Prison Architect64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Prison Architect64.exe
Size

13.4MB
MD5

dcd624b923faa06ab39c702cc19c05c7
SHA1

358c88758e032a50472e8bf4a07414e91af3b14e
SHA256

ba58b8166252105ad9d35fb6d99eb04ea58d78f58c8fb01ca2d1d8039cc930e2
SHA512

8371ee106c50a15061510f6787fa971f5436d232b30147ebdc57e0cda8631990d64f3fd056b430d09d575632a119ed7b37278f69f98e8564bd88a24e5bec8acd
SSDEEP

196608:w8QubkixWu8eRniUdfXxe4yCeCRgu8SPw2:1Qubz78eRniU5XxeWey

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Prison Architect64.exe

Files

Prison Architect64.exe
.exe windows:6 windows x64 arch:x64

8d276d5e38aaab29d96d593adebe330b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\Jenkins\workspace\Prison_Architect_Windows-graveyard\pa\build-vs2015\steam\Prison Architect64.pdb

Imports

opengl32

glPixelStorei
glTexEnvi
glDepthRange
glClearDepth
glAlphaFunc
glScalef
glVertex2i
glTranslatef
glClearColor
glCullFace
glDepthFunc
glMultMatrixf
glPolygonMode
glShadeModel
glLightfv
glGetDoublev
glDrawElements
glColorPointer
glNormalPointer
glVertex2fv
glTexCoord2fv
glTexCoord2i
glTexCoord2f
glScissor
glLineStipple
glVertex2f
glLineWidth
glColor4f
glColor4ub
glDepthMask
glBlendFunc
glHint
glPopMatrix
glPushMatrix
glViewport
glPushAttrib
glPopAttrib
glLoadIdentity
glMatrixMode
glGetError
glEnd
glVertex3fv
glBegin
glTexCoordPointer
glVertexPointer
glDisable
glDisableClientState
glDrawArrays
glEnableClientState
glEnable
glColor4ubv
glDeleteTextures
glTexParameteri
glTexImage2D
glBindTexture
glGenTextures
glReadPixels
glGetIntegerv
glDeleteLists
wglDeleteContext
glClear
wglMakeCurrent
wglCreateContext
glGetString
wglGetProcAddress
wglGetCurrentDC

glu32

gluUnProject
gluBuild2DMipmaps
gluLookAt
gluPerspective
gluOrtho2D
gluErrorString

dbghelp

SymInitialize
MiniDumpWriteDump
SymSetOptions
SymGetOptions
SymGetLineFromAddrW64
SymSetSearchPath
SymGetSearchPath
SymFromAddrW
SymLoadModule64
SymCleanup

pops_api

POPS_LegalGetDocument
POPS_Initialize
POPS_AutoStandardTelemetryEnable
POPS_AccountLogInWithAuthToken
POPS_RunCallbacks
POPS_Shutdown
POPS_GenerateGUID
POPS_TelemetrySend
POPS_LegalGetDocumentsList

kernel32

InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForSingleObjectEx
RtlVirtualUnwind
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
GetFileSizeEx
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetModuleHandleW
CreateEventW
ResetEvent
GetComputerNameA
K32GetModuleInformation
K32GetModuleFileNameExA
K32EnumProcessModulesEx
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetStdHandle
FindClose
GetModuleFileNameA
ExitProcess
LocalFree
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleA
SetConsoleMode
FlushFileBuffers
GetFileTime
SetEndOfFile
SetFileTime
SetErrorMode
GetCurrentThread
SetThreadPriority
SetPriorityClass
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError
CreateFileA
CloseHandle
OutputDebugStringA
DeleteFileW
MoveFileW
LoadLibraryA
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CreateEventA
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateThread
Sleep
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetUserDefaultLocaleName
GetModuleHandleA
GetVersionExA
GetSystemInfo
GetCurrentProcessId
GlobalMemoryStatusEx
SetUnhandledExceptionFilter
GetLocalTime
GetTickCount64
GetCPInfo
IsDBCSLeadByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileAttributesW
GetFullPathNameA
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
OutputDebugStringW
CreatePipe
MoveFileExW
GetFileAttributesExW
GetExitCodeProcess
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetACP
WriteConsoleW
GetModuleFileNameW
CreateProcessA
GetTempPathW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
GetDriveTypeW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
TerminateProcess
RtlPcToFileHeader
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetNativeSystemInfo
DuplicateHandle
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetFullPathNameW

user32

DispatchMessageA
GetWindowRect
SetCursorPos
SetCapture
ReleaseCapture
PeekMessageA
DestroyWindow
ShowWindow
CreateWindowExW
ChangeDisplaySettingsExA
GetMonitorInfoA
RegisterClassW
LoadCursorA
LoadIconA
EnumDisplayMonitors
GetClientRect
ReleaseDC
IsWindow
CharToOemA
OemToCharA
OemToCharBuffA
CharUpperA
CharLowerA
CharToOemBuffA
TranslateMessage
GetDC
ChangeDisplaySettingsA
EnumDisplaySettingsA
DefWindowProcW
MessageBoxA
ShowCursor
AdjustWindowRect

gdi32

GetStockObject
GetDeviceCaps
ChoosePixelFormat
SetPixelFormat
SwapBuffers

shell32

ShellExecuteA
SHGetFolderPathW

sdl64

ord121
ord19
ord120
ord64

steam_api64

SteamInternal_CreateInterface
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_GetHSteamUser
SteamAPI_GetHSteamPipe
SteamInternal_ContextInit

ws2_32

__WSAFDIsSet
socket
WSAGetLastError
recvfrom
select
ioctlsocket
htonl
ntohl
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
listen
WSACleanup
getaddrinfo
freeaddrinfo
sendto
accept
inet_ntop
inet_pton
WSAStartup
gethostname

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord301

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom

advapi32

ProcessTrace
ControlTraceA
CloseTrace
StartTraceA
TraceSetInformation
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenProcessToken
AdjustTokenPrivileges
SetFileSecurityW
SetFileSecurityA
LookupPrivilegeValueA
OpenTraceA

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 163KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 426KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d276d5e38aaab29d96d593adebe330b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

glu32

dbghelp

pops_api

kernel32

user32

gdi32

shell32

sdl64

steam_api64

ws2_32

wldap32

crypt32

bcrypt

advapi32

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 163KB - Virtual size: 888KB

.pdata Size: 426KB - Virtual size: 428KB

.gfids Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

_RDATA Size: 6KB - Virtual size: 8KB

.rsrc Size: 33KB - Virtual size: 36KB

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 163KB - Virtual size: 888KB

.pdata
Size: 426KB - Virtual size: 428KB

.gfids
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 33KB - Virtual size: 36KB