Resubmissions

09/11/2024, 19:28

241109-x6zldatkfp 7

09/11/2024, 19:23

241109-x4at8stkap 8

General

  • Target

    sunshine-windows-installer.exe

  • Size

    11.1MB

  • MD5

    8312c5f6b4975bd773854ed2a60ad055

  • SHA1

    6993de295c40c9fc81730eec58e0c32b9f6f159d

  • SHA256

    5608a618bc19fa3e21e6272d91d6443512da3c3965bd62e18092b4c7ec07cd29

  • SHA512

    a09a0009638f871fa4d2eda7863ab53ba1ca8ab8af2d5730a4c84475420faa45aaf3e20dc9cf4ee2b57097f35b6886d5ecb25a1731d0faa37027b90107e42bcb

  • SSDEEP

    196608:G3U2mDrnyHvZHyrKjS5/DAeT6LC6Gu9WP8EeszDQspgSV/p9gMsy8:YUlIv0rCOrNOWzug07FsSSVey8

Score
3/10

Malware Config

Signatures

  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Unsigned PE 15 IoCs

    Checks for missing Authenticode signature.

Files

  • sunshine-windows-installer.exe
    .exe windows:4 windows x64 arch:x64

    c0f430a142bcdc701f4a3bdc3d2c6a84


    Headers

    Imports

    Sections

  • $PLUGINSDIR/InstallOptions.dll
    .dll windows:4 windows x64 arch:x64

    05819310b75421aa191b541c88aafa6f


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/NSIS.InstallOptions.ini
  • $PLUGINSDIR/StartMenu.dll
    .dll windows:4 windows x64 arch:x64

    511c5f608df90f14ce6f4dd457c4ff2a


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x64 arch:x64

    cf8eee620b3371ff06e99c34f39ea84c


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x64 arch:x64

    6999456a03b632cf650f212358b1c70e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/ioSpecial.ini
  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/modern-wizard.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x64 arch:x64

    74ba91b9fcb5a967b84ea9b49217f8d2


    Headers

    Imports

    Exports

    Sections

  • Uninstall.exe
    .exe windows:4 windows x64 arch:x64

    c0f430a142bcdc701f4a3bdc3d2c6a84


    Headers

    Imports

    Sections

  • $PLUGINSDIR/UserInfo.dll
    .dll windows:4 windows x64 arch:x64

    6999456a03b632cf650f212358b1c70e


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/modern-header.bmp
  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x64 arch:x64

    74ba91b9fcb5a967b84ea9b49217f8d2


    Headers

    Imports

    Exports

    Sections

  • assets/apps.json
  • assets/box.png
    .png
  • assets/desktop-alt.png
    .png
  • assets/desktop.png
    .png
  • assets/shaders/directx/convert_yuv420_packed_uv_type0_ps.hlsl
  • assets/shaders/directx/convert_yuv420_packed_uv_type0_ps_linear.hlsl
  • assets/shaders/directx/convert_yuv420_packed_uv_type0_ps_perceptual_quantizer.hlsl
  • assets/shaders/directx/convert_yuv420_packed_uv_type0_vs.hlsl
  • assets/shaders/directx/convert_yuv420_planar_y_ps.hlsl
  • assets/shaders/directx/convert_yuv420_planar_y_ps_linear.hlsl
  • assets/shaders/directx/convert_yuv420_planar_y_ps_perceptual_quantizer.hlsl
  • assets/shaders/directx/convert_yuv420_planar_y_vs.hlsl
  • assets/shaders/directx/cursor_ps.hlsl
  • assets/shaders/directx/cursor_ps_normalize_white.hlsl
  • assets/shaders/directx/cursor_vs.hlsl
  • assets/shaders/directx/include/base_vs.hlsl
  • assets/shaders/directx/include/base_vs_types.hlsl
  • assets/shaders/directx/include/common.hlsl
  • assets/shaders/directx/include/convert_base.hlsl
  • assets/shaders/directx/include/convert_linear_base.hlsl
  • assets/shaders/directx/include/convert_perceptual_quantizer_base.hlsl
  • assets/shaders/directx/include/convert_yuv420_packed_uv_ps_base.hlsl
  • assets/shaders/directx/include/convert_yuv420_planar_y_ps_base.hlsl
  • assets/steam.png
    .png
  • assets/web/apps.html
    .html
  • assets/web/assets/Navbar-48ec9d0d.css
  • assets/web/assets/Navbar-dbaf0800.js
    .js
  • assets/web/assets/ResourceCard-ea4a7cba.js
  • assets/web/assets/_plugin-vue_export-helper-cff45802.css
  • assets/web/assets/_plugin-vue_export-helper-fe085d29.js
    .js
  • assets/web/assets/apps-966a1e70.js
    .js
  • assets/web/assets/config-f4fb6dcb.js
    .js
  • assets/web/assets/css/sunshine.css
  • assets/web/assets/fa-brands-400-232c6f6a.woff2
  • assets/web/assets/fa-brands-400-e28096fa.ttf
  • assets/web/assets/fa-regular-400-9174757e.ttf
  • assets/web/assets/fa-regular-400-c27da6f8.woff2
  • assets/web/assets/fa-solid-900-ae17c16a.woff2
  • assets/web/assets/fa-solid-900-b4990d0d.ttf
  • assets/web/assets/fa-v4compatibility-c7a869fa.woff2
  • assets/web/assets/fa-v4compatibility-ff8f525f.ttf
  • assets/web/assets/index-1d511c0f.js
    .js
  • assets/web/assets/locale/de.json
  • assets/web/assets/locale/en.json
  • assets/web/assets/locale/en_GB.json
  • assets/web/assets/locale/en_US.json
  • assets/web/assets/locale/es.json
  • assets/web/assets/locale/fr.json
  • assets/web/assets/locale/it.json
  • assets/web/assets/locale/ja.json
  • assets/web/assets/locale/pt.json
  • assets/web/assets/locale/ru.json
  • assets/web/assets/locale/sv.json
  • assets/web/assets/locale/zh.json
  • assets/web/assets/password-41ebda5b.js
    .js
  • assets/web/assets/pin-677ef343.js
    .js
  • assets/web/assets/troubleshooting-76080e6f.js
    .js
  • assets/web/assets/welcome-6454da3a.js
    .js
  • assets/web/config.html
    .html
  • assets/web/images/logo-sunshine-16.png
    .png
  • assets/web/images/logo-sunshine-45.png
    .png
  • assets/web/images/sunshine-locked-16.png
    .png
  • assets/web/images/sunshine-locked-45.png
    .png
  • assets/web/images/sunshine-locked.ico
  • assets/web/images/sunshine-locked.png
    .png
  • assets/web/images/sunshine-locked.svg
    .xml
  • assets/web/images/sunshine-pausing-16.png
    .png
  • assets/web/images/sunshine-pausing-45.png
    .png
  • assets/web/images/sunshine-pausing.ico
  • assets/web/images/sunshine-pausing.png
    .png
  • assets/web/images/sunshine-pausing.svg
    .xml
  • assets/web/images/sunshine-playing-16.png
    .png
  • assets/web/images/sunshine-playing-45.png
    .png
  • assets/web/images/sunshine-playing.ico
  • assets/web/images/sunshine-playing.png
    .png
  • assets/web/images/sunshine-playing.svg
    .xml
  • assets/web/images/sunshine.ico
  • assets/web/index.html
    .html
  • assets/web/password.html
    .html
  • assets/web/pin.html
    .html
  • assets/web/troubleshooting.html
    .html
  • assets/web/welcome.html
    .html
  • scripts/add-firewall-rule.bat
    .bat .vbs
  • scripts/autostart-service.bat
  • scripts/delete-firewall-rule.bat
  • scripts/install-gamepad.bat
    .bat .vbs
  • scripts/install-service.bat
    .bat .vbs
  • scripts/migrate-config.bat
  • scripts/uninstall-gamepad.bat
  • scripts/uninstall-service.bat
  • sunshine.exe
    .exe windows:4 windows x64 arch:x64

    c2f2b836a645aa71f021e612451eb943


    Headers

    Imports

    Exports

    Sections

  • tools/audio-info.exe
    .exe windows:4 windows x64 arch:x64

    e7c042069955e8e7d4756a6184e37a5f


    Headers

    Imports

    Sections

  • tools/ddprobe.exe
    .exe windows:4 windows x64 arch:x64

    92d608a638501583b0d0fcd6122b8f6b


    Headers

    Imports

    Sections

  • tools/dxgi-info.exe
    .exe windows:4 windows x64 arch:x64

    8350c2fab5a96dad7189790b30df2cc6


    Headers

    Imports

    Sections

  • tools/sunshinesvc.exe
    .exe windows:4 windows x64 arch:x64

    0e876a02157e5daa145812fddc9c99cd


    Headers

    Imports

    Sections

  • zlib1.dll
    .dll windows:4 windows x64 arch:x64

    0362b276bf74944aaf0d04f3240210cd


    Headers

    Imports

    Exports

    Sections