238150fe45aa43ee2689e5e11c7a5c79

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2080-Apr-06 22:54:46
Debug artifacts F:\F\TSTprog\SteamDesktopAuthenticator-1.0.10 — копия — копия\SteamAuth.Desktop\obj\x64\Debug\Steam Desktop Authenticator.pdb
Comments
CompanyName Microsoft
FileDescription SteamAuth.Desktop
FileVersion 1.0.10
InternalName Steam Desktop Authenticator.exe
LegalCopyright Copyright © Microsoft 2021
LegalTrademarks
OriginalFilename Steam Desktop Authenticator.exe
ProductName SteamAuth.Desktop
ProductVersion 1.0.10
Assembly Version 1.0.10.0

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • github.com
  • https://github.com
  • https://steamcommunity.com
  • https://vcredistdownload.com
  • https://webstatuschecking.com
  • steamcommunity.com
  • vcredistdownload.com
  • webstatuschecking.com
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Malicious VirusTotal score: 3/70 (Scanned on 2023-03-03 12:58:44) Kaspersky: HEUR:Trojan.MSIL.Agent.gen
ZoneAlarm: HEUR:Trojan.MSIL.Agent.gen
MaxSecure: Trojan.Malware.8703358.susgen

Hashes

MD5 238150fe45aa43ee2689e5e11c7a5c79
SHA1 6596c81d6953890fbecdf7cc50a35f2105d6c8a8
SHA256 28e7983014b9ee93c7f32217f3f9341a73089038947d318605de091a8a1f1cfd
SHA3 07146a6f250d460a6fcb67c5f00747e2399492abb5c25b544af6667cdb204a03
SSDeep 6144:HtbyU3ReHwaYX2jbLHqT6nw10zIffT6nw10zIffT6nw10zIffT6nw10zIffT6nw:NiQa
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2080-Apr-06 22:54:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 48.0
SizeOfCode 0x14d400
SizeOfInitializedData 0x1a000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x16a000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1475810d1c01730ae12e38d17ac98661
SHA1 7edddc6d51d29773bbacc49c37be9108f8bc0443
SHA256 5d43cdbe73ecb935ed587541543393d7462bf8dbe242bfddd947941854d8ec44
SHA3 eccbc2b66333b481db2ed3742a216dfc09ba67c3a5b31835fba69cec7c721764
VirtualSize 0x14d2e8
VirtualAddress 0x2000
SizeOfRawData 0x14d400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.33056

.rsrc

MD5 d62381abb05d7cd32fc4f83bfbf2a3b5
SHA1 de2c3b61950ce5e18efee11e378a02d3c2e37541
SHA256 dda3c8e8d91ecfd443dcd64f33c97db91cc8be9b86f13dd2f61324182dcbcb8a
SHA3 23fcd2627e531f0d5f7b83e0d5edc721ba8e99bcaacfe47c0b62d377984b6a1f
VirtualSize 0x19fe4
VirtualAddress 0x150000
SizeOfRawData 0x1a000
PointerToRawData 0x14d600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.05021

Imports

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.72987
MD5 3f7871796b2b483bad24ef26902210fd
SHA1 fd48c3cbd615460fd32f66d0d674aaac331b18d0
SHA256 a9a8da7e17daa1ce5676041e6c68d013d0602cacb98fca50ae098c3ae26dbd18
SHA3 f2cb536aef538920b5e4ef254c8c6c28098c6a3e2812d9f230fb58ef3afbde5c

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.68991
MD5 69f7c731dc646d981a6c91c16ba958f3
SHA1 094e439b3891074d2a1f7b7e915043dc486cda39
SHA256 6bed0c3c7a2b1f1ece51ac67d69d59df4d3b6a4b968b32988892fb3b27327a19
SHA3 583245d7d14e98849aa261c5759eec316497b32c0c14b7237be7ec76b62068c3

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x162f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.81587
Detected Filetype PNG graphic file
MD5 bf137cc76b41544f48e9ff72d1fd7d04
SHA1 016f1c8024bc2798195a837c1881c13d23ae8467
SHA256 b7d77a75615bffd066f5a9d65c8512b6bce4ba42b0371bbd61a96249ed9fdad1
SHA3 a0f7d598a5db04d6304e7c20386d8ba5d5942e12f203c77c96803fad7bf9005f

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2112
MD5 e71661e8e1eaf9d66a18a11018148a98
SHA1 9df438e74dbbd09f6a25733f72252c4fbbc4d0b4
SHA256 e2e6fcf797c4c60127056233cb62fd39c41bb7ad0e1753cf323b657c74b60f10
SHA3 89352d8955a1fb2525bffe511cfafd80ef98bcdec429fa65a9fb2196c3360592

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x246f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.89437
Detected Filetype PNG graphic file
MD5 d0e01a3000e7b9f648d0e200483d4cdc
SHA1 9bbfdcb1a63bf6a5c4e1234ae24cb2630587dbb2
SHA256 783f4e83bd26f0df77fef9d7936743d1cb6a532a9f262c3cf7249732bf647df6
SHA3 aee6edb140d9865d666e6ebbb7b41b6418c5d1bc93364adfbdc14c6b43d629fe

6

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.9164
MD5 b5a21ea5278163cb073a88d2ea1b38b4
SHA1 c84b670ed2fc2f8afbcd8598f9ded020813af9a2
SHA256 bb99056712da545f06a8be61589aec57a82f13720a292183a9696893989c0269
SHA3 13ffcbdf2e26448e017b02998c0e6aba800685bc57358bc868067e7057c38d87

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.68735
Detected Filetype Icon file
MD5 5a0d50c3ed8d343f99cc8b9fb4b7dee3
SHA1 570a3bce0bdc74a57609da125b74ec2557ccec13
SHA256 91e3c075ef585e0256e0b3f5943d9f35bf242865d33997b298798eea4cf6c931
SHA3 c0cc1de85884564a96ae44ac897debbf8dee8a0aa85636e28224ca8925efa5e3

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x3aa
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32845
MD5 82865d04d4937e6edb1aacc627500bdd
SHA1 263f6961ed50a266534d32cb5c74fdec73f0f91b
SHA256 18bd0be31230a3e3995cb6067addf48f649303ee3a60c3bcf3023a07809f18ee
SHA3 00d236b73cae8868c426eafc692e44ddd342b0a9e3b636537a9cdea71a949f20

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.10.0
ProductVersion 1.0.10.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName Microsoft
FileDescription SteamAuth.Desktop
FileVersion (#2) 1.0.10
InternalName Steam Desktop Authenticator.exe
LegalCopyright Copyright © Microsoft 2021
LegalTrademarks
OriginalFilename Steam Desktop Authenticator.exe
ProductName SteamAuth.Desktop
ProductVersion (#2) 1.0.10
Assembly Version 1.0.10.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2044-May-05 20:29:22
Version 0.0
SizeofData 164
AddressOfRawData 0x14f244
PointerToRawData 0x14d444
Referenced File F:\F\TSTprog\SteamDesktopAuthenticator-1.0.10 — копия — копия\SteamAuth.Desktop\obj\x64\Debug\Steam Desktop Authenticator.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->