sandbox[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sandbox.exe
Size

26.6MB
MD5

93a447a49536352bbf4b1a7c06465c97
SHA1

57b6be51cea0066bf9340dae05839a05ca97ef3e
SHA256

5f6b871fd55bcc194c357404e76937e5c86323e7aea7e54706c79bf9ee8fee58
SHA512

869868a5c414c4be781aa9c9952bb206bc03c5c0b74f63ea31efd9ecace4737c3c122a70503402f4d08f518af270db29038e3242d476012b663a208caeb3cfb0
SSDEEP

393216:CFlzlvbVSL5lMYjeo2OQTD8zL1DkdzZL9+eJT4MjMKRbp27vH7:CFlhvseYjeo2OeDhdzZL9RJT4M4KFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sandbox.exe

Files

sandbox.exe
.exe windows:5 windows x86 arch:x86

73e0255c40a8f8a908b19d3fe8f7a03e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

steam_api

SteamAPI_WriteMiniDump
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_GetHSteamUser
SteamAPI_RunCallbacks

kernel32

SleepConditionVariableCS
LockResource
FreeLibrary
GetProcAddress
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
Sleep
LoadResource
FindClose
CloseHandle
CreateSemaphoreA
OutputDebugStringA
FindResourceA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
GetFileAttributesExA
DeleteFileA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileA
GetLocaleInfoA
SetUnhandledExceptionFilter
VerSetConditionMask
GetLastError
FormatMessageW
LoadLibraryA
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetThreadExecutionState
GetModuleHandleW
WakeAllConditionVariable
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
HeapSize
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
WriteFile
GetModuleFileNameA
GetStartupInfoW
GetProcessHeap
AreFileApisANSI
ExitProcess
GetCurrentThreadId
SetLastError
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
RtlUnwind
RaiseException
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
ReadFile
GetLocaleInfoW
HeapReAlloc
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineA
InitializeConditionVariable
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
SetStdHandle
CreateFileW
SetEndOfFile

user32

GetClassLongW
LoadCursorW
DestroyIcon
LoadImageW
CreateIconIndirect
MonitorFromWindow
GetRawInputData
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputDeviceList
ScreenToClient
SetWindowLongW
ClipCursor
GetCursorPos
SetCursor
SetCursorPos
MessageBoxA
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClientToScreen
WindowFromPoint
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
RegisterClassExW
UnregisterClassW
DefWindowProcW
SendMessageW
GetMessageTime
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
GetDC
SystemParametersInfoW
MapVirtualKeyW
ToUnicode
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterDeviceNotification
RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW
TranslateMessage
GetActiveWindow

gdi32

CreateDCW
GetDeviceCaps
SetDeviceGammaRamp
CreateBitmap
CreateRectRgn
DeleteObject
CreateDIBSection
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
DeleteDC

shell32

DragFinish
DragQueryPoint
DragQueryFileW
ShellExecuteA
DragAcceptFiles

Sections

.text
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 38.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73e0255c40a8f8a908b19d3fe8f7a03e

Headers

DLL Characteristics

File Characteristics

Imports

steam_api

kernel32

user32

gdi32

shell32

Sections

.text Size: 606KB - Virtual size: 606KB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 21KB - Virtual size: 38.7MB

.rsrc Size: 25.7MB - Virtual size: 25.7MB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 606KB - Virtual size: 606KB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 21KB - Virtual size: 38.7MB

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

.reloc
Size: 42KB - Virtual size: 41KB