MRON REBIRTH AIO 4[.]0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MRON REBIRTH AIO 4.0.zip
Size

238.0MB
MD5

6b565cc8832b9d40401cd5cb339af579
SHA1

6ea2405f40b1057fca6f193c6ba35e99aac466b7
SHA256

b5d324e0527b5516511e3ac8243d68b7eb253e56a9ca869c02a62874297ab6f5
SHA512

be5b96446e079f672e1ae78530ebf1445d3eaf8331d05ed1fae7740d8bd7c3ff020278237d9f2a07d3b8fee3c4d3253ff9e83bbfef12013e2e74bd46062e8675
SSDEEP

6291456:Mw6BBfWTw2m8iy9so5SJb6A3V6RHdeisze/MxAfIABnMzt:MprWTqisFJWhDwe/WWKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AIO [EXTRACT]/noclip.dll
unpack001/AIO [EXTRACT]/noclip.exe

Files

MRON REBIRTH AIO 4.0.zip
.zip

Password: mron
AIO [EXTRACT]/noclip.dll
.dll windows:6 windows x64 arch:x64

Password: mron

3be5343a97b717725c449ab86b2e2cd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
CreateEventA
Sleep
WaitForMultipleObjects
OpenProcess
GetModuleHandleA
K32GetModuleFileNameExA
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
VirtualQuery
GetCommandLineA
TerminateProcess
FreeLibrary
GetModuleFileNameW
GetCurrentProcessId
HeapFree
ReadProcessMemory
WriteProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
DeleteFileW
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapReAlloc
HeapAlloc
CloseHandle
GetLastError
VirtualProtectEx
DecodePointer
RtlPcToFileHeader
RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
HeapCreate
Thread32Next
Thread32First
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
OpenThread
GetSystemInfo
OutputDebugStringW
RtlUnwindEx
InterlockedFlushSList
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
ExitProcess
RtlUnwind

user32

UnregisterClassA
GetWindowThreadProcessId
EnumWindows
MessageBoxA
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongPtrW
MessageBoxW
GetForegroundWindow
GetSystemMetrics
GetAsyncKeyState

shell32

SHGetFolderPathA

d3d12

D3D12SerializeRootSignature

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Exports

Exports

?present_hk@@YAJPEAUIDXGISwapChain3@@II@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 337KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AIO [EXTRACT]/noclip.exe
.exe windows:6 windows x64 arch:x64

Password: mron

0fcef12eca80e81af729eb5ec00308f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
CreateFileW
CloseHandle
ReadFile
Process32First
VirtualFree
GetCurrentProcess
WriteFile
VirtualAlloc
LoadLibraryExA
CreateToolhelp32Snapshot
Sleep
GetLastError
LoadLibraryA
DeleteFileW
Process32Next
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
GetFileSize
FreeLibrary
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
RtlUnwind

user32

SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
PostThreadMessageA
GetWindowThreadProcessId
GetClassNameA

shell32

ShellExecuteW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlImageNtHeader

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
INFO + INSTALLATION.txt
Script (3.2a)/INFO + INSTALLATION.txt
Script (3.2a)/Shortcut (scripts location).lnk
.lnk
Script (3.2a)/scripts/script.gscbin
To game folder/ModernWarfare.exe
.exe windows:6 windows x64 arch:x64

Password: mron

506b464f3eb28b1686a63ad97e9f53e4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:bb:7d:2d:97:53:e6:0e:74:bf:67:84:76:c0:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30-11-2022 00:00

Not After

10-01-2025 23:59

Subject

SERIALNUMBER=2256184,CN=Activision Publishing Inc,OU=Activision Publishing Inc,O=Activision Publishing Inc,L=SANTA MONICA,ST=CALIFORNIA,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:f7:36:52:d6:79:9d:2e:88:f9:93:d7:a5:e8:39:29:87:ff:1c:27:8e:03:0c:ed:42:2e:13:30:7f:35:23:24
Signer

Actual PE Digest

d9:f7:36:52:d6:79:9d:2e:88:f9:93:d7:a5:e8:39:29:87:ff:1c:27:8e:03:0c:ed:42:2e:13:30:7f:35:23:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\iw8\game\pc_dx12\game_steam_ship.pdb

Imports

steam_api64

SteamInternal_GameServer_Init
SteamInternal_ContextInit
SteamGameServer_Shutdown
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateGameServerInterface
SteamGameServer_GetHSteamUser
SteamAPI_RunCallbacks
SteamAPI_RestartAppIfNecessary
SteamGameServer_RunCallbacks
SteamInternal_FindOrCreateUserInterface
SteamAPI_GetHSteamUser

bink2w64

BinkSetSpeakerVolumes
BinkGetKeyFrame
BinkControlBackgroundIO
BinkStartAsyncThread
BinkGoto
BinkPause
BinkShouldSkip
BinkWait
BinkNextFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkDoFrameAsyncMulti
BinkOpen
BinkClose
BinkDoFrameAsyncWait
BinkGetSummary
BinkGetGPUDataBuffersInfo
BinkGetError
BinkSetError
BinkSetOSFileCallbacks
BinkUtilMalloc
BinkUtilFree
BinkRegisterGPUDataBuffers
BinkGetRealtime
BinkSetMemory
BinkSetSoundSystem
BinkSetIOSize
BinkSetSoundTrack

oo2core_7_win64

OodleLZ_Decompress
OodleCore_Plugins_SetAllocators
OodleLZDecoder_MemorySizeNeeded
OodleCore_Plugins_SetAssertion
OodleCore_Plugins_SetPrintf
OodleLZ_GetCompressedBufferSizeNeeded

imm32

ImmIsIME
ImmGetContext
ImmGetIMEFileNameA
ImmAssociateContextEx
ImmGetVirtualKey
ImmNotifyIME
ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW

hid

HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetSerialNumberString
HidD_GetHidGuid
HidD_GetAttributes
HidP_GetValueCaps
HidP_GetCaps
HidD_GetPreparsedData

anselsdk64

?isAnselAvailable@ansel@@YA_NXZ
?updateCamera@ansel@@YAXAEAUCamera@1@@Z
?setConfiguration@ansel@@YA?AW4SetConfigurationStatus@1@AEBUConfiguration@1@@Z

gfesdk

NVGSDK_Highlights_GetNumberOfHighlightsAsync
NVGSDK_Highlights_OpenSummaryAsync
NVGSDK_Highlights_SetVideoHighlightAsync
NVGSDK_Highlights_SetScreenshotHighlightAsync
NVGSDK_Highlights_CloseGroupAsync
NVGSDK_Highlights_OpenGroupAsync
NVGSDK_Highlights_ConfigureAsync
NVGSDK_Create
NVGSDK_Release
NVGSDK_Poll
NVGSDK_RequestPermissionsAsync

amd_ags_x64

agsDeInit
agsInit
agsCheckDriverVersion
agsDriverExtensionsDX12_DestroyDevice
agsDriverExtensionsDX12_CreateDevice

iphlpapi

GetAdaptersAddresses

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

discord_game_sdk

DiscordCreate

winmm

timeGetTime
timeGetDevCaps
timeBeginPeriod
waveOutGetDevCapsW
waveInGetDevCapsW
mixerGetLineInfoW
mixerGetID
mixerGetLineControlsW
mixerGetControlDetailsW
timeEndPeriod

dxgi

CreateDXGIFactory
CreateDXGIFactory1

xinput9_1_0

XInputSetState
XInputGetState
XInputGetCapabilities

powrprof

CallNtPowerInformation

shlwapi

PathRelativePathToW
StrRChrW
PathIsRelativeW

kernel32

HeapReAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
SetStdHandle
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
RtlUnwind
GetTimeFormatW
CompareStringW
RtlPcToFileHeader
GetCPInfo
LCMapStringW
WaitForMultipleObjectsEx
CreateEventExA
VirtualProtect
OutputDebugStringA
GetProcAddress
VirtualAlloc
VirtualFree
GetModuleHandleA
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetFileSizeEx
ReadFile
ReadFileEx
SetFilePointerEx
CloseHandle
GetLastError
GetOverlappedResult
SleepEx
CreateEventA
LocalFree
FormatMessageA
TlsGetValue
WriteFile
WaitForSingleObject
RtlCaptureStackBackTrace
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateProcessW
OpenProcess
GlobalMemoryStatusEx
GetSystemTime
GetVersionExA
GetModuleFileNameA
GetModuleHandleExA
MultiByteToWideChar
WideCharToMultiByte
K32GetModuleBaseNameW
K32GetModuleInformation
K32GetProcessMemoryInfo
K32GetPerformanceInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
GetEnvironmentVariableA
RaiseException
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
GetSystemTimeAsFileTime
GetModuleFileNameW
Thread32First
Thread32Next
CreateFileA
VirtualQuery
DeleteFileA
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetSystemInfo
CreateDirectoryW
GetFileAttributesW
GetComputerNameA
GetTickCount
VerSetConditionMask
TryAcquireSRWLockExclusive
Sleep
VerifyVersionInfoW
FreeLibrary
LoadLibraryExA
IsValidLocale
LoadLibraryA
SetLastError
CompareFileTime
FindFirstFileExW
EnumSystemLocalesW
GetFileTime
MoveFileExW
WaitForMultipleObjects
WaitForSingleObjectEx
SetPriorityClass
GetUserDefaultLocaleName
GetLogicalProcessorInformation
GetProcessAffinityMask
SetThreadAffinityMask
DuplicateHandle
SetEvent
ResetEvent
CreateThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
GetCommandLineA
GlobalAlloc
GlobalSize
GlobalUnlock
GetDateFormatW
GetFileAttributesExA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
ReleaseMutex
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
SleepConditionVariableCS
LoadLibraryW
CompareStringA
GetLocaleInfoA
IsDBCSLeadByteEx
MoveFileExA
GetCurrentDirectoryW
CreateFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetTempFileNameW
GetTempPathW
MoveFileW
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GlobalMemoryStatus
SetErrorMode
DeviceIoControl
GetModuleHandleW
GetExitCodeProcess
GetUserDefaultLCID
Module32First
Module32Next
SystemTimeToFileTime
CreateDirectoryA
FindFirstFileA
FindNextFileA
MoveFileA
TlsSetValue
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentDirectoryA
SetThreadExecutionState
GetFullPathNameW
OutputDebugStringW
GetSystemDirectoryW
LoadLibraryExW
LocalAlloc
lstrcmpA
FileTimeToSystemTime
GetStdHandle
AllocConsole
WriteConsoleA
SetConsoleTitleA
GetConsoleWindow
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
TerminateThread
TlsAlloc
TlsFree
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
SetFileAttributesW
CancelIo
QueueUserAPC
CopyFileW
ReadDirectoryChangesW
SetHandleInformation
GetSystemDirectoryA
GetModuleHandleExW
SwitchToThread
ExitThread
lstrcmpW
GetTickCount64
SetCriticalSectionSpinCount
GetTimeZoneInformation
GetLocaleInfoW
GetUserDefaultUILanguage
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumeInformationW
GetVolumePathNameW
FormatMessageW
IsDebuggerPresent
GetThreadId
CreateSemaphoreA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
CreateEventW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
HeapSize
GetOEMCP
VerifyVersionInfoA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CreatePipe
GetACP
IsValidCodePage
SetEnvironmentVariableW
GlobalLock
GetFileSize
SleepConditionVariableSRW
GetUserDefaultLangID
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

user32

DefWindowProcA
wsprintfA
LoadStringW
SetCapture
WaitMessage
PeekMessageW
GetForegroundWindow
FillRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer
LoadStringA
MapVirtualKeyA
ToUnicode
GetKeyNameTextW
CharUpperBuffW
GetCaretBlinkTime
CreateWindowExW
GetKeyState
GetFocus
CharNextW
PostMessageA
SendMessageW
TranslateMessage
SetCursorPos
RegisterClassExW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
SetWindowLongA
GetWindowLongA
ReleaseDC
GetDC
SetForegroundWindow
GetRawInputDeviceInfoA
GetMonitorInfoA
MonitorFromWindow
MonitorFromRect
AdjustWindowRectEx
SendMessageTimeoutA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowPlacement
GetWindowPlacement
ShowWindow
SendMessageA
LoadImageA
DestroyIcon
LoadCursorA
SetCursor
ShowCursor
MessageBoxW
GetSystemMetrics
wsprintfW
GetClientRect
RegisterClassW
GetDoubleClickTime
SetFocus
ClientToScreen
LoadIconA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SystemParametersInfoA
GetRawInputBuffer
RegisterRawInputDevices
GetWindowThreadProcessId
ReleaseCapture
GetActiveWindow
GetCursorPos
GetMonitorInfoW
EnumDisplayDevicesW
ScreenToClient
PtInRect
EnumDisplaySettingsA
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
EnumDisplayMonitors
IsWindow
GetKeyboardLayout
DestroyWindow
ClipCursor
GetMessageW
DispatchMessageW
MessageBoxA
GetAsyncKeyState
DefWindowProcW

gdi32

SelectObject
CreateCompatibleDC
CreateDCW
GetDeviceCaps
CreateSolidBrush
BitBlt
GetObjectA
DeleteDC
SetDeviceGammaRamp

advapi32

CryptEncrypt
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptAcquireContextA
CryptGenRandom
RegCreateKeyExA
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
RegQueryValueExW
RegOpenKeyExW
RegGetValueA
RegSetValueExA
RegQueryInfoKeyA
RegFlushKey
RegDeleteKeyA
CryptImportKey
CryptDestroyKey
RegEnumKeyExA

shell32

Shell_NotifyIconA
SHGetKnownFolderPath
ShellExecuteA

ole32

CoInitializeEx
CoCreateInstance
OleRun
PropVariantClear
CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantChangeType
SysStringLen
VariantInit
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayGetDim

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtReadFile

ws2_32

WSACleanup
getsockopt
getpeername
WSAEnumNetworkEvents
inet_addr
ioctlsocket
htons
recvfrom
sendto
WSACreateEvent
WSACloseEvent
WSAIoctl
inet_ntop
inet_pton
WSAStringToAddressA
WSAAddressToStringA
WSASocketW
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
send
select
recv
listen
inet_ntoa
htonl
getsockname
accept
__WSAFDIsSet
gethostname
ntohl
bind
ntohs
freeaddrinfo
getaddrinfo
WSASocketA
WSASend
WSARecv
setsockopt
connect
closesocket
WSAEventSelect
WSAGetLastError
WSAStartup
gethostbyname
socket

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiDeleteDeviceInterfaceData
SetupDiOpenDeviceInterfaceW
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_IDW
CM_Get_Child
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpReadData
WinHttpSendRequest

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertNameToStrA
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

rpcrt4

UuidFromStringA
RpcStringFreeA
UuidToStringA
UuidCreate

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptDecrypt
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptCreateHash
BCryptEncrypt

Exports

Exports

NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_EvaluateFeature_C
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NvOptimusEnablement
__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 113.8MB - Virtual size: 113.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61.9MB - Virtual size: 290.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 125.0MB - Virtual size: 125.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
To game folder/bootstrap.data.bin
To game folder/installscript_2000950.vdf

Sharing

General

Malware Config

Signatures

Files

Password: mron

Password: mron

3be5343a97b717725c449ab86b2e2cd5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

d3d12

imm32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 793KB - Virtual size: 792KB

.data Size: 337KB - Virtual size: 663KB

.pdata Size: 112KB - Virtual size: 111KB

.msvcjmc Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 9KB - Virtual size: 8KB

Password: mron

0fcef12eca80e81af729eb5ec00308f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ntdll

Sections

.text Size: 199KB - Virtual size: 198KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 274KB - Virtual size: 280KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

Password: mron

506b464f3eb28b1686a63ad97e9f53e4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:b1:bb:7d:2d:97:53:e6:0e:74:bf:67:84:76:c0:71Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d9:f7:36:52:d6:79:9d:2e:88:f9:93:d7:a5:e8:39:29:87:ff:1c:27:8e:03:0c:ed:42:2e:13:30:7f:35:23:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api64

bink2w64

oo2core_7_win64

imm32

hid

anselsdk64

gfesdk

amd_ags_x64

iphlpapi

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 793KB - Virtual size: 792KB

.data
Size: 337KB - Virtual size: 663KB

.pdata
Size: 112KB - Virtual size: 111KB

.msvcjmc
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 274KB - Virtual size: 280KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:b1:bb:7d:2d:97:53:e6:0e:74:bf:67:84:76:c0:71
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d9:f7:36:52:d6:79:9d:2e:88:f9:93:d7:a5:e8:39:29:87:ff:1c:27:8e:03:0c:ed:42:2e:13:30:7f:35:23:24
Signer

.text
Size: 113.8MB - Virtual size: 113.8MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 61.9MB - Virtual size: 290.9MB

.pdata
Size: 1.3MB - Virtual size: 1.3MB

_RDATA
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 256KB - Virtual size: 256KB

.idata
Size: 24KB - Virtual size: 24KB

.text
Size: 125.0MB - Virtual size: 125.0MB