OpenLoco-v24[.]08-Win32[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

OpenLoco-v24.08-Win32.zip
Size

19.5MB
MD5

5d400be6d0da06f29e54f258f3216dea
SHA1

98e20cc12003e30e28622e2bf8bf2fd1f0417f91
SHA256

6659a1be2a81e4193cf14de849cefde8b6ee06c291102fe563d860ef86922fb1
SHA512

b395206678261733eb502963dd000a365646d1e97cb6d6cb62e29171449d9ac7f277a5365a6371df0547e98eb52e8359c95d4fd9e4b37c742c1452cf3738df8d
SSDEEP

393216:ig7z1DwrXJtXiyBgpHHMHOVrs4zo5kzwSbNVQWPZbJhAWxD+QPLN+4Cbjnb:5z14XJvBEMwsg9NbgaHBDLLN+4Anb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OpenLoco.exe
unpack001/openloco.dll

Files

OpenLoco-v24.08-Win32.zip
.zip

Password: infected
CHANGELOG.md
CONTRIBUTORS.md
LICENSE
OpenLoco.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 124KB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
data/language/de-DE.yml
data/language/en-GB.yml
data/language/en-US.yml
data/language/es-ES.yml
data/language/fr-FR.yml
data/language/it-IT.yml
data/language/ja-JP.yml
data/language/ko-KR.yml
data/language/nl-NL.yml
data/language/pl-PL.yml
data/language/pt-BR.yml
data/language/ru-RU.yml
data/language/sk-SK.yml
data/language/zh-CN.yml
openloco.dll
.dll windows:6 windows x86 arch:x86

Password: infected

b2e3e9d73f80ea049fb17c72649d038f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\OpenLoco\OpenLoco\build\windows-msvc\Release\openloco.pdb

Imports

winmm

timeBeginPeriod
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutGetNumDevs
timeEndPeriod
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInReset
timeGetTime

ws2_32

closesocket
bind
ioctlsocket
ntohs
recvfrom
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
inet_ntop
ntohl

kernel32

WideCharToMultiByte
GetConsoleMode
SetConsoleMode
GetLastError
GetCurrentProcess
WriteProcessMemory
VirtualProtect
VirtualAllocEx
MultiByteToWideChar
FreeLibrary
LoadLibraryA
OutputDebugStringW
CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
SetFilePointerEx
WriteFile
CloseHandle
SetErrorMode
GetTickCount
EnumResourceNamesW
MulDiv
SetThreadExecutionState
ExitProcess
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
CreateDirectoryW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
GetEnvironmentVariableA
SetEnvironmentVariableA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
VerSetConditionMask
CreateFileA
DeviceIoControl
GetOverlappedResult
CancelIo
ResetEvent
WaitForSingleObject
CreateEventW
FormatMessageW
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
CompareStringA
GetModuleHandleExW
GetFileTime
GetSystemPowerStatus
GetLocaleInfoA
DebugBreak
FindClose
FindFirstFileW
FindNextFileW
CreateSemaphoreA
WriteConsoleW
InterlockedFlushSList
SetUnhandledExceptionFilter
GetProcAddress
TerminateThread
GetProcessId
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetEvent
WaitForMultipleObjects
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
IsProcessorFeaturePresent
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitOnceComplete
InitOnceBeginInitialize
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeThread
SwitchToThread
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
GetCurrentDirectoryW
GetLocaleInfoEx
SetLastError
TlsFree
GetTimeZoneInformation
ExitThread
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
LocalFree
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetCommandLineW
GetStdHandle
GetModuleHandleA
FormatMessageA
InitializeSListHead
RtlUnwind
InitializeCriticalSection
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
SetStdHandle
GetFileType
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
ReadConsoleW
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
RtlCaptureContext
SetEndOfFile
GetStartupInfoW

user32

SetActiveWindow
GetFocus
SetFocus
FlashWindowEx
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassW
AttachThreadInput
SendMessageW
RegisterRawInputDevices
SystemParametersInfoW
CreateIconIndirect
CopyImage
LoadCursorW
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
MapVirtualKeyW
SetForegroundWindow
GetKeyboardState
GetKeyboardLayout
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
SetWindowRgn
DialogBoxIndirectParamW
GetClipboardSequenceNumber
CloseClipboard
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
EndDialog
GetDlgItem
DrawTextW
SystemParametersInfoA
PostThreadMessageW
GetMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
GetDesktopWindow
SetPropW
RemovePropW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IntersectRect
PtInRect
SetWindowLongW
GetParent
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CreateIconFromResource
MonitorFromRect
ToUnicode
GetDoubleClickTime
RegisterWindowMessageA
GetRawInputData
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
FillRect
ClipCursor
ScreenToClient
ClientToScreen
GetClipCursor
GetCursorPos
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetPropW
ValidateRect
InvalidateRect
GetUpdateRect
GetDC
GetForegroundWindow
GetMenu
GetSystemMetrics
KillTimer
SetTimer
MsgWaitForMultipleObjects
GetAsyncKeyState
GetKeyState
IsIconic
SetWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageExtraInfo
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
MessageBoxW
MessageBoxA
ShowWindow
LoadIconA
SendMessageA
MonitorFromWindow
OpenClipboard

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
GetDIBits
CreateBitmap
GetDeviceGammaRamp
SetDeviceGammaRamp
CombineRgn
CreateRectRgn
CreateFontIndirectW
GetTextExtentPoint32A
GetTextMetricsW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
BitBlt
CreateCompatibleDC
GetICMProfileW
CreateSolidBrush
DeleteObject

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetIMEFileNameA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CLSIDFromString
PropVariantClear
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

setupapi

SetupDiGetDeviceRegistryPropertyA
CM_Locate_DevNodeA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

shell32

ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord155
CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
ord190

Exports

Exports

StartOpenLoco

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 818KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
openloco.pdb

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

File Characteristics

Sections

.text Size: 856KB - Virtual size: 856KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 124KB - Virtual size: 12.2MB

.rsrc Size: 28KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

Password: infected

b2e3e9d73f80ea049fb17c72649d038f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

kernel32

user32

gdi32

imm32

ole32

oleaut32

version

advapi32

setupapi

shell32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1010KB - Virtual size: 1009KB

.data Size: 308KB - Virtual size: 818KB

.rsrc Size: 65KB - Virtual size: 64KB

.reloc Size: 147KB - Virtual size: 147KB

.text
Size: 856KB - Virtual size: 856KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 124KB - Virtual size: 12.2MB

.rsrc
Size: 28KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1010KB - Virtual size: 1009KB

.data
Size: 308KB - Virtual size: 818KB

.rsrc
Size: 65KB - Virtual size: 64KB

.reloc
Size: 147KB - Virtual size: 147KB