SteamFix64[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SteamFix64.dll
Size

1.2MB
MD5

c21f161363b7a1c9a4cda780e99f1dcd
SHA1

5b6f4e4b8fe321c70e5037e381dabc633e6f18de
SHA256

b543786376bd7a1ff82d17b9e766cc5f42f40e8c2f3eebe4923d75c8ec74c518
SHA512

1762877e2312526b210d9935388b4b3badd88e2e48dd715681256d3a15b9c9d6c4c896c115c4bcb2ad3ad89bb3dc811f0fcfb5ae0871432cf9650c7e64a7ad9c
SSDEEP

24576:ywlFrCW6vkYe4ipRQ+vCjLl/GPYdZdi7Yvf80eQi+j8u:ywlFrLYOfQ+vELl/GPYdZ6af80eQi+n

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamFix64.dll

Files

SteamFix64.dll
.dll windows:6 windows x64 arch:x64

4d1697267574a7c247a6fe2b52227030

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxA

advapi32

RegSetValueExA

msvcp140

_Query_perf_frequency

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate

api-ms-win-crt-stdio-l1-1-0

fflush

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-string-l1-1-0

strncpy_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DRM
FreeTP_Org

Sections

.text
Size: - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d1697267574a7c247a6fe2b52227030

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 511KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: - Virtual size: 18KB

.pdata Size: - Virtual size: 17KB

.vmp0 Size: - Virtual size: 279KB

.vmp1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1021B

.text
Size: - Virtual size: 511KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: - Virtual size: 18KB

.pdata
Size: - Virtual size: 17KB

.vmp0
Size: - Virtual size: 279KB

.vmp1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1021B