D:\RON8\prog\project\OutDir\Win32\ReleaseSteam\RON8.pdb
Static task
static1
1 signatures
General
-
Target
COTM.exe
-
Size
4.9MB
-
MD5
d6190dcfffcbbab4dfd48e57ba0da9cc
-
SHA1
dc8042b6e3cd628a0345876d3b8b9a280420c704
-
SHA256
ebc63f2d52c3f68d4ee3abd0675c496333ab0dc827aeaab3ed89f176a65ae861
-
SHA512
c6373943a4f90f13aa4c3ea41c35a8abca50c8db1b3fb8d476083c744f2bd9a1508f414820e72cfa1686d1972a257c88e00cfc408260a27cbf2326b5fc722d22
-
SSDEEP
49152:48Kb8G8kVOjIZrfrFv07SMbwyH6ZRg0tqn2OLTcnaj3OXgDRGsqx2:48iDVBZndilaJtC2Olj32Ca
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource COTM.exe
Files
-
COTM.exe.exe windows:5 windows x86 arch:x86
c2da736f1c0ebb6dadf37e603e854024
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LocalFree
ExitProcess
CreateEventA
SetEvent
CloseHandle
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetLastError
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
FormatMessageA
GetModuleHandleA
GetModuleFileNameA
GlobalUnlock
GlobalLock
Sleep
WaitForSingleObject
SetThreadPriority
LeaveCriticalSection
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
MultiByteToWideChar
RtlUnwind
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetCurrentDirectoryA
GetUserDefaultLCID
SetLastError
GetCurrentDirectoryA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
SetEndOfFile
user32
MessageBoxA
LoadCursorA
GetClassInfoA
RegisterClassA
CreateWindowExA
ShowWindow
SetCursor
GetWindowPlacement
GetClientRect
GetAsyncKeyState
SetCapture
ReleaseCapture
ScreenToClient
PostQuitMessage
DefWindowProcA
SetWindowPos
GetWindowRect
SystemParametersInfoA
GetWindowLongA
AdjustWindowRect
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadIconA
advapi32
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
shell32
DragQueryFileA
SHGetSpecialFolderPathA
ole32
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoInitializeEx
d3d9
Direct3DCreate9
d3dx9_43
D3DXCompileShader
D3DXMatrixInverse
D3DXCreateTexture
D3DXMatrixScaling
D3DXMatrixTranslation
D3DXMatrixMultiply
D3DXMatrixRotationZ
D3DXMatrixTranspose
D3DXVec3TransformCoord
D3DXVec3Normalize
D3DXMatrixPerspectiveFovLH
D3DXMatrixRotationY
D3DXMatrixRotationX
imm32
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
winmm
timeGetTime
dinput8
DirectInput8Create
steam_api
SteamAPI_Init
SteamAPI_Shutdown
SteamInternal_CreateInterface
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_RunCallbacks
SteamInternal_ContextInit
Sections
.text Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 958KB - Virtual size: 958KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 259KB - Virtual size: 318KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 286KB - Virtual size: 286KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bind Size: 138KB - Virtual size: 138KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ