem
SteamUnsubscribe
SteamUpdateAccountBillingInfo
SteamUpdateSubscriptionBillingInfo
SteamVerifyEmailAddress
SteamVerifyPassword
SteamWaitForAppReadyToLaunch
SteamWaitForResources
SteamWasBlobRegistryDeleted
SteamWeakVerifyNewValveCDKey
SteamWriteFile
SteamWriteMiniDumpFromAssert
SteamWriteMiniDumpSetComment
SteamWriteMiniDumpUsingExceptionInfo
SteamWriteMiniDumpUsingExceptionInfoWithBuildId
Steam_GetAppId
_f

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/Steam.exe
.exe windows:4 windows x86 arch:x86

499c8fc4a4848d44613405857a348011

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:b3:89:4a:03:b2:17:a6:0a:6b:98:22:d8:b5:de:26:cc:7d:07:77
Signer

Actual PE Digest

dc:b3:89:4a:03:b2:17:a6:0a:6b:98:22:d8:b5:de:26:cc:7d:07:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\BootStrapper\VC80_Release_Static\Bootstrapper.pdb

Imports

ws2_32

bind
select
__WSAFDIsSet
WSACleanup
WSAStartup
closesocket
socket
gethostname
recvfrom
sendto
getsockname
setsockopt
WSASetLastError
shutdown
WSARecv
WSASend
inet_addr
gethostbyname
htons
htonl
ioctlsocket
send
connect
recv
WSAGetLastError

kernel32

LocalFree
GetVersionExA
GetSystemInfo
SetThreadPriority
SetUnhandledExceptionFilter
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GlobalAlloc
lstrcmpA
GlobalLock
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
FreeResource
GlobalFree
GlobalUnlock
MulDiv
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
LocalAlloc
FileTimeToSystemTime
WriteFile
FlushFileBuffers
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA
ExitThread
CreateThread
GetDriveTypeA
VirtualAlloc
GetStartupInfoA
RtlUnwind
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
IsValidCodePage
SetEnvironmentVariableW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetCurrentThread
SetEndOfFile
SetFilePointer
ReadFile
GetFileSize
CreateMutexA
SetFileAttributesA
GetLongPathNameA
CopyFileA
CreateDirectoryA
DeleteFileA
GetTempFileNameA
TerminateThread
ResumeThread
FormatMessageA
InterlockedIncrement
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetACP
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
FlushViewOfFile
CreateFileA
GetCurrentThreadId
GetTempPathA
GetCurrentProcess
RaiseException
GetModuleFileNameA
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
RemoveDirectoryA
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
SetEvent
OpenEventA
GetExitCodeThread
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GetModuleFileNameW
GetCommandLineA
InterlockedDecrement
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetSystemTime
CreateProcessA
MoveFileA
Sleep
WaitForMultipleObjects
CreateEventA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetThreadLocale
CreateFileW

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
UnregisterClassA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
GetSysColor
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
ReleaseDC
GetDC
CopyRect
IsWindow
SetForegroundWindow
ShowWindow
EnableWindow
SendMessageA
GetDesktopWindow
KillTimer
SendMessageW
DrawIcon
GetSystemMetrics
MoveWindow
SetWindowTextA
IsDialogMessageA
IsIconic
SetTimer
LoadImageA
DrawTextW
OffsetRect
InflateRect
GetClientRect
MessageBoxW
MessageBoxA
RegisterWindowMessageA
PostMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
SetCursor

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
CreateCompatibleDC
GetStockObject
ExtTextOutA
GetDeviceCaps
TextOutA
RectVisible
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateSolidBrush
BitBlt
GetObjectA
PtVisible

advapi32

RegQueryValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteA

oleaut32

VariantInit
VariantChangeType
VariantClear

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shlwapi

PathFindExtensionA
PathFindFileNameA
SHDeleteKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

Win32MiniDumpInit

Sections

.text
Size: 832KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/steam_org.dll
.dll windows:4 windows x86 arch:x86

8c4efb4f6df55d42f81d0fdf8485918a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/11/2009, 00:00

Not After

23/11/2012, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:82:c8:56:8a:4c:a3:29:51:45:3e:38:6b:22:9c:c0:c4:1c:19:48
Signer

Actual PE Digest

ba:82:c8:56:8a:4c:a3:29:51:45:3e:38:6b:22:9c:c0:c4:1c:19:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\Engine\VC80_Release_Static\SteamEngine.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

inet_addr
gethostname
sendto
recvfrom
bind
__WSAFDIsSet
shutdown
socket
ntohs
recv
send
WSACleanup
WSAStartup
gethostbyname
ioctlsocket
WSAGetOverlappedResult
connect
WSARecv
WSAGetLastError
WSASend
WSASocketA
setsockopt
htons
getsockname
closesocket
htonl
WSASetLastError
select

shlwapi

PathCanonicalizeA
SHDeleteKeyA

kernel32

TlsGetValue
GetStdHandle
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
CreateEventA
SetEvent
WaitForSingleObject
ReleaseMutex
CreateMutexA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreA
CreateFileA
SetFilePointerEx
SetEndOfFile
TerminateThread
SetThreadPriority
ResetEvent
GetCurrentProcessId
OpenEventA
SetLastError
GetCurrentThreadId
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
MoveFileA
GetTempFileNameA
DeleteFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateProcessA
CreateNamedPipeA
WaitNamedPipeA
PeekNamedPipe
WriteFile
TlsAlloc
DisconnectNamedPipe
ReadFile
OpenProcess
GetExitCodeProcess
OpenThread
GetExitCodeThread
GetTickCount
FlushViewOfFile
GetFullPathNameA
FormatMessageA
ResumeThread
WaitForMultipleObjectsEx
CreateDirectoryA
CopyFileA
RemoveDirectoryA
FindFirstFileA
FindClose
FindNextFileA
GetModuleFileNameA
GetLongPathNameA
GetCurrentDirectoryA
GetFileAttributesExA
CopyFileExA
GetDiskFreeSpaceExA
MoveFileExA
GetFileAttributesA
SetFileAttributesA
GetFileSize
CreateFileMappingA
GetLocaleInfoW
UnmapViewOfFile
SetFilePointer
GetCurrentProcess
GetVersionExA
GetSystemInfo
WideCharToMultiByte
RaiseException
EnumResourceNamesA
GetTempPathA
SetUnhandledExceptionFilter
InterlockedExchange
GetSystemTime
LCMapStringW
LCMapStringA
RtlUnwind
GetProcessHeap
GetCommandLineA
GetTimeZoneInformation
GetConsoleMode
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
CreateFileW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
FlushFileBuffers
MapViewOfFile
GetConsoleCP
CreateThread
MultiByteToWideChar
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
ExitThread

user32

MessageBoxA

advapi32

CryptAcquireContextA
CryptReleaseContext
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptGenRandom

shell32

ShellExecuteA

Exports

Exports

CreateInterface
InternalSteamNumClientsConnectedToEngine
InternalSteamShouldShutdownEngine2
SteamAbortCall
SteamAbortOngoingUserIDTicketValidation
SteamAckSubscriptionReceipt
SteamBlockingCall
SteamChangeAccountName
SteamChangeEmailAddress
SteamChangeForgottenPassword
SteamChangeOfflineStatus
SteamChangePassword
SteamChangePersonalQA
SteamCheckAppOwnership
SteamCleanup
SteamClearError
SteamCloseFile
SteamCreateAccount
SteamCreateCachePreloaders
SteamCreateLogContext
SteamDecryptDataForThisMachine
SteamDefragCaches
SteamDeleteAccount
SteamEncryptDataForThisMachine
SteamEnumerateApp
SteamEnumerateAppDependency
SteamEnumerateAppIcon
SteamEnumerateAppLaunchOption
SteamEnumerateAppVersion
SteamEnumerateSubscription
SteamEnumerateSubscriptionDiscount
SteamEnumerateSubscriptionDiscountQualifier
SteamFindApp
SteamFindClose
SteamFindFirst
SteamFindFirst64
SteamFindNext
SteamFindNext64
SteamFindServersGetErrorString
SteamFindServersIterateServer
SteamFindServersNumServers
SteamFlushCache
SteamFlushFile
SteamForceCellId
SteamForgetAllHints
SteamGenerateSuggestedAccountNames
SteamGetAccountStatus
SteamGetAppCacheSize
SteamGetAppDLCStatus
SteamGetAppDependencies
SteamGetAppDir
SteamGetAppIds
SteamGetAppPurchaseCountry
SteamGetAppStats
SteamGetAppUpdateStats
SteamGetAppUserDefinedInfo
SteamGetAppUserDefinedRecord
SteamGetCacheDecryptionKey
SteamGetCacheDefaultDirectory
SteamGetCacheFilePath
SteamGetCachePercentFragmentation
SteamGetContentServerInfo
SteamGetCurrentEmailAddress
SteamGetEncryptedNewValveCDKey
SteamGetEncryptedUserIDTicket
SteamGetEncryptionKeyToSendToNewClient
SteamGetLocalClientVersion
SteamGetLocalFileCopy
SteamGetNumAccountsWithEmailAddress
SteamGetOfflineStatus
SteamGetSponsorUrl
SteamGetSubscriptionExtendedInfo
SteamGetSubscriptionIds
SteamGetSubscriptionPurchaseCountry
SteamGetSubscriptionReceipt
SteamGetSubscriptionStats
SteamGetTotalUpdateStats
SteamGetUser
SteamGetUserType
SteamGetVersion
SteamGetc
SteamHintResourceNeed
SteamInitializeUserIDTicketValidator
SteamInsertAppDependency
SteamIsAccountNameInUse
SteamIsAppSubscribed
SteamIsCacheLoadingEnabled
SteamIsFileImmediatelyAvailable
SteamIsFileNeededByApp
SteamIsFileNeededByCache
SteamIsLoggedIn
SteamIsSecureComputer
SteamIsSubscribed
SteamIsUsingSdkContentServer
SteamLaunchApp
SteamLoadCacheFromDir
SteamLoadFileToApp
SteamLoadFileToCache
SteamLog
SteamLogResourceLoadFinished
SteamLogResourceLoadStarted
SteamLogin
SteamLogout
SteamMiniDumpInit
SteamMountAppFilesystem
SteamMountFilesystem
SteamMoveApp
SteamNumAppsRunning
SteamOpenFile
SteamOpenFile64
SteamOpenFileEx
SteamOpenTmpFile
SteamOptionalCleanUpAfterClientHasDisconnected
SteamPauseCachePreloading
SteamPrintFile
SteamProcessCall
SteamProcessOngoingUserIDTicketValidation
SteamPutc
SteamReadFile
SteamRefreshAccountInfo
SteamRefreshAccountInfo2
SteamRefreshAccountInfoEx
SteamRefreshLogin
SteamRefreshMinimumFootprintFiles
SteamRemoveAppDependency
SteamRepairOrDecryptCaches
SteamRequestAccountsByCdKeyEmail
SteamRequestAccountsByEmailAddressEmail
SteamRequestEmailAddressVerificationEmail
SteamRequestForgottenPasswordEmail
SteamResumeCachePreloading
SteamSeekFile
SteamSeekFile64
SteamSetAppCacheSize
SteamSetAppVersion
SteamSetCacheDefaultDirectory
SteamSetMaxStallCount
SteamSetNotificationCallback
SteamSetUser
SteamSetvBuf
SteamShutdownEngine
SteamShutdownUserIDTicketValidator
SteamSizeFile
SteamSizeFile64
SteamStartEngine
SteamStartLoadingCache
SteamStartValidatingNewValveCDKey
SteamStartValidatingUserIDTicket
SteamStartup
SteamStat
SteamStat64
SteamStopLoadingCache
SteamSubscribe
SteamTellFile
SteamTellFile64
SteamUninstall
SteamUnmountAppFilesystem
SteamUnmountFilesystem
SteamUnsubscribe
SteamUpdateAccountBillingInfo
SteamUpdateSubscriptionBillingInfo
SteamVerifyEmailAddress
SteamVerifyPassword
SteamWaitForAppReadyToLaunch
SteamWaitForAppResources
SteamWaitForResources
SteamWasBlobRegistryDeleted
SteamWeakVerifyNewValveCDKey
SteamWriteFile
SteamWriteMiniDumpFromAssert
SteamWriteMiniDumpSetComment
SteamWriteMiniDumpUsingExceptionInfo
SteamWriteMiniDumpUsingExceptionInfoWithBuildId
SteamWriteMiniDumpWithAppID
Win32MiniDumpInit
_f

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/steamclient.dll
.dll windows:5 windows x86 arch:x86

c80f6d879659b77d08b340282de7b010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\steamclient_2009_23_04_2010\RevEmu\RevEmu 9\steamclient_2009\Release Logging\steamclient.pdb

Imports

shlwapi

StrStrIA

ws2_32

ioctlsocket
WSAGetLastError
setsockopt
WSAStartup
recvfrom
inet_addr
htons
sendto
recv
bind
socket
closesocket
send
htonl
select

psapi

EnumProcesses
GetProcessImageFileNameW

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
GetTickCount
GetEnvironmentStringsW
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetEnvironmentVariableW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExA
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
GetPrivateProfileStringW
CreateEventW
CloseHandle
CreateFileW
SetEvent
Sleep
GetMailslotInfo
ReadFile
CreateMailslotW
CreateThread
WriteFile
ResetEvent
OpenProcess
CreateDirectoryW
TryEnterCriticalSection
CreateDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
TerminateThread
ExitThread
GetExitCodeThread
GetCurrentThreadId
CreateFileA
LoadLibraryW
VirtualProtect
GetVolumeInformationA
WriteConsoleA
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
FlushFileBuffers
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
LoadLibraryA

user32

wsprintfW
MessageBoxW
MessageBoxA

Exports

Exports

CreateInterface
Rev_Steam_BGetCallback
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
left4dead2.exe
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 47KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rev.ini

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 135KB - Virtual size: 135KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 436B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 33KB - Virtual size: 33KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 101B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 135KB - Virtual size: 135KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 33KB - Virtual size: 33KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 101B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 68KB - Virtual size: 77KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 22KB - Virtual size: 21KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7b:f6:32:6f:70:cb:ec:34:0b:f2:d1:86:8f:e6:5b:1e
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

dc:b3:89:4a:03:b2:17:a6:0a:6b:98:22:d8:b5:de:26:cc:7d:07:77
Signer