Static task
static1
General
-
Target
steamshim.exe
-
Size
48KB
-
MD5
597f402e2f44f6faff97b5c3e9e9130f
-
SHA1
d1a9615dee24603955c4da0637b9dca03c61e8fa
-
SHA256
0e837d43de3455dd735b3e57a1fb883abac3f53e5aa8fc01538c02e9356298cb
-
SHA512
57f366e7960db206be016f2ffe40c1452fd1a642b7d71b11e4e0356c5eb26288fcbfe5a428b5ec34e7fe691eadaac4bf721eaf6813fb2aa767c0c2e0043e3128
-
SSDEEP
384:ImLX+BYsGG4c4y/kiTayMBQyqmDuxtYSJRMpwy9x5VmQBky4EeggfxKc9RJZ8Zoi:ImTCNTayQ5oY8sw6x5VxnePKKP2o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource steamshim.exe
Files
-
steamshim.exe.exe windows:6 windows x64 arch:x64
3f15767ee234a5d5387c554c8310951d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
steam_api64
SteamAPI_GetHSteamUser
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_RunCallbacks
kernel32
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCommandLineW
SetEnvironmentVariableA
ReadFile
WriteFile
CloseHandle
CreatePipe
ExitProcess
CreateProcessW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
user32
wsprintfW
MessageBoxA
vcruntime140
__current_exception
__current_exception_context
_CxxThrowException
__std_exception_destroy
memmove
memcpy
_purecall
__std_exception_copy
memset
__C_specific_handler
api-ms-win-crt-string-l1-1-0
_wcsdup
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
malloc
_callnewh
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
__p__commode
_set_fmode
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_exit
exit
_set_app_type
_seh_filter_exe
_initterm_e
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 876B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ