game_2024[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

game_2024.zip
Size

2.0MB
MD5

7c77a4f104c0d5f3ea91450d39720107
SHA1

b324b8486826ba1073fce3f869b2d4a997bf7c45
SHA256

e9c20fc894aaa64d5b2e4b00ab97194f6e0ceadd79bbc206cb41632567b5894a
SHA512

863760ac65c8857b6e79026e1a7ea7506177fd8465ed8875c390dd71a9907111b5e696e74b9d3417871f366dd095546788d4d070e86eb0f9902023dc95112d2c
SSDEEP

49152:Jf1XJrN8RWlJOc2AEvo8nAxL8TlBhp7lHFeEsj:J9XRF8vnAx4T/DlHFp4

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3d11.dll

Files

game_2024.zip
.zip
d3d11.dll
.dll windows:6 windows x86 arch:x86

ab5bf341afea0ff3af9ea2b31c3b5d5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
bind
connect
getpeername
getsockname
getsockopt
ntohs
recv
setsockopt
socket
WSASetLastError
WSAIoctl
getaddrinfo
freeaddrinfo
gethostname
accept
listen
WSAGetLastError
htons
WSACloseEvent
sendto
recvfrom
WSACleanup
WSAStartup
select
__WSAFDIsSet
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
closesocket

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord143
ord35
ord79
ord30
ord200
ord301

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertGetCertificateChain
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain

bcrypt

BCryptGenRandom

kernel32

MoveFileExA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
CreateFileA
GetSystemTimeAsFileTime
CompareFileTime
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MultiByteToWideChar
Sleep
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
InitializeCriticalSectionEx

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
D3D11CreateDevice
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 827KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
modules/ini
.pdf
- http://037le.com
start.exe
.exe windows:6 windows x86 arch:x86

f751fe9f94037e2b18e48ce35883084b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:50:ed:15:0b:20:20:af:72:ac:c1:68:f2:37:cc:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30-10-2023 00:00

Not After

29-10-2026 23:59

Subject

SERIALNUMBER=HRB 110119,CN=Skutta Software GmbH,O=Skutta Software GmbH,L=Leverkusen,ST=Nordrhein-Westfalen,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c054bc3b66c6e,1.3.6.1.4.1.311.60.2.1.2=#13134e6f7264726865696e2d5765737466616c656e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:1c:0c:54:00:fd:5b:52:df:11:a6:31:19:f1:9c:44:98:94:c5:63:17:f9:10:c6:7b:18:47:cc:dd:76:1a:4b
Signer

Actual PE Digest

69:1c:0c:54:00:fd:5b:52:df:11:a6:31:19:f1:9c:44:98:94:c5:63:17:f9:10:c6:7b:18:47:cc:dd:76:1a:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

launcher.pdb

Imports

kernel32

GetModuleHandleW
LoadLibraryA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FatalAppExitA
LocalAlloc
ExpandEnvironmentStringsW
lstrcmpW
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryW
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
InitializeCriticalSection
SetEndOfFile
HeapSize
GetTimeZoneInformation
SetStdHandle
OutputDebugStringW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetExitCodeProcess
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetFileSizeEx
ReadFile
SetFilePointerEx
HeapAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapFree
WriteConsoleW
CreateProcessW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
SetUnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThreadId
LoadLibraryExW
VirtualQuery
GetLongPathNameW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
TerminateProcess
Process32Next
GetCurrentProcessId
Process32First
FormatMessageW
LocalFree
GetLastError
GetFileType
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetDriveTypeW
TlsFree
TlsSetValue
TlsGetValue
CreateToolhelp32Snapshot
CreateFileW
TlsAlloc
Sleep
WaitForSingleObject
CloseHandle
OpenProcess
MultiByteToWideChar
GetOEMCP
WideCharToMultiByte
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
DeviceIoControl
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
CompareStringEx
GetCPInfo
RtlUnwind
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount

user32

GetClassNameW
EnumWindows
GetWindowThreadProcessId
wsprintfW
IsWindow
FindWindowExW
FindWindowW
EndDialog
MessageBoxW
DestroyIcon
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
LoadImageW
MoveWindow
CreateDialogParamW
DefWindowProcW
LoadBitmapW
PostQuitMessage
ShowWindow
EnableWindow
GetWindowLongW
SetWindowTextW
SetWindowPos
GetSystemMetrics
SetWindowLongW
ScreenToClient
GetWindowRect
SendMessageW
GetClientRect
GetDlgItem
SetDlgItemTextW
DestroyWindow
CreateWindowExW
RegisterClassW
PostMessageW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExW
RegDeleteValueW
QueryServiceConfigW
RegDeleteKeyValueW
RegGetValueW
RegOpenKeyW
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
OpenSCManagerW

d3d11

D3D11CreateDevice

comctl32

ord17

Exports

Exports

NoHotPatch

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab5bf341afea0ff3af9ea2b31c3b5d5f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

advapi32

crypt32

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 80KB - Virtual size: 84KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 827KB - Virtual size: 826KB

f751fe9f94037e2b18e48ce35883084b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:50:ed:15:0b:20:20:af:72:ac:c1:68:f2:37:cc:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

69:1c:0c:54:00:fd:5b:52:df:11:a6:31:19:f1:9c:44:98:94:c5:63:17:f9:10:c6:7b:18:47:cc:dd:76:1a:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

d3d11

comctl32

Exports

Exports

Sections

.text Size: 405KB - Virtual size: 405KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 154KB - Virtual size: 154KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 80KB - Virtual size: 84KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 827KB - Virtual size: 826KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:50:ed:15:0b:20:20:af:72:ac:c1:68:f2:37:cc:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

69:1c:0c:54:00:fd:5b:52:df:11:a6:31:19:f1:9c:44:98:94:c5:63:17:f9:10:c6:7b:18:47:cc:dd:76:1a:4b
Signer

.text
Size: 405KB - Virtual size: 405KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 154KB - Virtual size: 154KB

.reloc
Size: 14KB - Virtual size: 14KB