46150cdfcab08c2630dd05f74c30287d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

46150cdfcab08c2630dd05f74c30287d_JaffaCakes118
Size

5.1MB
MD5

46150cdfcab08c2630dd05f74c30287d
SHA1

40e6d394d85c75c2ddea5ed4a0bd14d188e907a9
SHA256

44929dd7bfd55fb10d4109c0d71aae9dda9a940a4e2f3ab63e0072e9ced44715
SHA512

6bb434a6c62b6f32996af3d24c1cc31bcd6d3d40418215f137489c1ee069d361ee678a3396a902905fb6b36288f10b4a2532c188a0605b93f33966eccd336800
SSDEEP

98304:d+mUE1wfjq3+jEyV054LYEhD5jzYEcMKMG7ahGxjZqu:bec+j1V00YapzHZK/751j

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
46150cdfcab08c2630dd05f74c30287d_JaffaCakes118
unpack001/$EXEDIR/3DMGAME.dll
unpack001/$EXEDIR/Steamclient.dll
unpack001/$EXEDIR/buddha.dll
unpack001/$EXEDIR/steam_api.dll
unpack001/$EXEDIR/t6sp.exe
unpack001/$EXEDIR/t6zm.exe
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

46150cdfcab08c2630dd05f74c30287d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/3DMGAME.dll
.dll windows:4 windows x86 arch:x86

cfa552145935c37596401426bad1da88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA

kernel32

GetOEMCP
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType

oleaut32

SafeArrayRedim

Exports

Exports

#ڒϖa/��W�r��O�_>r߷v#��g_��8_��pʍ��=�"��G%T�շ"�d+��'��>z�O<v�B$;O$�� N�]B :ܽ�ԛ�㋲�pm��Ӱ_�\t:�<P\�KO��f��tK{�#�H��,��?��ø�}QZa</챒;KM��G�fA;�� Ϙ0�C��[��`�� m�V&�w��T��|��l��&��t!��~��7�j,��^a!�� 鏺�Y��%��i�ãu��7�s��D�r�5$� ?��~��j?��=��!@=�C'Sn�i��.&I��jQu��g� P��2_�� G\��}EQ�j�_+7v5��K��K\I/v��i�J��J��^�egZ��t��j��A��R��x��^ pW>�3Q��rh�]J��щ�iY��M��_\X��<�1��L��-��3��ݶ��4�i�U��C��CYd��ߟ��:� ��`�J��d��T��˥�,Q�0�Ѯ�Z��q��HE��=��J��$ ��F�_��8�ƿ(8�`��S,��y�q`D*�`.��8��љ��O�Fj�Y�5vc�W�z��^:�t�02?Q��o�v�d��_C��@X�p�k�zr��H��iH�`��͍��rB��v2��I{�.��,N�H�׶��i��FJ�K�'�O$��=gK�}��ϵ1�+¦68Ί�xwJH8��\t�N7:"z��`�rى��i�Y�3�/*&11�Ë��g��W<�,�-d��w6�V|��|#~ԓ��(�Ņ��E��Z��̎�%��UBfH��f�)n-�� r]7=��r��;�ܻd�� {z� \U@�`��(=b��s-��ͅ�3��q;�+�տ�d��鑟�zQ�D�u�$_*+ַ8HL4�/�E��]e}2��Όrp��Vѐ�Ϡ��H�9v�pa]�b��ԓ�0D��zC��;A�f��A>r��(\��k��Ҽ��W)^��5�|"�A�Gj��EM�/��zc2Z#4N��Ȃeo,�O f❱�מ��w�P��|�,'��@�޻3wh�T�m�RE�'6Pل�O��ca��U2/��dEX�pH%�lΥ�2#)��C � ��[e��k�(�h��͌��ț�>�M��|N�W9Yp\\f��cc�M�~K=�m:{�.4��ğ�n�@�z�L(��VGwѸ�!�f�#��azz�6�9A!0oe��2�_G)�'c� ��>f�*��'z��:�bO� ��ij)��6��%�p�<�\ƞ�x�/H��"��m�f��{XF`��p�+17a�蜐�&��bz.�D�bD�Sl��Lz�u�+1kl^��;�RO>�$b�4��*��B�S�.TW��)$�?{�N��^ÿ��P��x��Y��C�=�H�9^h�pf��po:��͚�`%�;��ˣt��V��؊+�K�'Jum ��mef�r��m�h�)�2��K� f�0��*Q%�/:�� I<��B$��ء�9>��a�%�20uE0߻�xxGv�3k�w�zf��j~�E� ~<B��9�^��[��С@$?�0�g��AW��Y�qˀσ��@��̶��z8��#�M?�V�,�� z�+��́�n� |�F��.�� ^yL �i�g$��yd��X��Q��V�5��1CzK<�q�Ɍ�Í�;��.L?�כ �մ�"Ól��ShG6��JwB�I��}|�s�D��E��}�u�F�Ǯp1@��,�r,��+,8��2��R��K��t<~�\��m�^1��^K�48��z��r��[��e,��t�u3�}��W��}��cO�k�EY�z��x��~�kڽB�l�3R��r=*#k��q�|�$q6}1m�l��M�g��1V#4T��eNc��Qz��n��3��4�*��^�njLV��_]p�d��hD�f0c�� n��\��;��2z�O=��.��i!2��嗇Rrߊ�?��-a&�;ֹ2`��NX��@��/}> ^��u��c�]y>��JG�F�7��Y[j�� #q��ۊ��fr/}��|}��6�R�eP�s��ռ��[�(�I��I��E7�c�k��x�s,��ɺ>l��X72�R�9kaΐ��SѾ��R�W��2��n>7��!>�p"�g��@o8�m��d��$�tI]B��J5��}�o{{��:gωܼ�� @��5��@n/�l��p^=��I�#� >��A� �l"ԗ��k&-��ˍ�³��r�ޡa�|G��iNJA+�+�E=�C#MC/gb��r]��R)Nۇ�X1��绾��!|��v��b�^�-eD��$Jf9![+�>6��B��~ Ǡ�0�Gx�^��O�y�U��͑+��4��\�XIղ�� -6q��k'�BZj�a8�Hq��~��Ǔd��U��B��.d��SƖ�}U�[�r�ȸv��)[SB�G��h��v}@��Y ��\�f��j�`��+k�=��z�3@��lzT��=�1�� 6�F~~㑼tܸ�ܪ�t��gI^I� pT�a�%�W��ˎ�~MRO匽��e,��@E@`��X'�Jr��1��u��7�2�7��P�H�� N>3AO.�c#Lڷw�U��=�� @�H`�S�e��\�"�X熄zoE�R�E��N<�tLӊ��~�{��S��\��3�+a_��ٚ��Sk$��O��%%E.�H8 lt�m�F��n�(Q=��X��/�o�l��w� ^
___CPPdebugHook
drm_pagui_doit

Sections

.text
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3DMGAME0
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3DMGAME1
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/3DMGAME.ini
$EXEDIR/Steamclient.dll
.dll windows:5 windows x86 arch:x86

ca8f196ebeb860e61002d7f57f2739e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

user32

MessageBoxA

wininet

InternetOpenA
InternetCloseHandle
InternetCrackUrlA

kernel32

GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
CreateFileA
SetStdHandle
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualProtectEx
GetCurrentProcess
WriteProcessMemory
SetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GetModuleFileNameA
VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery
CloseHandle
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
Thread32Next
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
SetEnvironmentVariableA
FindClose
FindNextFileA
FindFirstFileA
GetLastError
GetPrivateProfileStringA
GetEnvironmentVariableA
WritePrivateProfileStringA
GetVolumeInformationA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
HeapAlloc
CreateDirectoryA
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapCreate
HeapDestroy
HeapSize
ExitProcess
IsProcessorFeaturePresent
ReadFile
SetFilePointer
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc

Exports

Exports

?_Patch@@YAHIPBXI@Z
CreateInterface
SKIDROW
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STMSIG
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/buddha.dll
.dll windows:4 windows x86 arch:x86

4d0ba8ad8dc0896d837e9c3bdbc9da2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AllocConsole
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

SKIDROW

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 585B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.skr0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.skr1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/steam_api.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildslave\steam_rel_client_win32\build\src\steam_api\Release\steam_api.pdb

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/t6sp.exe
.exe windows:5 windows x86 arch:x86

b4e3639563466222d58bc39c9c03dbbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\t6\code\src\obj\t6\codSteam_CEG_bin\t6sp.pdb

Imports

steam_api

SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamUserStats
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAPI_UnregisterCallResult
SteamAPI_RunCallbacks
SteamAPI_Init
SteamUtils
SteamApps
SteamFriends
SteamAPI_RestartAppIfNecessary
SteamUser

winmm

mixerGetLineControlsA
timeEndPeriod
timeBeginPeriod
mixerOpen
mixerSetControlDetails
mixerGetDevCapsA
waveInGetNumDevs
mixerGetNumDevs
timeGetTime
mixerClose
mixerGetControlDetailsA
mixerGetLineInfoA

wsock32

recv
WSAGetLastError
gethostbyname
ioctlsocket
sendto
closesocket
bind
htons
setsockopt
inet_ntoa
socket
gethostname
WSAStartup
select
recvfrom
send
__WSAFDIsSet
shutdown

faultrep

ReportFault

dxgi

CreateDXGIFactory1

dsound

ord6
ord11

kernel32

FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CompareStringW
HeapQueryInformation
GetExitCodeProcess
CreatePipe
LoadLibraryW
SetConsoleCtrlHandler
CreateDirectoryA
CreateMutexA
HeapAlloc
CreateFileW
InterlockedExchange
CloseHandle
GetFileInformationByHandleEx
HeapFree
CreateFileA
GetCurrentThreadId
GetTickCount
lstrlenW
GetStartupInfoW
GetModuleFileNameA
InterlockedIncrement
CreateSemaphoreA
InterlockedCompareExchange
Sleep
GetCurrentProcessId
GetModuleHandleA
GetLastError
ReleaseSemaphore
GetFileInformationByHandle
OpenFileById
GetTimeZoneInformation
GetProcessHeap
lstrcmpiW
FileTimeToSystemTime
GetProcessTimes
GetCurrentProcess
UnmapViewOfFile
HeapSize
GetSystemTimeAsFileTime
SetLastError
GetFullPathNameW
GetEnvironmentStringsW
GetComputerNameA
GetModuleHandleExA
ExitProcess
GetConsoleWindow
SizeofResource
LoadLibraryA
GetSystemTime
WriteFile
QueryPerformanceFrequency
VirtualQuery
GetCommandLineW
GetCurrentDirectoryW
LockResource
CreateEventA
WaitForSingleObject
GetFullPathNameA
SetEvent
CreateFileMappingA
MapViewOfFile
ReleaseMutex
AddVectoredExceptionHandler
GetFileTime
LoadResource
GetProcAddress
DebugBreak
FindResourceW
GetFileAttributesA
InterlockedDecrement
InterlockedExchangeAdd
QueryPerformanceCounter
GetCurrentDirectoryA
CreateThread
FreeLibrary
SetFilePointer
GetFileSize
ReadFile
RaiseException
ResetEvent
GetProcessAffinityMask
DuplicateHandle
GetCurrentThread
SuspendThread
ResumeThread
SetThreadPriority
SetFileAttributesA
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GlobalMemoryStatus
SetProcessAffinityMask
GetThreadPriority
OutputDebugStringA
GetDriveTypeA
GlobalUnlock
GlobalSize
GlobalLock
GetVersionExA
DeleteFileA
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
MulDiv
SetPriorityClass
SetThreadExecutionState
WideCharToMultiByte
GetSystemInfo
GetSystemDirectoryW
OpenFileMappingA
GetModuleFileNameW
GetWindowsDirectoryW
OpenEventA
HeapCreate
HeapDestroy
CreateSemaphoreW
GetModuleHandleW
OpenProcess
PulseEvent
FindClose
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
GetDriveTypeW
ExitThread
HeapReAlloc
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetCommandLineA
HeapSetInformation
PeekNamedPipe
GetFileType
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
DecodePointer
EncodePointer
GetVersion
FlushConsoleInputBuffer
MultiByteToWideChar
RtlUnwind
ReadConsoleInputA
SetConsoleMode
RemoveVectoredExceptionHandler
MoveFileA

user32

MoveWindow
MapVirtualKeyA
CloseWindow
SetWindowTextA
CallWindowProcA
GetMonitorInfoA
DestroyWindow
DefWindowProcA
LoadCursorA
RegisterClassA
PostQuitMessage
RegisterWindowMessageA
LoadImageA
CreateWindowExA
SendMessageA
AdjustWindowRect
SetWindowPos
LoadIconA
RegisterClassExA
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
DispatchMessageA
TranslateMessage
ShowWindow
SetCursor
GetClientRect
GetSystemMetrics
ClientToScreen
GetCursorPos
ScreenToClient
GetForegroundWindow
SetFocus
GetWindowRect
SetCursorPos
GetActiveWindow
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
GetDC
ReleaseDC
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
MessageBoxA
ShowCursor
GetClassLongA
AdjustWindowRectEx
IsWindow
GetMenuItemCount
SetClassLongA
PeekMessageA
EnumDisplaySettingsA
DeleteMenu
GetMenuItemID
GetSystemMenu
GetUserObjectInformationW
GetProcessWindowStation
MonitorFromWindow

gdi32

DeleteDC
DeleteObject
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
GetDeviceCaps
CreateFontA
SetDeviceGammaRamp

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteA
SHGetFolderPathA

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitializeEx

xinput1_3

ord4
ord3
ord2

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ws2_32

getsockname
WSASetLastError
connect
inet_ntoa
ntohs

psapi

GetProcessMemoryInfo

binkw32

_BinkSetSoundTrack@8
_BinkDoFrame@4
_BinkClose@4
_BinkStartAsyncThread@8
_BinkGetError@0
_BinkOpen@8
_BinkWaitStopAsyncThread@4
_BinkGetRealtime@12
_BinkSetMemory@8
_BinkDoFrameAsyncWait@8
_BinkGetRects@8
_BinkRequestStopAsyncThread@4
_BinkRegisterFrameBuffers@8
_BinkNextFrame@4
_BinkGetFrameBuffersInfo@8
_BinkPause@8
_BinkControlBackgroundIO@8
_BinkDoFrameAsync@12
_BinkSetIOSize@4

d3d11

D3D11CreateDeviceAndSwapChain
D3D11CreateDevice

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.conceal
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 53.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/t6zm.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.conceal
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 53.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 21KB - Virtual size: 20KB

cfa552145935c37596401426bad1da88

Headers

File Characteristics

Imports

advapi32

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 124KB

.data Size: - Virtual size: 32KB

.tls Size: - Virtual size: 4KB

.idata Size: - Virtual size: 4KB

.edata Size: - Virtual size: 4KB

3DMGAME0 Size: - Virtual size: 130KB

.tls Size: 512B - Virtual size: 24B

3DMGAME1 Size: 239KB - Virtual size: 239KB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 1KB - Virtual size: 4KB

ca8f196ebeb860e61002d7f57f2739e0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

user32

wininet

kernel32

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 246KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 7KB - Virtual size: 15KB

.STMSIG Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

4d0ba8ad8dc0896d837e9c3bdbc9da2d

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 585B

.data Size: - Virtual size: 4KB

.skr0 Size: - Virtual size: 28KB

.skr1 Size: 60KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 204B

Headers

DLL Characteristics

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: - Virtual size: 124KB

.data
Size: - Virtual size: 32KB

.tls
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 4KB

.edata
Size: - Virtual size: 4KB

3DMGAME0
Size: - Virtual size: 130KB

.tls
Size: 512B - Virtual size: 24B

3DMGAME1
Size: 239KB - Virtual size: 239KB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 246KB - Virtual size: 246KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 15KB

.STMSIG
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 585B

.data
Size: - Virtual size: 4KB

.skr0
Size: - Virtual size: 28KB

.skr1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.conceal
Size: 8KB - Virtual size: 7KB

.interpr
Size: 26KB - Virtual size: 25KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 3.0MB - Virtual size: 53.6MB

.tls
Size: 7KB - Virtual size: 6KB

.version
Size: 512B - Virtual size: 4B

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 256KB - Virtual size: 255KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.conceal
Size: 8KB - Virtual size: 7KB

.interpr
Size: 26KB - Virtual size: 25KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 3.0MB - Virtual size: 53.5MB

.tls
Size: 7KB - Virtual size: 6KB

.version
Size: 512B - Virtual size: 4B

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 256KB - Virtual size: 255KB