Static task
static1
Behavioral task
behavioral1
Sample
DS_SteamLauncher.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
DS_SteamLauncher.exe
Resource
win10v2004-20240802-en
General
-
Target
DS_SteamLauncher.exe
-
Size
28.1MB
-
MD5
00dd5d6f1f4421f338c92a0a91e11cd5
-
SHA1
eb7fb5b2c27d2b70a3d5b3205a4a0e57ff16ca9f
-
SHA256
6dbc77f4031d85d0b0a7be97eea1520b28e9ff98cb4217a392e7302e2d9cb24b
-
SHA512
004da3a3725778c38e9c1d1e302902ad69947ff62405db3dea21c8fbfd1447f7a4722c0b3e394dfe6569f80409858f91536e374325a16628f574414d9a03bbe1
-
SSDEEP
393216:WtwdxW3mFeSmixmrQADDOT7NHMngL0lss8A0Jr3avzyWgX5pA3UbWQH+oDEA7qpZ:EQfFNmKmrQ4SXro61E1gXQ3UbTHVD1qL
Malware Config
Signatures
Files
-
DS_SteamLauncher.exe.exe windows:6 windows x64 arch:x64
ad3f05e38774568f36decd7cfd6c2cd6
Code Sign
1e:4d:98:64:b1:11:7c:6e:b7:10:cf:d3:c3:4a:2e:feCertificate
IssuerCN=DENUVO.STORENot Before08-07-2023 01:38Not After31-12-2039 23:59SubjectCN=DENUVO.STORE7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate
IssuerCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate
IssuerCN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GBNot Before15-01-2024 00:00Not After14-04-2035 23:59SubjectCN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before22-03-2021 00:00Not After18-01-2038 23:59SubjectCN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d6:22:e5:18:76:b2:fe:66:f3:96:71:6c:f4:99:37:0e:cb:0b:79:a1:3e:ec:37:45:b6:dc:66:1f:4a:18:a3:50:4e:f3:58:3a:37:c4:2c:8a:3a:12:02:0b:52:69:56:0a:db:b9:f6:3a:e3:0e:a8:64:48:d2:9d:af:62:1d:08:d9Signer
Actual PE Digestd6:22:e5:18:76:b2:fe:66:f3:96:71:6c:f4:99:37:0e:cb:0b:79:a1:3e:ec:37:45:b6:dc:66:1f:4a:18:a3:50:4e:f3:58:3a:37:c4:2c:8a:3a:12:02:0b:52:69:56:0a:db:b9:f6:3a:e3:0e:a8:64:48:d2:9d:af:62:1d:08:d9Digest Algorithmsha512PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
ReadFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
keybd_event
gdi32
GetDeviceCaps
advapi32
RegSetValueExW
shell32
SHGetFolderPathW
ole32
CoSetProxyBlanket
oleaut32
VariantClear
msvcp140
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
msvcp140_codecvt_ids
?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A
wininet
InternetOpenUrlA
uxtheme
DrawThemeParentBackground
gdiplus
GdiplusStartup
shlwapi
ord12
winmm
PlaySoundW
wintrust
WinVerifyTrust
crypt32
PFXImportCertStore
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
api-ms-win-crt-stdio-l1-1-0
fputc
api-ms-win-crt-filesystem-l1-1-0
remove
api-ms-win-crt-string-l1-1-0
strncat
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-time-l1-1-0
_mktime64
api-ms-win-crt-utility-l1-1-0
rand
Exports
Exports
?Decrypt@@YAKV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
Sections
.text Size: - Virtual size: 303KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data0 Size: - Virtual size: 27.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data1 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data2 Size: 27.6MB - Virtual size: 27.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 485KB - Virtual size: 484KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ