SteamtoolsSetup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SteamtoolsSetup.exe
Size

2.7MB
MD5

5321690369d17547a978cd28f45f5ea6
SHA1

173b7be12e9ef3af91e2a7cbfe63a313134c9e32
SHA256

14224256268d10452893cae5d330262b6dd8f854e7f2e8bfbc2d050eb0d0f80f
SHA512

4f2aa0801d685195570c62ce19335465e85d19f04335fe56945207482893d1181c04bbfe18230bf0a490f8f5cf2998bee7f2c1c17146126555dd780d2dd085b4
SSDEEP

49152:RKQJrfc1y4pY+CvSs0AhuEySsxsiMRPPRRw69XmYya:xwvEyVsiMRPPRRw69XmYya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamtoolsSetup.exe

Files

SteamtoolsSetup.exe
.exe windows:6 windows x64 arch:x64

d64926d4810ce162d25901020fb4673c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\steam\RustroverProjects\SteamtoolsSetup\target\release\deps\SteamtoolsSetup.pdb

Imports

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

SetConsoleMode
WakeAllConditionVariable
GetModuleHandleA
GetProcAddress
GetCurrentThread
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
SetConsoleCursorPosition
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
ReleaseSRWLockShared
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
CreateProcessW
SetHandleInformation
DuplicateHandle
SetLastError
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetFinalPathNameByHandleW
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
AcquireSRWLockShared
CreateEventW
CancelIo
ReadFile
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
DeleteFileW
MoveFileExW
SleepConditionVariableSRW
PostQueuedCompletionStatus
GetFileInformationByHandleEx
SetThreadStackGuarantee
AddVectoredExceptionHandler
ReleaseSRWLockExclusive
WideCharToMultiByte
GetConsoleMode
GetFileAttributesW
GetStdHandle
GetExitCodeProcess
GetQueuedCompletionStatusEx
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
HeapReAlloc
GetLastError
SetFilePointerEx
WakeConditionVariable
AcquireSRWLockExclusive
CloseHandle
TryAcquireSRWLockExclusive
CreateIoCompletionPort
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SwitchToThread
SetFileCompletionNotificationModes
InitializeProcThreadAttributeList
IsDebuggerPresent
GetModuleHandleW
GetWindowsDirectoryW

ws2_32

WSASocketW
ioctlsocket
closesocket
connect
getsockopt
bind
WSAIoctl
getsockname
WSAGetLastError
getpeername
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
shutdown
WSASend

crypt32

CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

secur32

FreeContextBuffer
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
ApplyControlToken
DecryptMessage
QueryContextAttributesW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptGenRandom

vcruntime140

memcpy
memset
memmove
memcmp
__CxxFrameHandler3
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr
pow
trunc
round
truncf

api-ms-win-crt-heap-l1-1-0

free
malloc
_aligned_free
_set_new_mode
_aligned_malloc

api-ms-win-crt-utility-l1-1-0

_rotl64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_wassert
__p___argc
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argv
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1022KB - Virtual size: 1022KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d64926d4810ce162d25901020fb4673c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

ws2_32

crypt32

secur32

advapi32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1022KB - Virtual size: 1022KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 38KB - Virtual size: 37KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1022KB - Virtual size: 1022KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 23KB - Virtual size: 23KB