GamingRepairTool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GamingRepairTool.exe
Size

677KB
MD5

0d1698c5d46ebbddc399df5db6b0a2ee
SHA1

92c2965be03db4b35deb134d144af9fea61eae33
SHA256

a65137ce1ff69d912cac00da94b8eea4ad2c8a7e8f703d37a66ab8d45f9115cd
SHA512

c75cbeaa64b9edb097a4ba9fa81d7ebb7ae755ba2289ea2539b127a3943a3d620b8acac3125bf4becaf1302aa43acb800e853c8d47ea6c88b3724b1fa8d531a5
SSDEEP

12288:xoMEOBwnDWmRDgeryo87m7r3ZQC7rE8ywm:xjEOBqhJk7m7ZvE8ywm

Score

1^/10

Malware Config

Signatures

Files

GamingRepairTool.exe
.exe windows:10 windows x64 arch:x64

099cd3666b74333ab8564ca053ec4a59

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:3e:bc:a9:59:db:a0:48:9e:2f:2a:92:eb:94:e6:0a:ff:ef:5c:48:a8:45:e0:56:83:72:ba:75:cb:63:e6:9b
Signer

Actual PE Digest

75:3e:bc:a9:59:db:a0:48:9e:2f:2a:92:eb:94:e6:0a:ff:ef:5c:48:a8:45:e0:56:83:72:ba:75:cb:63:e6:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GamingRepairTool.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_beginthreadex
_seh_filter_exe
_set_app_type
_configure_wide_argv
terminate
abort
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_errno
_c_exit
_cexit
__p___wargv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment

api-ms-win-crt-stdio-l1-1-0

getchar
__stdio_common_vswprintf
_fseeki64
_set_fmode
__p__commode
fsetpos
__stdio_common_vsprintf
__stdio_common_vsprintf_s
ungetc
setvbuf
_setmode
_fileno
__acrt_iob_func
fgetpos
fwrite
fgetwc
fgetc
__stdio_common_vswscanf
__stdio_common_vswprintf_s
ungetwc
fflush
fclose
fputwc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsnicmp
wcsnlen
_stricmp
strncmp
__strncnt
islower
strcpy_s
wcscpy_s
strcmp
strcspn
_wcsicmp
_wcsdup
isupper
tolower
isspace

ntdll

DbgPrintEx
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
NtQueryMutant
RtlGetVersion
NtQueryInformationProcess

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
LoadStringW
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ResetEvent
CreateMutexExW
SetWaitableTimer
OpenSemaphoreW
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventExW
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
SetEvent
AcquireSRWLockShared
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ResumeThread
OpenThreadToken
CreateThread
GetCurrentProcessId
GetCurrentThread
CreateProcessW
CreateProcessA
CreateProcessAsUserW
OpenProcessToken
GetExitCodeThread
GetCurrentProcess
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetLocaleInfoEx
FormatMessageW
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsSetValue
FlsFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

newdev

DiUninstallDevice

setupapi

SetupDiCreateDeviceInfoList
SetupGetInfInformationA
SetupQueryInfVersionInformationA
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_locale_name_func
___lc_codepage_func
__pctype_func
setlocale
___lc_collate_cp_func
___mb_cur_max_func
_configthreadlocale
_lock_locales
_unlock_locales

api-ms-win-crt-heap-l1-1-0

calloc
_realloc_base
_set_new_mode
_callnewh
_calloc_base
_malloc_base
_free_base
malloc
free

api-ms-win-crt-convert-l1-1-0

strtof
strtod

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

frexp
_dclass
_ldclass

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getdays
_Strftime
_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_W_Getmonths

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteTreeW
RegCreateKeyExW
RegGetValueW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegEnumValueW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindClose
SetFileTime
GetFileTime
ReadFile
FindFirstFileW
FindNextFileW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
CreateFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
K32GetModuleFileNameExW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoTaskMemFree

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AdjustTokenPrivileges
ImpersonateLoggedOnUser
GetTokenInformation
RevertToSelf

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetCommandLineW
GetStdHandle

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
ControlServiceExW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW
QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099cd3666b74333ab8564ca053ec4a59

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

75:3e:bc:a9:59:db:a0:48:9e:2f:2a:92:eb:94:e6:0a:ff:ef:5c:48:a8:45:e0:56:83:72:ba:75:cb:63:e6:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-util-l1-1-0

newdev

setupapi

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-registry-l2-1-0

Sections

.text Size: 356KB - Virtual size: 353KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 8KB - Virtual size: 11KB

.pdata Size: 16KB - Virtual size: 13KB

.didat Size: 4KB - Virtual size: 152B

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

75:3e:bc:a9:59:db:a0:48:9e:2f:2a:92:eb:94:e6:0a:ff:ef:5c:48:a8:45:e0:56:83:72:ba:75:cb:63:e6:9b
Signer

.text
Size: 356KB - Virtual size: 353KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 152B

.rsrc
Size: 124KB - Virtual size: 122KB

.reloc
Size: 4KB - Virtual size: 2KB