2ee05da97bc06156b3c602b143f7e35cdd0a2b4ccff3db356ad69daa73a8bdbe

Sharing

Copy URL Twitter E-mail

General

Target

2ee05da97bc06156b3c602b143f7e35cdd0a2b4ccff3db356ad69daa73a8bdbe
Size

3.5MB
MD5

b4255c5c14a4fa0a9e860258ebb5345f
SHA1

5fcf40a873c1a96ae2b864659ee3d7a4113ef9eb
SHA256

2ee05da97bc06156b3c602b143f7e35cdd0a2b4ccff3db356ad69daa73a8bdbe
SHA512

10c81b783049014f0d8fdf07c0336ddf1babf093204cc6639d95553c9ac78484e3118577346dd53afb54176d9c6a7ecc496462206bf6527a6be58185a73d845e
SSDEEP

49152:57aNbl4CvwWAHkwHvB4Ec96+cMCf/TkJ4DZp5/xp:5eNbLifwJ4d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ee05da97bc06156b3c602b143f7e35cdd0a2b4ccff3db356ad69daa73a8bdbe

Files

2ee05da97bc06156b3c602b143f7e35cdd0a2b4ccff3db356ad69daa73a8bdbe
.exe windows:6 windows x86 arch:x86

7d890c788ecf1250753490598957a63d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tool\actx\Steam\actx.pdb

Imports

2drenderdll

?MakeUVLShiftTable@@YAXXZ
?SetPresetDrawMask@@YAXJ@Z
?MakeDrawMaskTable@@YAXXZ
?rs@@3URenderState@@A
?CreateTexture@@YAPAUTexture@@KK@Z
?DeleteTexture@@YAXPAUTexture@@@Z
?ClearTexture@@YAXPAUTexture@@@Z
?CreateDrawCodeSub@@YAKJJJJJJJJJ@Z
?SetBlendModeMulti@@YAXJ@Z
?SetFrameBuffer@@YAPAUTexture@@PAU1@@Z
?AddRefTexture@@YAXPAUTexture@@@Z
?SearchDrawFunc@@YAP6AXXZK@Z
?MakeShaheiRunlengthTbl@@YAXXZ
?MakeDrawFuncTable@@YAXXZ
?SetBlendMode@@YAXJ@Z

dsound

ord11

shlwapi

PathFileExistsA
PathFileExistsW

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTexture

dinput8

DirectInput8Create

steam_api

SteamAPI_RegisterCallback
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamInternal_CreateInterface
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
IsDBCSLeadByte
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteCriticalSection
OutputDebugStringA
CreateMutexA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetPrivateProfileStringW
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemTime
GetExitCodeThread
GetModuleHandleA
CreateDirectoryW
GetFullPathNameA
GetPrivateProfileIntW
CreateFileW
WriteFile
WritePrivateProfileStringW
VerifyVersionInfoA
VerSetConditionMask
GlobalMemoryStatusEx
GetSystemInfo
LCMapStringEx
LCMapStringA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetModuleHandleW
GetCurrentThreadId

user32

CreateWindowExA
GetDC
ReleaseDC
ShowWindow
UpdateWindow
ShowCursor
SendMessageA
GetActiveWindow
GetMenu
GetMenuItemInfoA
SetMenuItemInfoA
GetSubMenu
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
FillRect
EndPaint
PostQuitMessage
GetDoubleClickTime
SetCapture
ReleaseCapture
EndDialog
GetWindowLongA
SetWindowTextA
GetWindowRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IntersectRect
SetRect
GetCursorPos
GetAsyncKeyState
LoadStringW
SetWindowTextW
InflateRect
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
GetClientRect
GetMessageA
SetTimer
LoadAcceleratorsA
LoadStringA
SetWindowLongA
MonitorFromPoint
SetWindowPos
MessageBoxA
GetMonitorInfoA
ScreenToClient

gdi32

GetGlyphIndicesW
CreateFontIndirectW
AddFontMemResourceEx
StretchBlt
SetStretchBltMode
BitBlt
GetGlyphOutlineW
RemoveFontMemResourceEx
GetObjectA
SelectObject
CreateCompatibleDC
GetStockObject
CreateDIBSection
DeleteObject
CreateSolidBrush

shell32

ShellExecuteA
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateGuid

vcruntime140

memmove
_CxxThrowException
memchr
_setjmp3
__current_exception_context
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
strchr
_purecall
strstr
longjmp
memcpy
memset
__current_exception
__std_exception_copy
_except_handler4_common

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-stdio-l1-1-0

_filelength
_close
ftell
fclose
fseek
_wsopen_dispatch
_lseek
_read
__stdio_common_vsscanf
__stdio_common_vsprintf
fopen
fread
__stdio_common_vfprintf
_write
_set_fmode
fwrite
_sopen_dispatch
__acrt_iob_func
__p__commode

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
atol
atof

api-ms-win-crt-string-l1-1-0

strncpy
islower
isxdigit
isalnum
isalpha
wcstok
_strupr
isdigit
strncmp
isupper
strtok
_stricmp
_strrev
_strlwr

api-ms-win-crt-multibyte-l1-1-0

_mbstok
_mbbtype_l
_mbscmp_l
_mbsbtype

api-ms-win-crt-runtime-l1-1-0

exit
_c_exit
_controlfp_s
_initterm
_errno
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_register_thread_local_exe_atexit_callback
_initterm_e
_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_beginthreadex

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
realloc
free
_callnewh
calloc
_set_new_mode
malloc
_aligned_free

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_splitpath
_wmakepath
_makepath
_wsplitpath

api-ms-win-crt-locale-l1-1-0

_create_locale
_configthreadlocale
_free_locale
setlocale

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64_s

api-ms-win-crt-environment-l1-1-0

_wgetcwd
getenv

api-ms-win-crt-math-l1-1-0

floor
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
__setusermatherr
_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_CIfmod
_CIatan2
ldexp
ceil

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 100.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d890c788ecf1250753490598957a63d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

2drenderdll

dsound

shlwapi

d3d9

d3dx9_43

dinput8

steam_api

kernel32

user32

gdi32

shell32

ole32

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 34KB - Virtual size: 100.9MB

.rsrc Size: 204KB - Virtual size: 203KB

.reloc Size: 118KB - Virtual size: 117KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 34KB - Virtual size: 100.9MB

.rsrc
Size: 204KB - Virtual size: 203KB

.reloc
Size: 118KB - Virtual size: 117KB