6bbc4ed84444f5a9b03ec2c0bbf0439f2d9590237152dc4d62a6e7d805e37690

Sharing

Copy URL Twitter E-mail

General

Target

6bbc4ed84444f5a9b03ec2c0bbf0439f2d9590237152dc4d62a6e7d805e37690
Size

2.9MB
MD5

54c3b9b433e255305dbddd169f7f9880
SHA1

f18b8c19a80d23e6336cc6c71599191091cd4348
SHA256

6bbc4ed84444f5a9b03ec2c0bbf0439f2d9590237152dc4d62a6e7d805e37690
SHA512

609cc795ca8b8d19be6809a4652a1c761ce0a65c73ec701f3e7115873157a378c4bb768ce3b247357b595301d4077f2681efbae25fcd3dc42ddf67346723416e
SSDEEP

49152:SSHEYqcWbIlTNQNAsxZ5/CJJ81oMGH8dh90LTu8Yo5m7oxCRnJJOI9:SDhy/A1toxCRnJJOI9

Score

1^/10

Malware Config

Signatures

Files

6bbc4ed84444f5a9b03ec2c0bbf0439f2d9590237152dc4d62a6e7d805e37690
.exe windows:6 windows x64 arch:x64

f625cf0f5078978e67199c5c50327e8e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:a3:cf:47:fd:62:c0:22:e0:4a:a0:fb:24:1f:f9:c5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/06/2024, 00:00

Not After

12/08/2025, 23:59

Subject

CN=株式会社コーエーテクモゲームス,O=株式会社コーエーテクモゲームス,L=横浜市,ST=神奈川県,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:d7:23:9a:0f:bb:db:0b:01:cb:d4:5d:e3:0c:a6:67:6c:44:0d:b1:f0:34:68:72:1c:ce:99:4c:9a:bf:98:c9
Signer

Actual PE Digest

e4:d7:23:9a:0f:bb:db:0b:01:cb:d4:5d:e3:0c:a6:67:6c:44:0d:b1:f0:34:68:72:1c:ce:99:4c:9a:bf:98:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\svnRepo\prod_repo\global_develop\launcher\x64\Master_Global\DOAX_VV_Launcher.pdb

Imports

steam_api64

SteamInternal_CreateInterface
SteamAPI_GetHSteamUser
SteamAPI_Shutdown
SteamInternal_ContextInit
SteamAPI_Init
SteamAPI_GetHSteamPipe

d3d11

D3D11CreateDevice

dinput8

DirectInput8Create

shlwapi

SHDeleteKeyA
PathRemoveFileSpecW
PathAddBackslashA
PathFileExistsA
PathRemoveFileSpecA

winhttp

WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen

dbghelp

MiniDumpWriteDump

kernel32

GetModuleHandleA
QueryPerformanceCounter
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetLastError
CreateMutexA
ReleaseMutex
CloseHandle
GetLocalTime
GetModuleFileNameA
CreateDirectoryA
CreateFileA
GetCurrentProcessId
GetCurrentProcess
SetThreadAffinityMask
GetCurrentThread
SetUnhandledExceptionFilter
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
SwitchToFiber
DeleteFiber
CreateFiber
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrcmpA
lstrcatA
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
FindClose
DeleteFileA
FindNextFileA
RemoveDirectoryA
GetThreadPriority
GetModuleHandleW
QueryPerformanceFrequency
ReadFile
WaitForSingleObject
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemInfo
SetFilePointer
WriteFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageA
VirtualQuery
SetLastError
VirtualAlloc
VirtualFree
CreateEventA
ResetEvent
SetEvent
SetThreadPriority
ResumeThread
GetExitCodeThread
CreateSemaphoreA
ReleaseSemaphore
GetFullPathNameA
GetTickCount
SwitchToThread
SuspendThread
FreeLibrary
GetProcAddress
LoadLibraryA
RaiseException
GetCurrentDirectoryW
GetDriveTypeW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
GetFileTime
RemoveDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
InitializeCriticalSectionEx
GlobalFree
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ConvertThreadToFiber
CreateEventW

user32

CallWindowProcA
GetMonitorInfoA
SetForegroundWindow
SetWindowPos
SetRect
MessageBoxW
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
GetSystemMetrics
AdjustWindowRectEx
LoadIconA
LoadCursorA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostQuitMessage
GetWindowLongPtrA
MessageBoxA
FindWindowA
EndDialog
SetDlgItemTextW
SetWindowTextW
ShowWindow
EnableWindow
GetDlgItem
SendMessageA
SendMessageW
LoadImageW
DialogBoxParamW
SetWindowLongPtrA
EnumDisplaySettingsA
CharNextW
DestroyWindow

gdi32

GetStockObject
CreateFontW

advapi32

RegCreateKeyExA
RegCopyTreeA
CryptDestroyKey
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
CryptAcquireContextA
CryptGenKey
CryptExportKey
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegSetValueExA
CryptSetKeyParam
CryptEncrypt
CryptDecrypt

shell32

ShellExecuteExA
ShellExecuteA

msvcp140

?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_destroy
_Cnd_destroy
_Cnd_signal
_Cnd_wait
_Cnd_init
_Mtx_unlock
_Mtx_lock
_Mtx_init
_Thrd_join
_Thrd_start
?_Throw_C_error@std@@YAXH@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

crypt32

CryptBinaryToStringA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA

d3dcompiler_47

D3DReflect

dwmapi

DwmGetCompositionTimingInfo

vcruntime140

__vcrt_InitializeCriticalSectionEx
wcschr
__C_specific_handler
memcmp
_CxxThrowException
__CxxFrameHandler3
memcpy
__std_terminate
wcsrchr
wcsstr
memset
memmove
__std_exception_destroy
__std_exception_copy
_purecall
memchr
strstr
strchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vswprintf_s
__p__commode
_set_fmode
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
_initialize_wide_environment
_set_app_type
_seh_filter_exe
_get_wide_winmain_command_line
_cexit
_initterm
_crt_atexit
exit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_exit
_errno
_beginthreadex
_endthreadex
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initterm_e

api-ms-win-crt-time-l1-1-0

clock
_time64
_gmtime64
_difftime64

api-ms-win-crt-math-l1-1-0

atan2f
tanf
log2f
modf
expf
logf
powf
asinf
cosf
fmodf
sqrtf
sqrt
atanf
acos
_finite
pow
cos
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

strtoimax
atoi
wcstol
strtod
strtol

api-ms-win-crt-string-l1-1-0

isspace
tolower
isalpha
isalnum
strncat
strncpy
wcsncpy_s
wcstok_s
iswalnum
wcscat_s
strcpy_s
wcscpy_s
strcmp
wcsncmp
_wcsicmp
strncmp
iswcntrl

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wsplitpath_s
rename
_wsplitpath

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
_aligned_malloc
malloc
free

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 70.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f625cf0f5078978e67199c5c50327e8e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:a3:cf:47:fd:62:c0:22:e0:4a:a0:fb:24:1f:f9:c5Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e4:d7:23:9a:0f:bb:db:0b:01:cb:d4:5d:e3:0c:a6:67:6c:44:0d:b1:f0:34:68:72:1c:ce:99:4c:9a:bf:98:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

steam_api64

d3d11

dinput8

shlwapi

winhttp

dbghelp

kernel32

user32

gdi32

advapi32

shell32

msvcp140

crypt32

d3dcompiler_47

dwmapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 308KB - Virtual size: 307KB

.data Size: 1.1MB - Virtual size: 70.1MB

.pdata Size: 73KB - Virtual size: 72KB

.tls Size: 512B - Virtual size: 21B

.gfids Size: 512B - Virtual size: 80B

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 342KB - Virtual size: 341KB

.reloc Size: 12KB - Virtual size: 12KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:a3:cf:47:fd:62:c0:22:e0:4a:a0:fb:24:1f:f9:c5
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e4:d7:23:9a:0f:bb:db:0b:01:cb:d4:5d:e3:0c:a6:67:6c:44:0d:b1:f0:34:68:72:1c:ce:99:4c:9a:bf:98:c9
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 308KB - Virtual size: 307KB

.data
Size: 1.1MB - Virtual size: 70.1MB

.pdata
Size: 73KB - Virtual size: 72KB

.tls
Size: 512B - Virtual size: 21B

.gfids
Size: 512B - Virtual size: 80B

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 342KB - Virtual size: 341KB

.reloc
Size: 12KB - Virtual size: 12KB