h2m-mod[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

h2m-mod.exe
Size

7.2MB
MD5

8f27c733486dc0f2325384d779041c24
SHA1

c380ee264a977aece44e7d0934e0154156170a2e
SHA256

9a961df9be3826b2c77e46193454af385add6adb581d4848f7319b2da9a3e33e
SHA512

24b0d41a07d3f432d9da8d1ee6c6a999a8eb48e327e71a16354f53ff083bb8af61d593ab95d27f8a5b2c6534e00fa3fe124cbc4ea40250e289a9ae48400dff18
SSDEEP

98304:yjtYW8rlXVeFGxGD3u4k9sNzJm9+bBX3AtlGGoJXiir7BzN1BNN1BPak+:kYW8ZleFGwa4k9+zJm0GoJxaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
h2m-mod.exe

Files

h2m-mod.exe
.exe windows:6 windows x64 arch:x64

a8d4fdf34c62d07e7e3509ec206a4169

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\cod\Cod Clients\h2m-mod\build\bin\x64\Release\h2m-mod.pdb

Imports

crypt32

CertGetCertificateChain
CryptDecodeObjectEx
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine
CryptProtectData
CryptQueryObject

kernel32

DecodePointer
DeleteCriticalSection
GetTickCount64
GetLastError
RtlUnwind
LoadLibraryW
GetEnvironmentVariableW
K32GetModuleFileNameExW
HeapDestroy
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLargePageMinimum
InitializeCriticalSectionEx
OutputDebugStringA
GetCurrentThread
GetThreadContext
SetThreadContext
AddVectoredExceptionHandler
GetProcAddress
GetVolumeInformationA
LocalFree
GetCommandLineA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleCursorPosition
GetConsoleCursorInfo
WriteConsoleW
DeleteFileW
VerSetConditionMask
InitializeCriticalSection
VerifyVersionInfoW
VirtualProtect
CreateProcessA
SetThreadExecutionState
VirtualAlloc
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcessHeap
FreeEnvironmentStringsW
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleA
CloseHandle
CreateFileA
SetUnhandledExceptionFilter
GetVersionExA
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
SetEvent
CreateEventA
SetConsoleTitleA
ReadConsoleInputA
GetConsoleWindow
SetConsoleTextAttribute
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
SetEndOfFile
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
SetEnvironmentVariableW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SleepEx
MoveFileExA
GetCurrentProcessId
ReadFile
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
GetFileSizeEx
WriteFile
CreateFileW
WaitNamedPipeW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetSystemInfo
SetConsoleCursorInfo
VirtualFree
FlushInstructionCache
SizeofResource
FindResourceA
GetCurrentDirectoryA
LockResource
LoadResource
GlobalLock
GlobalUnlock
MoveFileA
DeleteFileA
GetSystemFirmwareTable
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadId
OpenThread
SetFilePointer
GetTempPathA
GetTempFileNameA
FlushFileBuffers
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
RaiseException
TryAcquireSRWLockExclusive
CreateDirectoryW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
FormatMessageA
GetLocaleInfoEx
GetExitCodeThread
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
IsProcessorFeaturePresent
EncodePointer
GetSystemTimeAsFileTime
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwindEx
VirtualQuery

user32

SystemParametersInfoA
IsWindow
LoadIconA
LoadImageA
MessageBoxA
ShowCursor
DestroyWindow
UnregisterClassA
DefWindowProcA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
SendMessageA
GetWindowRect
AdjustWindowRect
SetWindowPos
SetWindowRgn
UpdateWindow
OpenClipboard
CloseClipboard
GetClipboardData
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
ShowWindow
DestroyIcon

gdi32

DeleteObject
CreateRoundRectRgn

advapi32

CryptAcquireContextW
CryptGenRandom
RegCreateKeyExW
RegSetValueExW
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
GetUserNameA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
GetCurrentHwProfileA
RegQueryValueExA

shell32

SHGetKnownFolderPath
ShellExecuteA
CommandLineToArgvW

ntdll

RtlPcToFileHeader
NtQueryObject

ws2_32

getsockname
getpeername
connect
getaddrinfo
closesocket
send
WSASetLastError
recv
gethostname
sendto
gethostbyname
htonl
recvfrom
__WSAFDIsSet
select
ioctlsocket
ntohs
socket
setsockopt
bind
htons
WSAStartup
WSACleanup
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSAIoctl
listen
accept
freeaddrinfo

bcrypt

BCryptGenRandom

dbghelp

MiniDumpWriteDump

ole32

CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
PropVariantClear

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamGameServer
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8d4fdf34c62d07e7e3509ec206a4169

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ntdll

ws2_32

bcrypt

dbghelp

ole32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 220KB - Virtual size: 6.6MB

.pdata Size: 88KB - Virtual size: 88KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 220KB - Virtual size: 6.6MB

.pdata
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB