ae07578840e270016f0848cea3af0bac44484bd302c5816d5ee1ab505e4735d4

Sharing

Copy URL Twitter E-mail

General

Target

ae07578840e270016f0848cea3af0bac44484bd302c5816d5ee1ab505e4735d4
Size

7.4MB
MD5

afcf9112428b9ea2f84093774808dfc6
SHA1

d828bf389135d7d5731a4e7dc947912b682df0ef
SHA256

ae07578840e270016f0848cea3af0bac44484bd302c5816d5ee1ab505e4735d4
SHA512

981219ee9777900460f21d4316d2b495b3e2c98921f3bd8249494e51526b9f407a8e88b12c82e3a794a666e2068b258ffd9a5387bf33dd5947d4d4b076d5ee37
SSDEEP

98304:KYAq4O7mUVuQhnU4LJodQ4N17HpdMS3iRljjZT9AN8WusZ4GHHkZ7oVL6Keh0:KY+NOU4y/17LMRjN2N8HsmGnXVL6/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae07578840e270016f0848cea3af0bac44484bd302c5816d5ee1ab505e4735d4

Files

ae07578840e270016f0848cea3af0bac44484bd302c5816d5ee1ab505e4735d4
.exe windows:6 windows x64 arch:x64

4bb714359494a846f7cbb661668ddd72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Forts\build_34\forts\code\client\Release\Forts.pdb

Imports

steam_api64

SteamAPI_RunCallbacks
SteamGameServer_GetHSteamUser
SteamInternal_FindOrCreateGameServerInterface
SteamInternal_CreateInterface
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamGameServer_RunCallbacks
SteamInternal_GameServer_Init
SteamGameServer_Shutdown
SteamAPI_Shutdown
SteamInternal_FindOrCreateUserInterface
SteamAPI_Init
SteamAPI_GetHSteamUser
SteamInternal_ContextInit

dbghelp

MiniDumpWriteDump

shlwapi

PathIsDirectoryA
PathIsDirectoryW

ws2_32

htons
getsockopt
getsockname
inet_addr
sendto
ntohs
listen
accept
freeaddrinfo
WSAStartup
WSACleanup
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
recvfrom
connect
getpeername
WSAGetLastError
inet_ntoa
gethostbyname
getaddrinfo
WSAIoctl
ioctlsocket
htonl
ntohl
setsockopt
gethostname

fmod

?lock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@IIPEAPEAX0PEAI1@Z
?isRecording@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEA_N@Z
?getRecordPosition@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAI@Z
?createDSP@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_DSP_DESCRIPTION@@PEAPEAVDSP@2@@Z
?getSoftwareFormat@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAHPEAW4FMOD_SPEAKERMODE@@0@Z
?unlock@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX0II@Z
?removeDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVDSP@2@@Z
?setCallback@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@P6A?AW43@PEAUFMOD_CHANNELCONTROL@@W4FMOD_CHANNELCONTROL_TYPE@@W4FMOD_CHANNELCONTROL_CALLBACK_TYPE@@PEAX3@Z@Z
?getMasterChannelGroup@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@2@@Z
?createStream@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?set3DSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@MMM@Z
?getAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?setAdvancedSettings@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_ADVANCEDSETTINGS@@@Z
?setSoftwareChannels@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?setDriver@System@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?getDriverInfo@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEADHPEAUFMOD_GUID@@PEAHPEAW4FMOD_SPEAKERMODE@@2@Z
?getNumDrivers@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?setUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAX@Z
?addDSP@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAVDSP@2@@Z
?setOutput@System@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getChannelsPlaying@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH0@Z
?getUserData@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAX@Z
?getPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?getCurrentSound@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAPEAVSound@2@@Z
?getLength@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAII@Z
?set3DListenerAttributes@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_VECTOR@@000@Z
?setMode@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@I@Z
?createSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAUFMOD_CREATESOUNDEXINFO@@PEAPEAVSound@2@@Z
?set3DMinMaxDistance@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@MM@Z
?release@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QEAA?AW4FMOD_RESULT@@PEAVSound@2@PEAVChannelGroup@2@_NPEAPEAVChannel@2@@Z
?setVolume@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?setPriority@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@H@Z
?set3DAttributes@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_VECTOR@@0@Z
?setPaused@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?getIndex@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@PEAH@Z
?getChannel@System@FMOD@@QEAA?AW4FMOD_RESULT@@HPEAPEAVChannel@2@@Z
?setPosition@Channel@FMOD@@QEAA?AW4FMOD_RESULT@@II@Z
?setVolumeRamp@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?set3DCustomRolloff@Sound@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_VECTOR@@H@Z
?stop@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?isPlaying@ChannelControl@FMOD@@QEAA?AW4FMOD_RESULT@@PEA_N@Z

fmodstudio

?update@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setListenerAttributes@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HPEBUFMOD_3D_ATTRIBUTES@@PEBUFMOD_VECTOR@@@Z
?getEvent@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVEventDescription@23@@Z
?isOneshot@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEA_N@Z
?loadSampleData@EventDescription@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?createInstance@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVEventInstance@23@@Z
?set3DAttributes@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBUFMOD_3D_ATTRIBUTES@@@Z
?start@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?release@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setParameterByName@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDM_N@Z
?setPaused@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@_N@Z
?setVolume@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?stop@EventInstance@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@W4FMOD_STUDIO_STOP_MODE@@@Z
?getID@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAUFMOD_GUID@@@Z
?getLength@EventDescription@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAH@Z
?create@System@Studio@FMOD@@SA?AW4FMOD_RESULT@@PEAPEAV123@I@Z
?setAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?getAdvancedSettings@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEAUFMOD_STUDIO_ADVANCEDSETTINGS@@@Z
?initialize@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@HIIPEAX@Z
?release@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?flushCommands@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getCoreSystem@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAV13@@Z
?unload@Bank@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?getChannelGroup@Bus@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAPEAVChannelGroup@3@@Z
?unlockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?lockChannelGroup@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@XZ
?setVolume@Bus@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@M@Z
?getPlaybackState@EventInstance@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEAW4FMOD_STUDIO_PLAYBACK_STATE@@@Z
?loadBankMemory@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDHW4FMOD_STUDIO_LOAD_MEMORY_MODE@@IPEAPEAVBank@23@@Z
?loadBankFile@System@Studio@FMOD@@QEAA?AW4FMOD_RESULT@@PEBDIPEAPEAVBank@23@@Z
?getParameterByName@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAM1@Z
?getBus@System@Studio@FMOD@@QEBA?AW4FMOD_RESULT@@PEBDPEAPEAVBus@23@@Z

devil

ilBindImage
ilDeleteImage
ilEnable
ilGenImage
ilGetError
ilLoadL
ilGetInteger
ilOriginFunc
ilInit
ilSave
ilSetInteger
ilConvertImage
ilGetData
ilGetKeptDXTCData
ilTexImage

ilu

iluFlipImage
iluInit
iluScale
iluGetImageInfo
iluErrorString
iluGetInteger

ilut

ilutRenderer
ilutGLBindTexImage
ilutEnable
ilutDisable
ilutGetInteger
ilutGLTexImage
ilutGLBindMipmaps
ilutGLScreen
ilutGLBuildMipmaps
ilutInit

advapi32

CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetUserNameA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

crypt32

CertFreeCertificateContext

wldap32

ord200
ord301
ord79
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord30

normaliz

IdnToAscii

kernel32

GetFileAttributesExW
lstrcmpA
GetTempPathW
GetEnvironmentVariableA
ExpandEnvironmentStringsA
DuplicateHandle
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
RtlUnwind
SleepEx
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
SetStdHandle
LoadLibraryW
AcquireSRWLockShared
ReleaseSRWLockShared
CreateProcessW
CreatePipe
SetHandleInformation
CreateSemaphoreA
ReleaseSemaphore
FlushFileBuffers
GetTimeZoneInformation
MoveFileExW
HeapReAlloc
CreateDirectoryW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
ReadFile
HeapAlloc
HeapFree
GetModuleFileNameW
WriteFile
SetEndOfFile
VerSetConditionMask
GetStdHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateFileW
CreateFileA
DeleteFileA
GetFileSizeEx
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetLastError
GlobalUnlock
GlobalLock
lstrlenW
MoveFileA
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
GetLocalTime
CreateEventA
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetProcessHeap
HeapSetInformation
SetThreadAffinityMask
GetCurrentThread
Module32First
Module32Next
RemoveDirectoryA
GetModuleHandleA
SetEvent
Sleep
GlobalMemoryStatusEx
GetModuleHandleW
GetProcAddress
OutputDebugStringA
WaitForSingleObject
SetThreadPriority
GetDateFormatA
GetTimeFormatA
CompareFileTime
GetShortPathNameW
TerminateThread
ResetEvent
GetSystemInfo
WaitForMultipleObjects
GetExitCodeProcess
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount64
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
RemoveDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess

user32

TranslateMessage
DispatchMessageW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
PeekMessageA
GetMessageA
DispatchMessageA
RegisterClassA
CreateWindowExA
GetWindowLongPtrA
SystemParametersInfoA
ClipCursor
PostQuitMessage
GetClientRect
DefWindowProcW
SetFocus
FlashWindowEx
ShowCursor
GetMonitorInfoA
ReleaseDC
SetWindowTextA
SetWindowPos
CreateWindowExW
AdjustWindowRectEx
RegisterClassExW
LoadIconA
GetMessageW
MessageBoxW
ShowWindow
SetForegroundWindow
FindWindowW
MessageBoxA
DestroyWindow
EnumDisplayMonitors
EnumDisplaySettingsExA
GetWindowRect
GetSystemMetrics
GetDC
EnumDisplaySettingsA
CloseClipboard
OpenClipboard
PeekMessageW
ChangeDisplaySettingsExA
GetClipboardData
GetActiveWindow
SetCursorPos
GetCursorPos
ClientToScreen
ScreenToClient
WindowFromPoint
PtInRect
BringWindowToTop
EnumWindows
GetWindowThreadProcessId
SetProcessDPIAware
SendMessageA
LoadCursorA
GetKeyState

gdi32

SwapBuffers
GetDeviceCaps
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA
SHFileOperationW

opengl32

glGenTextures
glPopClientAttrib
glPushClientAttrib
glPushAttrib
glPopAttrib
glViewport
glVertex3fv
glVertex3f
glVertex2fv
glVertex2f
glTranslatef
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
glTexEnvf
glTexCoord2fv
glTexCoord2f
glShadeModel
glScissor
wglGetCurrentDC
glRotatef
glReadPixels
glReadBuffer
glPushMatrix
glPopMatrix
glPolygonMode
glPixelStorei
glOrtho
glNewList
glMultMatrixf
glMatrixMode
glLoadMatrixf
glLoadIdentity
glLineWidth
glHint
glGetString
glGetIntegerv
glGetFloatv
glGenLists
glFlush
glEndList
glEnd
glEnable
glScalef
glDisable
glDepthFunc
glDeleteTextures
glDeleteLists
glColorMask
glColor4fv
glColor4f
glClearColor
glClear
glCallList
glBlendFunc
glBindTexture
glBegin
glAlphaFunc
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglCreateContext

dinput8

DirectInput8Create

winmm

waveInStop
waveInClose

imm32

ImmAssociateContext
ImmGetContext

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bb714359494a846f7cbb661668ddd72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api64

dbghelp

shlwapi

ws2_32

fmod

fmodstudio

devil

ilu

ilut

advapi32

crypt32

wldap32

normaliz

kernel32

user32

gdi32

shell32

opengl32

dinput8

winmm

imm32

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 91KB - Virtual size: 163KB

.pdata Size: 208KB - Virtual size: 207KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 22KB - Virtual size: 21KB

.bind Size: 195KB - Virtual size: 195KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 91KB - Virtual size: 163KB

.pdata
Size: 208KB - Virtual size: 207KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 22KB - Virtual size: 21KB

.bind
Size: 195KB - Virtual size: 195KB