SteamSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SteamSetup.exe
Size

1.4MB
MD5

c3cb13d227b087f30f89cac9e78dd175
SHA1

0e8046d40c38d817338135ec73a5b217cc340cf5
SHA256

e63bd6119d13bfda636c2165d32a46b80bbed198ea9e8e5a256a117ed986e762
SHA512

f52ae8f4e80d29d83f08164637d9ade8c87d47cd826d6e0d9263d514b5823cbe471ef2c1cb5b16479840f61a2018c6868801b7e54aab9b3f35420aadaaf52bc1
SSDEEP

24576:JAvw2LeiZhl9qpDYF0W+4XeJT8Rtyzj9b0NyFhdhlREIbRlkXXJW7IvWWa6/1cLR:yv1PiD7V1JT8Rts9PdhlREikHcWauUb

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack009/$PLUGINSDIR/LangDLL.dll
unpack009/$PLUGINSDIR/ShellLink.dll
unpack009/$PLUGINSDIR/nsExec.dll

Files

SteamSetup.exe
.exe windows:5 windows x86 arch:x86

Password: 123

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:4e:35:ac:76:7f:bb:c1:b9:13:5b:3c:26:a9:b3:d5:68:99:f4:2b
Signer

Actual PE Digest

3b:4e:35:ac:76:7f:bb:c1:b9:13:5b:3c:26:a9:b3:d5:68:99:f4:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

Password: 123

6e63471b3d7c59cf9b8572bf93e2cf35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snprintf
swscanf
_snwprintf
rand
srand
time
_wcsicmp
??2@YAPAXI@Z
wcsncpy
??3@YAXPAX@Z
wcschr
_beginthreadex
memset

shlwapi

ord176

kernel32

LeaveCriticalSection
lstrcpynW
GlobalFree
MultiByteToWideChar
EnterCriticalSection
GetProcAddress
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineW
GetVersionExW
WaitForSingleObject
CloseHandle
Sleep
CreateEventW
GetTickCount
FreeLibrary
LoadLibraryW
GetModuleHandleW
TerminateThread
GlobalAlloc

user32

MessageBoxA
LoadStringW
MessageBoxW
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWait
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetMinutes
GetParameter
InvokeShellVerb
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
WaitForProc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

Password: 123

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

Password: 123

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

Password: 123

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

Password: 123

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Steam.exe
.exe windows:5 windows x86 arch:x86

Password: 123

9603da3f19ca227ac8e79fdb27619a1b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:63:17:f4:64:b8:b4:ff:54:9d:09:22:fe:4e:01:24:7c:e4:92:9e
Signer

Actual PE Digest

90:63:17:f4:64:b8:b4:ff:54:9d:09:22:fe:4e:01:24:7c:e4:92:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\steam_rel_client_win32\build\src\steamexe\Release\steamexe.pdb

Imports

ws2_32

connect
recv
send
setsockopt
getsockname
htonl
htons
ntohl
ntohs
gethostbyname
closesocket
shutdown
WSAGetLastError
WSARecvFrom
WSASendTo
WSASocketA
bind
ioctlsocket
WSAIoctl
__WSAFDIsSet
select
accept
WSASetLastError
WSACleanup
WSAStartup

comctl32

InitCommonControlsEx

kernel32

GetVersionExA
VerifyVersionInfoW
InitializeCriticalSection
DeleteCriticalSection
FileTimeToLocalFileTime
WriteConsoleW
CompareStringW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetStdHandle
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
ReadConsoleW
GetConsoleCP
UnhandledExceptionFilter
GetStartupInfoW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetTimeZoneInformation
SetConsoleCtrlHandler
SetEnvironmentVariableW
HeapReAlloc
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
GetFullPathNameW
RemoveDirectoryW
FindClose
WriteFile
GetFileSize
SetLastError
GetCurrentProcess
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
VerSetConditionMask
FreeLibrary
LoadLibraryA
InterlockedCompareExchange
InterlockedExchange
MoveFileExW
CopyFileA
CreateFileA
GetTickCount
GetLastError
SetEnvironmentVariableA
CreateProcessA
GetModuleHandleA
RtlUnwind
GetFullPathNameA
AreFileApisANSI
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
GetStdHandle
PostQueuedCompletionStatus
TlsAlloc
CreateIoCompletionPort
OpenEventA
CloseHandle
SetEvent
SetErrorMode
GetCurrentProcessId
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ResumeThread
SuspendThread
GetVersion
GlobalFree
GetCurrentDirectoryA
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
PeekNamedPipe
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
GetLocalTime
DeviceIoControl
SetProcessAffinityMask
HeapQueryInformation
GetProcessHeaps
DebugBreak
HeapValidate
HeapSize
HeapFree
GetExitCodeThread
HeapAlloc
InterlockedExchangeAdd
SetUnhandledExceptionFilter
GetSystemInfo
GetProcessAffinityMask
GetCurrentDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
GetModuleFileNameW
GetModuleFileNameA
GlobalMemoryStatusEx
Sleep
GetFileAttributesW
CreateEventA
TlsFree
TlsSetValue
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleW
LCMapStringW
GetFileInformationByHandle
GetFileSizeEx
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFilePointerEx
GetFileTime
SetFileTime
SleepEx
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
CreateDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
GetTimeFormatW
GetDateFormatW
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
GetProcessHeap
HeapLock
HeapUnlock
HeapWalk
TerminateProcess
GetCommandLineA
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadAffinityMask
OpenThread
GetThreadPriority
TerminateThread
TlsGetValue

user32

GetDlgItem
EndDialog
DialogBoxParamA
SetWindowPos
wsprintfA
SetDlgItemInt
GetDlgItemInt
CloseClipboard
GetDC
ReleaseDC
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
SetDlgItemTextA
PostMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
MoveWindow
MsgWaitForMultipleObjects
SetClipboardData
EmptyClipboard
GetWindowTextLengthA
GetWindowRect
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
OpenClipboard
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
GetMonitorInfoA
MonitorFromWindow
LoadIconA
LoadCursorA
SetClassLongA
SetWindowLongA
GetWindowLongA
MessageBoxW
SetWindowTextW
RedrawWindow
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer

gdi32

TextOutW
CreateDIBSection
SetTextColor
SetBkMode
SetBkColor
SelectObject
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPoint32W
GetStockObject
DeleteObject
DeleteDC
CreateICA
CreateFontA
CreateCompatibleDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey

shell32

ord680
SHGetFileInfoW

oleaut32

VariantClear

Exports

Exports

CanSetClientBeta
ClientUpdateRunFrame
CreateInterface
GetBaseUserContentDir
GetBaseUserContentDirUTF8
GetBaseUserDir
GetBaseUserDirUTF8
GetBootstrapperVersion
GetClientUpdateBytesDownloaded
GetClientUpdateBytesToDownload
GetCurrentClientBeta
GetEUniverse
GetSteamExePath
GetSteamExePathUTF8
GetSteamInstallDir
GetSteamInstallDirUTF8
IsCheckingForUpdates
IsClientUpdateAvailable
PermitDownloadClientUpdates
SetClientBeta
StartCheckingForUpdates
g_dwDllEntryThreadId

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 990KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/SteamService.exe
.exe windows:5 windows x86 arch:x86

Password: 123

423c47c9e5794f3818a622b203948ea8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:37:f3:57:2b:b8:d1:23:37:96:92:e0:dc:fa:3d:8e:66:1b:ca:0f
Signer

Actual PE Digest

5a:37:f3:57:2b:b8:d1:23:37:96:92:e0:dc:fa:3d:8e:66:1b:ca:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\steam_rel_client_win32\build\src\SteamServiceHost\Release\SteamServiceHost.pdb

Imports

shlwapi

SHDeleteKeyA
SHDeleteKeyW
SHStrDupW

ws2_32

WSAStartup
gethostname

shell32

SHGetFolderPathA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderPathA

kernel32

InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
SetLastError
GetFileSize
WriteFile
FindClose
ExpandEnvironmentStringsA
RemoveDirectoryW
GetFullPathNameW
CreateFileA
SetFileAttributesA
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindNextFileA
CopyFileA
InterlockedDecrement
GetVersionExA
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
CreateFileW
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CompareStringW
IsProcessorFeaturePresent
GetModuleHandleW
GetStartupInfoW
UnhandledExceptionFilter
Sleep
GetTickCount
TerminateProcess
OpenProcess
LocalFree
GetConsoleWindow
SetConsoleTitleA
SetConsoleCtrlHandler
DeleteFileA
GetFileAttributesExA
RemoveDirectoryA
CreateDirectoryA
OutputDebugStringA
GetCommandLineA
CreateProcessA
GetModuleFileNameA
LoadLibraryA
lstrlenA
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
CreateProcessW
CloseHandle
WaitForSingleObject
GetLastError
GetEnvironmentStringsW
GetExitCodeProcess
GetModuleHandleA
GetProcAddress
HeapValidate
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
FreeEnvironmentStringsW
VirtualQuery
GetConsoleCP
SetStdHandle
WriteConsoleW
HeapFree
HeapSize
MoveFileExA
GetCPInfo
HeapReAlloc
GetLocalTime
RtlUnwind
GetStringTypeW
SetProcessAffinityMask
GetSystemInfo
GetProcessAffinityMask
DeviceIoControl
HeapAlloc
InterlockedExchangeAdd
DebugBreak
InterlockedCompareExchange
InterlockedExchange
LoadLibraryExW
LoadLibraryExA
SetUnhandledExceptionFilter
HeapQueryInformation
GetProcessHeaps
WideCharToMultiByte
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetDriveTypeW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
GetCurrentThreadId
IsDebuggerPresent
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
GetCurrentProcessId
GetModuleFileNameW
GetProcessHeap
HeapLock
HeapUnlock
HeapWalk
RaiseException
SetThreadAffinityMask
OpenThread
GetThreadPriority
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
SetEvent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryW
OutputDebugStringW
GetCurrentDirectoryW

user32

GetWindowThreadProcessId
EnumWindows
IsWindowVisible
MessageBoxA
ShowWindow
GetDesktopWindow
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetDlgItemTextA
DialogBoxParamA
SetWindowPos
GetDlgItemInt
SetDlgItemInt
GetDlgItem
wsprintfA
EndDialog

advapi32

SetServiceObjectSecurity
SetNamedSecurityInfoA
RegOpenKeyA
RegOpenKeyExW
RegEnumKeyExW
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
ConvertStringSidToSidA
SetEntriesInAclA
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatusEx
QueryServiceStatus
QueryServiceObjectSecurity
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigA
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

ole32

PropVariantClear
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Exports

Exports

g_dwDllEntryThreadId

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
public/steambootstrapper_brazilian.txt
public/steambootstrapper_czech.txt
public/steambootstrapper_danish.txt
public/steambootstrapper_dutch.txt
public/steambootstrapper_english.txt
public/steambootstrapper_finnish.txt
public/steambootstrapper_french.txt
public/steambootstrapper_german.txt
public/steambootstrapper_greek.txt
public/steambootstrapper_hungarian.txt
public/steambootstrapper_italian.txt
public/steambootstrapper_japanese.txt
public/steambootstrapper_korean.txt
public/steambootstrapper_koreana.txt
public/steambootstrapper_norwegian.txt
public/steambootstrapper_polish.txt
public/steambootstrapper_portuguese.txt
public/steambootstrapper_romanian.txt
public/steambootstrapper_russian.txt
public/steambootstrapper_schinese.txt
public/steambootstrapper_spanish.txt
public/steambootstrapper_swedish.txt
public/steambootstrapper_tchinese.txt
public/steambootstrapper_thai.txt
public/steambootstrapper_turkish.txt
public/steambootstrapper_ukrainian.txt
uninstall.exe
.exe windows:5 windows x86 arch:x86

Password: 123

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:6a:1c:59:f6:44:fc:25:6d:d8:8d:1c:69:5b:b7:65:df:98:43:ef
Signer

Actual PE Digest

2d:6a:1c:59:f6:44:fc:25:6d:d8:8d:1c:69:5b:b7:65:df:98:43:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

45fa690faed482cb9bfd08458ed442ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc

user32

wsprintfW

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3b:4e:35:ac:76:7f:bb:c1:b9:13:5b:3c:26:a9:b3:d5:68:99:f4:2bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.7MB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 4KB - Virtual size: 3KB

Password: 123

6e63471b3d7c59cf9b8572bf93e2cf35

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 68B

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1KB - Virtual size: 1KB

Password: 123

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

Password: 123

9ea5bdc8c90dfcffe309465c26c89758

Headers

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3b:4e:35:ac:76:7f:bb:c1:b9:13:5b:3c:26:a9:b3:d5:68:99:f4:2b
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.7MB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 68B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

90:63:17:f4:64:b8:b4:ff:54:9d:09:22:fe:4e:01:24:7c:e4:92:9e
Signer