HexagonStudioLauncherBeta[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

HexagonStudioLauncherBeta.exe
Size

1.0MB
MD5

e04e8381257f94d1b07bfee6d69d3902
SHA1

1e2ca349a353b5b66b1803a39d03992f54b65bec
SHA256

a2d17b944f12efe2bd3502b978c1e9ece10cb8f648e091da43dc4d1855e102bf
SHA512

f4b816e393d9fc5e9e4633a403bcb570c3c3dea615f1a450288010dc294487aabd2e711a71d6e00b74bb7f1df0bcbf2b9bad0f6a49a8053ab4e59c57e9d3097d
SSDEEP

12288:Zl2HSe/Of5dYu4wqnIVTFmTFo/2k1KIvN47MerKJcDkmVjuighWTgUkySU2gN6/+:jyF/Ohdn41eFxS9MaK2zHzTgUu9sce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HexagonStudioLauncherBeta.exe

Files

HexagonStudioLauncherBeta.exe
.exe windows:5 windows x86 arch:x86

94c148387351f8c725625ea652061d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\src\Build\Installer\BootstrapperQTStudio\bin\Release\HexagonStudioLauncherBeta.pdb

Imports

kernel32

GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateProcessW
GetVersionExW
GetExitCodeProcess
LocalFree
FormatMessageW
GetSystemTime
lstrcmpW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
WaitForSingleObject
SetEvent
ResetEvent
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
VirtualAlloc
OpenEventW
CreateEventW
GetLastError
VirtualFree
HeapCreate
LCMapStringW
CloseHandle
CreateEventA
FormatMessageA
CreateSemaphoreA
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
CreateMutexW
ReleaseMutex
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
GetModuleFileNameW
DuplicateHandle
LoadLibraryW
GetProcAddress
FreeLibrary
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetLocalTime
OpenProcess
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
GetShortPathNameW
CreateFileW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
InterlockedExchange
InterlockedExchangeAdd
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
TlsGetValue
TlsSetValue
TlsFree
MulDiv
SystemTimeToFileTime
OpenEventA
GetCurrentProcessId
CreateWaitableTimerW
ResumeThread
GetFileAttributesExW
GetFileSizeEx
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetStartupInfoW
ExitProcess
ExitThread
CreateThread
GetCPInfo
LCMapStringA

user32

SetWindowLongW
CreateWindowExW
InvalidateRect
ShowWindow
LoadBitmapW
DefWindowProcW
CallWindowProcW
GetParent
GetWindowRect
SendMessageW
SetWindowTextW
LoadAcceleratorsW
GetMessageW
GetWindowLongW
TranslateMessage
DispatchMessageW
SetFocus
SetWindowPos
MessageBoxW
CharUpperW
CharNextW
PostThreadMessageW
GetWindowThreadProcessId
EnumWindows
GetDlgItem
PostQuitMessage
BeginPaint
FillRect
LoadStringW
LoadIconW
RegisterClassW
GetSystemMetrics
GetDC
ReleaseDC
SetTimer
KillTimer
EndPaint
EnableWindow
IsWindowVisible
SetForegroundWindow
PostMessageW
GetWindowTextW
MessageBoxA
TranslateAcceleratorW
DestroyWindow

gdi32

Rectangle
SelectObject
CreatePen
GetStockObject
SetTextColor
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateFontW
SetBkMode

advapi32

GetLengthSid
RegDeleteValueW
RegSetValueExW
RegCloseKey
DuplicateToken
RegCreateKeyExW
GetUserNameW
RegDeleteKeyW
RegEnumKeyExW
RegFlushKey
GetTokenInformation
CryptAcquireContextW
IsValidSid
CryptCreateHash
CopySid
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
RegQueryValueExW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

StringFromGUID2
CoUninitialize
CoCreateGuid
CoTaskMemFree
ProgIDFromCLSID
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SetErrorInfo
RegisterTypeLi
SysFreeString
CreateErrorInfo

shlwapi

StrCmpW
StrDupW
StrRChrW
StrStrW
SHDeleteKeyW
StrCmpNW
PathFileExistsW
StrCpyW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

ioctlsocket
select
closesocket
WSASend
WSASocketW
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
connect
getsockopt
WSARecv
WSASetLastError
WSAStartup
WSACleanup

wininet

InternetSetOptionW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenW

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Exports

Exports

?StartGame@SharedLauncher@@YAJAAV?$simple_logger@_W@@PA_W11ABU_GUID@@_N131W4LaunchMode@1@@Z

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94c148387351f8c725625ea652061d64

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

psapi

iphlpapi

Exports

Exports

Sections

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 39KB - Virtual size: 47KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 415KB - Virtual size: 415KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 39KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 415KB - Virtual size: 415KB

.reloc
Size: 35KB - Virtual size: 35KB