darkvision | fortnite[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fortnite.exe
Size

1.4MB
MD5

5999098b0f0e4e25e826092a7f1e7598
SHA1

76f8454429e4a59e4b7361415a6d62e08207577e
SHA256

74e66581cda6b55f9dbfcfe260faec1dad8a38d9fa0c5c2f45e64d16e6a11d4e
SHA512

7d43edd26d68f5f51478a6e8f75652bf15a9704c89f4d70c6115c51989c9e60a726124c4ddabd5a95917a537b066a0d6ecef3b737492706e82e5493a63ce36c1
SSDEEP

24576:PW0EbEOAkR+9yJgoHqWnKwVIL4I9fGzPvW4C30Wemex2ze+9S:PW0kTdnn9RP

Score

10^/10

darkvision

Malware Config

Extracted

Family

darkvision

154.216.17.115

https://rentry.co/razorrat/rawYDHXBF8ZTF

Signatures

Darkvision family
darkvision

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fortnite.exe

Files

fortnite.exe
.exe windows:6 windows x64 arch:x64

d7efe0a16b9727c7b7eecba3db2078ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\zero\Downloads\nyuger\Release\fortnite.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

dwmapi

DwmExtendFrameIntoClientArea

ntdll

RtlPcToFileHeader
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlUnwind

kernel32

CreateFileA
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Process32First
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
WritePrivateProfileStringA
Beep
lstrcmpiA
GetPrivateProfileStringA
FindFirstFileExW
FindClose
HeapReAlloc
GetFileAttributesExW
CreateProcessW
VirtualAlloc
WaitForSingleObject
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
VirtualProtect
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
VirtualFree
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
SetEndOfFile
WriteConsoleW
GetExitCodeProcess
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
SleepConditionVariableSRW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
FreeLibraryAndExitThread
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
FindNextFileW

user32

DispatchMessageA
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
MessageBoxA
TranslateMessage
PeekMessageA
FindWindowA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
ScreenToClient
ClientToScreen
GetForegroundWindow
SetCursor
GetClientRect
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 646KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d7efe0a16b9727c7b7eecba3db2078ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

dwmapi

ntdll

kernel32

user32

imm32

d3dcompiler_47

Sections

.text Size: 626KB - Virtual size: 626KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 646KB - Virtual size: 653KB

.pdata Size: 25KB - Virtual size: 24KB

.fptable Size: 512B - Virtual size: 256B

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 626KB - Virtual size: 626KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 646KB - Virtual size: 653KB

.pdata
Size: 25KB - Virtual size: 24KB

.fptable
Size: 512B - Virtual size: 256B

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB