F:\cod\Cod Clients\h2m-mod\build\bin\x64\Release\h2m-mod.pdb
Static task
static1
1 signatures
General
-
Target
h2m-server-browser-fix.zip
-
Size
2.4MB
-
MD5
e5bad08a3fc3d3a60678cd47493730d3
-
SHA1
1fd7d18d194213b72a5cf46536c123ec87463e7c
-
SHA256
7b30c3f52a604d45c2133093fbbbfa977be7f485699b8dbeef828c5547536c26
-
SHA512
8ecd1b48b71ebb72cd75f711711ecd2f13b14017397c5282a666a4012cc57703749954aa393def0f8ad44a1300edb6e15e78058bd7815594d1ccb5235cbf069d
-
SSDEEP
49152:2G9+Y5p/4uMF9+001Qie/DGBPj0qDMVVKPxxZNIJDCzp2Mx0sB9tlT:2gVpK+6io80qxPPZKh4drlT
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/h2m-mod.exe
Files
-
h2m-server-browser-fix.zip.zip .ps1 polyglot
-
README.txt
-
h2m-mod.exe.exe windows:6 windows x64 arch:x64
a8d4fdf34c62d07e7e3509ec206a4169
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
crypt32
CertGetCertificateChain
CryptDecodeObjectEx
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine
CryptProtectData
CryptQueryObject
kernel32
DecodePointer
DeleteCriticalSection
GetTickCount64
GetLastError
RtlUnwind
LoadLibraryW
GetEnvironmentVariableW
K32GetModuleFileNameExW
HeapDestroy
HeapCreate
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetLargePageMinimum
InitializeCriticalSectionEx
OutputDebugStringA
GetCurrentThread
GetThreadContext
SetThreadContext
AddVectoredExceptionHandler
GetProcAddress
GetVolumeInformationA
LocalFree
GetCommandLineA
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleCursorPosition
GetConsoleCursorInfo
WriteConsoleW
DeleteFileW
VerSetConditionMask
InitializeCriticalSection
VerifyVersionInfoW
VirtualProtect
CreateProcessA
SetThreadExecutionState
VirtualAlloc
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcessHeap
FreeEnvironmentStringsW
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleA
CloseHandle
CreateFileA
SetUnhandledExceptionFilter
GetVersionExA
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
SetEvent
CreateEventA
SetConsoleTitleA
ReadConsoleInputA
GetConsoleWindow
SetConsoleTextAttribute
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapSize
SetEndOfFile
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
SetEnvironmentVariableW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
SetLastError
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SleepEx
MoveFileExA
GetCurrentProcessId
ReadFile
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
GetFileSizeEx
WriteFile
CreateFileW
WaitNamedPipeW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetSystemInfo
SetConsoleCursorInfo
VirtualFree
FlushInstructionCache
SizeofResource
FindResourceA
GetCurrentDirectoryA
LockResource
LoadResource
GlobalLock
GlobalUnlock
MoveFileA
DeleteFileA
GetSystemFirmwareTable
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadId
OpenThread
SetFilePointer
GetTempPathA
GetTempFileNameA
FlushFileBuffers
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
RaiseException
TryAcquireSRWLockExclusive
CreateDirectoryW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
FormatMessageA
GetLocaleInfoEx
GetExitCodeThread
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
IsProcessorFeaturePresent
EncodePointer
GetSystemTimeAsFileTime
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwindEx
VirtualQuery
user32
SystemParametersInfoA
IsWindow
LoadIconA
LoadImageA
MessageBoxA
ShowCursor
DestroyWindow
UnregisterClassA
DefWindowProcA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
SendMessageA
GetWindowRect
AdjustWindowRect
SetWindowPos
SetWindowRgn
UpdateWindow
OpenClipboard
CloseClipboard
GetClipboardData
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
ShowWindow
DestroyIcon
gdi32
DeleteObject
CreateRoundRectRgn
advapi32
CryptAcquireContextW
CryptGenRandom
RegCreateKeyExW
RegSetValueExW
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
GetUserNameA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
GetCurrentHwProfileA
RegQueryValueExA
shell32
SHGetKnownFolderPath
ShellExecuteA
CommandLineToArgvW
ntdll
RtlPcToFileHeader
NtQueryObject
ws2_32
getsockname
getpeername
connect
getaddrinfo
closesocket
send
WSASetLastError
recv
gethostname
sendto
gethostbyname
htonl
recvfrom
__WSAFDIsSet
select
ioctlsocket
ntohs
socket
setsockopt
bind
htons
WSAStartup
WSACleanup
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSAGetLastError
WSAIoctl
listen
accept
freeaddrinfo
bcrypt
BCryptGenRandom
dbghelp
MiniDumpWriteDump
ole32
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
PropVariantClear
Exports
Exports
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamApps
SteamFriends
SteamGameServer
SteamGameServer_Init
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMatchmaking
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 220KB - Virtual size: 6.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ