db379c108ebc78f632334fefede155df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db379c108ebc78f632334fefede155df_JaffaCakes118
Size

1.7MB
MD5

db379c108ebc78f632334fefede155df
SHA1

6a8dc417fd888be0b7d71e983f0b80d2f2812034
SHA256

65bf0834c789eda2b918e5f164caab08d4971ee8be9af1357806444f5601e3ef
SHA512

8aa1b1c5205d56f34263151185eeec84be1ea6ddf874ff2b9a727f7b6766adea262546b776699e07b73ab2215c2a5ecf22cf9b674502e0e5ecd81eca50175b4e
SSDEEP

24576:5JuwEzAAyvZOuWutDhb1h2J2FC5thahjlR5qDGJXkOHfeJOJY5qBRlobPOy:5JqnyIut9uUr4GJUOmJl6lM

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HowToSurvive.exe
unpack001/steam_api.dll
unpack001/steamclient.dll

Files

db379c108ebc78f632334fefede155df_JaffaCakes118
.rar
ALI213.txt
HowToSurvive.exe
.exe windows:5 windows x86 arch:x86

a9232b703d4676c6946206afd5a76f9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\EkoProjectAll\HowToSurvive\Code\Folder_Test\Main.pdb

Imports

steam_api

SteamRemoteStorage
SteamUserStats
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamNetworking
SteamMatchmaking
SteamUser
SteamAPI_SetMiniDumpComment
SteamAPI_Shutdown
SteamAPI_RunCallbacks
SteamAPI_WriteMiniDump
SteamAPI_Init
SteamFriends
SteamUtils
SteamApps

kernel32

GetLastError
CreateMutexA
GetVersionExA
lstrcpyA
DeleteFileA
FormatMessageA
SuspendThread
TerminateThread
ExitThread
RaiseException
ResetEvent
OutputDebugStringA
GetFileAttributesExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryA
SetThreadPriority
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
ResumeThread
CreateWaitableTimerA
WaitForMultipleObjects
CreateThread
CancelWaitableTimer
SetWaitableTimer
Sleep
GetCurrentThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
EncodePointer
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetCommandLineA
RtlUnwind
HeapAlloc
ReadFile
DecodePointer
GetDriveTypeW
SetCurrentDirectoryA
SetEnvironmentVariableA
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentDirectoryW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
FlushFileBuffers
SetFilePointer
SetFilePointerEx
HeapReAlloc
GetFullPathNameA
GetTimeZoneInformation
OutputDebugStringW
LoadLibraryW
GetDateFormatW
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeFormatW

user32

MessageBoxA
GetTopWindow
MoveWindow
RegisterClassA
DialogBoxParamA
ShowWindow
PostMessageA
GetDesktopWindow
DefWindowProcA
EndDialog
GetDlgItem
DispatchMessageA
TranslateAcceleratorA
PeekMessageA
CreateWindowExA
GetWindowLongA
CreateAcceleratorTableA
ShowCursor
TranslateMessage
WaitMessage
SendMessageA
SetFocus
LoadIconA
PostQuitMessage
GetWindowRect
SetCursor
SystemParametersInfoA
UpdateWindow
GetKeyNameTextA
IsDlgButtonChecked
CheckDlgButton
GetDlgItemInt
SetDlgItemInt
IsWindow
SetWindowPos

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

physx3common_x86

?getSize@MutexImpl@shdfnd@physx@@SAABIXZ
??0MutexImpl@shdfnd@physx@@QAE@XZ
?unlock@MutexImpl@shdfnd@physx@@QAE_NXZ
?lock@MutexImpl@shdfnd@physx@@QAE_NXZ
?getAllocator@shdfnd@physx@@YAAAVPxAllocatorCallback@2@XZ
??1MutexImpl@shdfnd@physx@@QAE@XZ
?deallocate@Allocator@shdfnd@physx@@QAEXPAX@Z
PxCreateFoundation
?getCurrentCounterValue@Time@shdfnd@physx@@SA_KXZ
??0?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QAE@W4Enum@PxSerialFlag@1@@Z
?quitIsSignalled@Thread@shdfnd@physx@@QAE_NXZ
?quit@Thread@shdfnd@physx@@QAEXXZ
??1Thread@shdfnd@physx@@UAE@XZ
?setAffinityMask@Thread@shdfnd@physx@@UAEII@Z
??0Thread@shdfnd@physx@@QAE@XZ
?wait@Sync@shdfnd@physx@@QAE_NI@Z
?allocate@Allocator@shdfnd@physx@@QAEPAXIPBDH@Z
??0?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QAE@ABV01@@Z
??B?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QBE_NXZ
?addToStringTable@Cm@physx@@YAIAAV?$Array@DV?$ReflectionAllocator@D@shdfnd@physx@@@shdfnd@2@PBD@Z
?incRefCount@Foundation@shdfnd@physx@@SAXXZ
?decRefCount@Foundation@shdfnd@physx@@SAXXZ
??0?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QAE@XZ
??_4?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QAEAAV01@ABV01@@Z
??S?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QBE?AV01@XZ
?signalQuit@Thread@shdfnd@physx@@QAEXXZ
?waitForQuit@Thread@shdfnd@physx@@QAE_NXZ
??1Sync@shdfnd@physx@@QAE@XZ
??0Sync@shdfnd@physx@@QAE@XZ
?getDefaultStackSize@Thread@shdfnd@physx@@SAIXZ
?start@Thread@shdfnd@physx@@QAEXI@Z
?setName@Thread@shdfnd@physx@@QAEXPBD@Z
?getSize@SListImpl@shdfnd@physx@@SAABIXZ
??0SListImpl@shdfnd@physx@@QAE@XZ
??1SListImpl@shdfnd@physx@@QAE@XZ
?pop@SListImpl@shdfnd@physx@@QAEPAVSListEntry@23@XZ
?push@SListImpl@shdfnd@physx@@QAEXPAVSListEntry@23@@Z
?reset@Sync@shdfnd@physx@@QAEXXZ
?set@Sync@shdfnd@physx@@QAEXXZ
?allocate@TempAllocator@shdfnd@physx@@QAEPAXIPBDH@Z
?PxDiagonalize@physx@@YA?AVPxVec3@1@ABVPxMat33@1@AAVPxQuat@1@@Z
?deallocate@TempAllocator@shdfnd@physx@@QAEXPAX@Z
?error@Foundation@shdfnd@physx@@QAAXW4Enum@PxErrorCode@3@PBDH1ZZ
?getInstance@Foundation@shdfnd@physx@@SAAAV123@XZ
?printString@shdfnd@physx@@YAXPBD@Z
?sleep@Thread@shdfnd@physx@@SAXI@Z
??I?$PxFlags@W4Enum@PxSerialFlag@physx@@G@physx@@QBE?AV01@W4Enum@PxSerialFlag@1@@Z
?getId@Thread@shdfnd@physx@@SAIXZ

physx3_x86

PxCreateBasePhysics
PxRegisterArticulations
PxRegisterHeightFields
PxGetSDKMetaData

physx3cooking_x86

PxCreateCooking

xerces-c_2_5_0

?startElement@HandlerBase@xercesc_2_5@@UAEXQBGAAVAttributeList@2@@Z
?startElement@AbstractDOMParser@xercesc_2_5@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_5@@@2@I_N3@Z
?startDocument@HandlerBase@xercesc_2_5@@UAEXXZ
?startDocument@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?startAttList@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDElementDecl@2@@Z
?setPSVIHandler@AbstractDOMParser@xercesc_2_5@@UAEXQAVPSVIHandler@2@@Z
?setDocumentLocator@HandlerBase@xercesc_2_5@@UAEXQBVLocator@2@@Z
?resolveEntity@XercesDOMParser@xercesc_2_5@@UAEPAVInputSource@2@QBG00@Z
?resolveEntity@XercesDOMParser@xercesc_2_5@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resolveEntity@HandlerBase@xercesc_2_5@@UAEPAVInputSource@2@QBG0@Z
?resetErrors@XercesDOMParser@xercesc_2_5@@UAEXXZ
?resetErrors@HandlerBase@xercesc_2_5@@UAEXXZ
?resetEntities@XercesDOMParser@xercesc_2_5@@UAEXXZ
?resetDocument@HandlerBase@xercesc_2_5@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?resetDocType@HandlerBase@xercesc_2_5@@UAEXXZ
?resetDocType@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?processingInstruction@HandlerBase@xercesc_2_5@@UAEXQBG0@Z
?notationDecl@HandlerBase@xercesc_2_5@@UAEXQBG00@Z
?notationDecl@AbstractDOMParser@xercesc_2_5@@UAEXABVXMLNotationDecl@2@_N@Z
?ignorableWhitespace@HandlerBase@xercesc_2_5@@UAEXQBGI@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_2_5@@UAEXQBGI_N@Z
?fatalError@HandlerBase@xercesc_2_5@@UAEXABVSAXParseException@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_5@@UAE_NQBGAAVXMLBuffer@2@@Z
?error@XercesDOMParser@xercesc_2_5@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?error@HandlerBase@xercesc_2_5@@UAEXABVSAXParseException@2@@Z
?entityDecl@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDEntityDecl@2@_N1@Z
?endIntSubset@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_5@@UAEXABVInputSource@2@@Z
?endExtSubset@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?startEntityReference@AbstractDOMParser@xercesc_2_5@@UAEXABVXMLEntityDecl@2@@Z
?endElement@HandlerBase@xercesc_2_5@@UAEXQBG@Z
?endElement@AbstractDOMParser@xercesc_2_5@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endDocument@HandlerBase@xercesc_2_5@@UAEXXZ
?endDocument@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?endAttList@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDElementDecl@2@@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_5@@UAEXQBG0@Z
?elementDecl@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_5@@UAEXQBGI@Z
?doctypePI@AbstractDOMParser@xercesc_2_5@@UAEXQBG0@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypeComment@AbstractDOMParser@xercesc_2_5@@UAEXQBG@Z
?docPI@AbstractDOMParser@xercesc_2_5@@UAEXQBG0@Z
?docComment@AbstractDOMParser@xercesc_2_5@@UAEXQBG@Z
?docCharacters@AbstractDOMParser@xercesc_2_5@@UAEXQBGI_N@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_5@@MAEPAVDOMElement@2@PBG0@Z
?characters@HandlerBase@xercesc_2_5@@UAEXQBGI@Z
?attDef@AbstractDOMParser@xercesc_2_5@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?XMLDecl@AbstractDOMParser@xercesc_2_5@@UAEXQBG000@Z
?TextDecl@AbstractDOMParser@xercesc_2_5@@UAEXQBG0@Z
??1HandlerBase@xercesc_2_5@@UAE@XZ
??0HandlerBase@xercesc_2_5@@QAE@XZ
?setErrorHandler@XercesDOMParser@xercesc_2_5@@QAEXQAVErrorHandler@2@@Z
??1XercesDOMParser@xercesc_2_5@@UAE@XZ
??0XercesDOMParser@xercesc_2_5@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?parse@AbstractDOMParser@xercesc_2_5@@QAEXQBD@Z
?setValidationScheme@AbstractDOMParser@xercesc_2_5@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_5@@QAEX_N@Z
?getDocument@AbstractDOMParser@xercesc_2_5@@QAEPAVDOMDocument@2@XZ
?adoptDocument@AbstractDOMParser@xercesc_2_5@@QAEPAVDOMDocument@2@XZ
?reset@AbstractDOMParser@xercesc_2_5@@QAEXXZ
?release@XMLString@xercesc_2_5@@SAXPAPAD@Z
?transcode@XMLString@xercesc_2_5@@SAPAGQBD@Z
?transcode@XMLString@xercesc_2_5@@SA_NQBGQADIQAVMemoryManager@2@@Z
?transcode@XMLString@xercesc_2_5@@SAPADQBG@Z
?compareString@XMLString@xercesc_2_5@@SAHQBG0@Z
?Initialize@XMLPlatformUtils@xercesc_2_5@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
??3XMemory@xercesc_2_5@@SAXPAX@Z
??2XMemory@xercesc_2_5@@SAPAXI@Z
?startExtSubset@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?startInputSource@XercesDOMParser@xercesc_2_5@@UAEXABVInputSource@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_5@@UAEXXZ
?unparsedEntityDecl@HandlerBase@xercesc_2_5@@UAEXQBG000@Z
?warning@HandlerBase@xercesc_2_5@@UAEXABVSAXParseException@2@@Z
?fgXercescDefaultLocale@XMLUni@xercesc_2_5@@2QBDB
?fgMemoryManager@XMLPlatformUtils@xercesc_2_5@@2PAVMemoryManager@2@A
?endEntityReference@AbstractDOMParser@xercesc_2_5@@UAEXABVXMLEntityDecl@2@@Z

d3d9

Direct3DCreate9

d3dx9_29

D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileExA
D3DXAssembleShader
D3DXCreateTextureFromFileExA
D3DXAssembleShaderFromFileA
D3DXCreateFontA

dinput8

DirectInput8Create

dsound

ord11

wsock32

WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ntohs
ntohl
listen
inet_addr
ioctlsocket
htons
connect
closesocket
bind
accept
__WSAFDIsSet
getsockopt

ws2_32

getnameinfo

winmm

mmioAscend
mmioDescend
mmioAdvance
mmioSetInfo
mmioGetInfo
mmioSeek
mmioRead
mmioClose
mmioOpenA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plaza.nfo
steam_api.dll
.dll windows:5 windows x86 arch:x86

911e546ee704a28059e39a0d06223fd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedFlushSList
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA

advapi32

RegOpenKeyExA

shell32

SHGetFolderPathA

shlwapi

PathCombineA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartApp
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamController
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
VR_GetControlPanel
VR_Init
VR_Shutdown
g_pSteamClientGameServer

Sections

.text
Size: - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CDX0
Size: - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CDX1
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steamclient.dll
.dll windows:5 windows x86 arch:x86

1b91e19676060fa803f11b49717e501e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

AudioSinkList
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateAudioDevice
CreateInterface
ServiceAudio
SetAudioMixFragmentMilliseconds
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write

Sections

.text
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CDX0
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CDX1
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
游侠网热门单机游戏.url
.url

Sharing

General

Malware Config

Signatures

Files

a9232b703d4676c6946206afd5a76f9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api

kernel32

user32

comdlg32

advapi32

ole32

physx3common_x86

physx3_x86

physx3cooking_x86

xerces-c_2_5_0

d3d9

d3dx9_29

dinput8

dsound

wsock32

ws2_32

winmm

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 341KB - Virtual size: 344KB

.data Size: 94KB - Virtual size: 4.4MB

_RDATA Size: 4KB - Virtual size: 8KB

.rsrc Size: 232KB - Virtual size: 231KB

911e546ee704a28059e39a0d06223fd6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: - Virtual size: 241KB

.rdata Size: - Virtual size: 91KB

.data Size: - Virtual size: 81KB

.CDX0 Size: - Virtual size: 553KB

.CDX1 Size: 537KB - Virtual size: 537KB

.reloc Size: 512B - Virtual size: 328B

.rsrc Size: 1KB - Virtual size: 1KB

1b91e19676060fa803f11b49717e501e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 51KB

.rdata Size: - Virtual size: 26KB

.data Size: - Virtual size: 12KB

.CDX0 Size: - Virtual size: 126KB

.CDX1 Size: 167KB - Virtual size: 166KB

.reloc Size: 512B - Virtual size: 160B

.rsrc Size: 1024B - Virtual size: 792B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 341KB - Virtual size: 344KB

.data
Size: 94KB - Virtual size: 4.4MB

_RDATA
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 232KB - Virtual size: 231KB

.text
Size: - Virtual size: 241KB

.rdata
Size: - Virtual size: 91KB

.data
Size: - Virtual size: 81KB

.CDX0
Size: - Virtual size: 553KB

.CDX1
Size: 537KB - Virtual size: 537KB

.reloc
Size: 512B - Virtual size: 328B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 51KB

.rdata
Size: - Virtual size: 26KB

.data
Size: - Virtual size: 12KB

.CDX0
Size: - Virtual size: 126KB

.CDX1
Size: 167KB - Virtual size: 166KB

.reloc
Size: 512B - Virtual size: 160B

.rsrc
Size: 1024B - Virtual size: 792B