game[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

game.exe
Size

16.5MB
MD5

402c4181a7ecab8e26cd0ced8b1dc294
SHA1

2cfa20e33c0df22ad5dcc7d578f908c643824bc5
SHA256

88d12d42ba49ac696de1acbb25da12615726e8b6259fc24dd6e7d4d939f89bbc
SHA512

d60e92a16eab8b3a3621d27fea583eb0f60067a63a1661bfa0ccbd5e126cdcfc8a64e2e4bb90f5b2039eae6b4e1a2c6dcc158e4a047f97c04f45b77b3274f4a0
SSDEEP

196608:ZBrjn7WGE3CGK0WoW9AWjXN1IdvrybjyI3wqR5OyAbJlWrPuc5QlextOiVTjq62:ZBf7k3CGKPopOqyiI3HGLEPn5QiVTjb2

Score

1^/10

Malware Config

Signatures

Files

game.exe
.exe windows:5 windows x86 arch:x86

c39411ae89a88952aa2653f789763c64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:dc:63:21:fa:bb:1a:60:64:af:8e:5b:f7:35:00:b5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-06-2017 00:00

Not After

18-07-2018 23:59

Subject

CN=KOEI TECMO GAMES CO.\, LTD.,OU=Business Development Division,O=KOEI TECMO GAMES CO.\, LTD.,L=Yokohama,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:4c:a3:e4:3f:4b:a7:9b:c6:78:d6:9f:3d:c8:97:36:e9:1f:77:38
Signer

Actual PE Digest

21:4c:a3:e4:3f:4b:a7:9b:c6:78:d6:9f:3d:c8:97:36:e9:1f:77:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DOA5Z_dx9\game\output\DX9\Release\game.pdb

Imports

steam_api

SteamUserStats
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump
SteamNetworking
SteamMatchmaking
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamRemoteStorage
SteamFriends
SteamAPI_Init
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamScreenshots
SteamUser
SteamApps
SteamUtils

d3d9

Direct3DCreate9

imagehlp

MakeSureDirectoryPathExists

shlwapi

PathFileExistsA

imm32

ImmDisableIME

d3dx9_43

D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXMatrixInverse
D3DXMatrixRotationAxis
D3DXMatrixMultiply
D3DXQuaternionRotationMatrix
D3DXCreateTextureFromFileInMemoryEx
D3DXGetShaderConstantTable
D3DXPlaneFromPoints
D3DXCreateCubeTextureFromFileInMemoryEx

dinput8

DirectInput8Create

psapi

GetModuleInformation

kernel32

IsValidCodePage
GetStringTypeW
EnumSystemLocalesA
GetLocaleInfoA
IsValidLocale
LCMapStringW
SetHandleCount
GetOEMCP
GetCPInfo
GetFileType
SetLastError
GetCurrentThreadId
CloseHandle
ReadFile
CreateFileA
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
QueryPerformanceCounter
MoveFileA
ReplaceFileA
OutputDebugStringA
GetSystemInfo
IsBadReadPtr
ReadProcessMemory
GetModuleHandleA
GetCurrentProcess
LoadLibraryA
FreeLibrary
LocalFree
FormatMessageA
GetCurrentDirectoryA
GetLastError
ExpandEnvironmentStringsA
DeleteFiber
SwitchToFiber
QueryPerformanceFrequency
ConvertThreadToFiber
CreateFiber
WritePrivateProfileStringA
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
WaitForSingleObject
LoadLibraryW
CreateEventA
GetDriveTypeA
ResetEvent
SetEvent
Sleep
FileTimeToLocalFileTime
GetFileTime
GetFileSizeEx
WriteFile
GetExitCodeThread
FindFirstFileA
FindClose
FindNextFileA
FlushFileBuffers
CreateDirectoryA
GetFileAttributesA
ResumeThread
SetThreadPriority
RaiseException
GetFullPathNameW
GetFullPathNameA
GetDriveTypeW
InterlockedIncrement
InterlockedDecrement
CreateFileW
InterlockedExchange
InterlockedExchangeAdd
PulseEvent
IsProcessorFeaturePresent
CreateEventW
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
InterlockedCompareExchange
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetModuleHandleW
ExitThread
RtlUnwind
DecodePointer
EncodePointer
CreateThread
GetUserDefaultLCID
GetVersionExA
ReleaseMutex
GetModuleFileNameA
GetThreadPriority
GetACP
WideCharToMultiByte
GetProcAddress
VirtualAlloc
SuspendThread
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
SetThreadExecutionState
SetThreadAffinityMask
GetCurrentThread
GetDiskFreeSpaceExA
GetSystemTimeAsFileTime
GetLocalTime
GetSystemTime
SignalObjectAndWait
CreateSemaphoreA
MulDiv
VirtualFree
InitializeCriticalSectionAndSpinCount

user32

PostMessageA
LoadIconA
LoadCursorA
GetClassInfoExA
RegisterClassExA
CreateWindowExA
GetClientRect
GetWindowRect
GetDesktopWindow
SetWindowPos
ShowWindow
UpdateWindow
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
SetCursor
GetWindowLongA
UnregisterDeviceNotification
RegisterDeviceNotificationA
FindWindowA
MessageBoxW
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetQueueStatus
SendMessageA
PostThreadMessageA
CharNextA

gdi32

GetStockObject

shell32

SHGetFolderPathA

ole32

CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeSetEvent
timeKillEvent

ws2_32

htonl
ntohs
ntohl
htons
socket
setsockopt
WSAGetLastError
closesocket
WSACleanup
WSAStartup
ioctlsocket

advapi32

CryptEncrypt
CryptDestroyKey
CryptHashData
CryptDeriveKey
CryptGetHashParam
CryptDecrypt
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash

vcomp100

_vcomp_for_static_init
_vcomp_fork
_vcomp_for_dynamic_next
_vcomp_for_dynamic_init
omp_set_num_threads
omp_get_num_procs
_vcomp_barrier
_vcomp_for_static_end
_vcomp_set_num_threads

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 19.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c39411ae89a88952aa2653f789763c64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:dc:63:21:fa:bb:1a:60:64:af:8e:5b:f7:35:00:b5Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

21:4c:a3:e4:3f:4b:a7:9b:c6:78:d6:9f:3d:c8:97:36:e9:1f:77:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

d3d9

imagehlp

shlwapi

imm32

d3dx9_43

dinput8

psapi

kernel32

user32

gdi32

shell32

ole32

winmm

ws2_32

advapi32

vcomp100

Sections

.text Size: 9.4MB - Virtual size: 9.4MB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 2.4MB - Virtual size: 19.9MB

.rsrc Size: 220KB - Virtual size: 220KB

.reloc Size: 1.0MB - Virtual size: 1.0MB

.bind Size: 132KB - Virtual size: 132KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:dc:63:21:fa:bb:1a:60:64:af:8e:5b:f7:35:00:b5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

21:4c:a3:e4:3f:4b:a7:9b:c6:78:d6:9f:3d:c8:97:36:e9:1f:77:38
Signer

.text
Size: 9.4MB - Virtual size: 9.4MB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 2.4MB - Virtual size: 19.9MB

.rsrc
Size: 220KB - Virtual size: 220KB

.reloc
Size: 1.0MB - Virtual size: 1.0MB

.bind
Size: 132KB - Virtual size: 132KB