11e02afb4a7b466a8bc4fd4ca5badc5106f3d69103ebdd2705866bd8e0c79931

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-Nov-25 12:17:18
Detected languages Russian - Russia
CompanyName Online-Fix.Me
FileDescription Online-Fix Steamclient
FileVersion 1.3.3.0
LegalCopyright Copyright (C) 2021-2024, 0xdeadc0de
ProductVersion 1.3.3.0

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .of0
Unusual section name found: .of1
Unusual section name found: .of2
The PE only has 6 import(s).
Suspicious The PE contains functions most legitimate programs don't use. Leverages the raw socket API to access the Internet:
  • ioctlsocket
Malicious VirusTotal score: 48/72 (Scanned on 2026-03-07 17:42:22) ALYac: Trojan.Generic.37202641
AVG: Win32:MalwareX-gen [Misc]
AhnLab-V3: Packed/Win.VMProtect.R762196
Alibaba: Packed:Win32/VMProtect.94513bca
Antiy-AVL: Trojan[Packed]/Win32.VMProtect
Arcabit: Trojan.Generic.D237AAD1
Avast: Win32:MalwareX-gen [Misc]
Avira: TR/AVI.Agent.oajpo
BitDefender: Trojan.Generic.37202641
Bkav: W32.AIDetectMalware
CTX: dll.trojan.vmprotect
CrowdStrike: win/malicious_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Win32/Packed.VMProtect.BC suspicious application
Elastic: malicious (high confidence)
Emsisoft: Trojan.Generic.37202641 (B)
F-Secure: Trojan.TR/AVI.Agent.oajpo
Fortinet: Riskware/Application
GData: Trojan.Generic.37202641
Google: Detected
Gridinsoft: Trojan.Heur!.022120A0
K7AntiVirus: Trojan ( 0059f2081 )
K7GW: Trojan ( 0059f2081 )
Lionic: Trojan.Win32.VMProtect.4!c
Malwarebytes: RiskWare.GameHack
MaxSecure: Trojan.Malware.317998337.susgen
MicroWorld-eScan: Trojan.Generic.37202641
Microsoft: HackTool:Win32/VMProtect!MTB
Paloalto: generic.ml
Panda: Trj/Chgt.AD
Rising: Hacktool.VMProtect!8.10BA0 (CLOUD)
Sangfor: Hacktool.Win32.VMProtect.Vtt4
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win32.Dropper.wc
Sophos: Mal/Generic-S
Symantec: ML.Attribute.HighConfidence
TrellixENS: Artemis!22FE1594BA91
TrendMicro: TROJ_GEN.R002C0XLU24
TrendMicro-HouseCall: TROJ_GEN.R002C0XLU24
VBA32: Malware-Cryptor.Inject.gen
VIPRE: Trojan.Generic.37202641
Varist: W32/ABTrojan.LMGM-1397
Webroot: W32.Hack.Tool
Yandex: Trojan.Igent.b4ShjE.2
Zillya: Trojan.VMProtect.Win32.101907
alibabacloud: Trojan:Win/VMProtect.BW

Hashes

MD5 22fe1594ba91408da14a3e65fd7d0305
SHA1 b24acdc3a5e73ae5268c4d26c4cd1df58e9ce30e
SHA256 11e02afb4a7b466a8bc4fd4ca5badc5106f3d69103ebdd2705866bd8e0c79931
SHA3 80a168bec53b7e860c09f53155efdb570f2368e8e56e248ccaf8c51fbaa199b8
SSDeep 196608:6B/YL5ClAwOZnzPI+vXbJynsCZGkzFOy+nz4DcFO7iMnP:6ZYtCqTT7LCiTdMP
Imports Hash 4560ab5f3cb5d4e0fd636839940fb2ea

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2024-Nov-25 12:17:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x14a200
SizeOfInitializedData 0x86e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x006DC031 (Section: .of2)
BaseOfCode 0x1000
BaseOfData 0x14c000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xd9f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x14a0a7
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x63c6c
VirtualAddress 0x14c000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe4bc
VirtualAddress 0x1b0000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.of0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x3e519d
VirtualAddress 0x1bf000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of1

MD5 5ccd34e85aefccc4c1938b9e317a3c90
SHA1 5a061cb4420fb649f49e1915a49eae35a4b0f6fd
SHA256 1959bc8d5b112df1c8e1db1dbe519affe96d1fe39120a72acdfc98740e3ec137
SHA3 e51fe3f4f816834fabd181412e95f5a5aad5d6e0200c979ba73b0c901ba6d029
VirtualSize 0x50
VirtualAddress 0x5a5000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.336639

.of2

MD5 12d249b0de4ca52ec9235dceef7c0ed3
SHA1 bf4c4c11245d2f9097ac42a9b04be2230bd61713
SHA256 24e2d4162641f113380d22c11cf0631333df785a25475276fb0349076e2d2ff9
SHA3 2dbb6812003a780767cf07796692520f7991512712a0d7c04d37e2c8fe5dcbfb
VirtualSize 0x7f6df0
VirtualAddress 0x5a6000
SizeOfRawData 0x7f6e00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.89353

.rsrc

MD5 d26b4ed9108f59d57c88ca2a720c10b2
SHA1 1defa23d8aaac1311804f5979d14b78af9d90e81
SHA256 4c752a55d0c914cf904e902c054d7b6d2820bd0f341e8afbc06d87194cf49682
SHA3 09d941162621bce535816a079f7c1cdd62aefddd23f0346bf0ba3a7575b2fb2f
VirtualSize 0x298
VirtualAddress 0xd9d000
SizeOfRawData 0x400
PointerToRawData 0x7f7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.30956

.reloc

MD5 4e702d514a6e68e85ea46845cddb42fc
SHA1 4f747b7b683fba5aa1ae2d226dec685e616ac739
SHA256 938793567770ced1f5cf10107c303c041e060df96e3754b10f846a868d98c877
SHA3 ef28069b757f34375396ae8b597a370c6398a303da94be60389e24d639db4032
VirtualSize 0x674
VirtualAddress 0xd9e000
SizeOfRawData 0x800
PointerToRawData 0x7f7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.68433

Imports

KERNEL32.dll GetModuleHandleA
USER32.dll MessageBoxA
SHELL32.dll SHGetSpecialFolderPathA
WS2_32.dll ioctlsocket
WLDAP32.dll #27
ADVAPI32.dll RegisterEventSourceA

Delayed Imports

Breakpad_SteamMiniDumpInit

Ordinal 1
Address 0x18770

Breakpad_SteamSendMiniDump

Ordinal 2
Address 0x18780

Breakpad_SteamSetAppID

Ordinal 3
Address 0x18790

Breakpad_SteamSetSteamID

Ordinal 4
Address 0x187a0

Breakpad_SteamWriteMiniDumpSetComment

Ordinal 5
Address 0x187b0

Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId

Ordinal 6
Address 0x187c0

CreateInterface

Ordinal 7
Address 0x18370

OnlineFix

Ordinal 8
Address 0x18240

ShellExecuteA

Ordinal 9
Address 0x18250

ShellExecuteW

Ordinal 10
Address 0x18280

Steam_BConnected

Ordinal 11
Address 0x187d0

Steam_BGetCallback

Ordinal 12
Address 0x182b0

Steam_BLoggedOn

Ordinal 13
Address 0x187e0

Steam_BReleaseSteamPipe

Ordinal 14
Address 0x187f0

Steam_ConnectToGlobalUser

Ordinal 15
Address 0x18800

Steam_CreateGlobalUser

Ordinal 16
Address 0x18810

Steam_CreateLocalUser

Ordinal 17
Address 0x18820

Steam_CreateSteamPipe

Ordinal 18
Address 0x18830

Steam_FreeLastCallback

Ordinal 19
Address 0x18350

Steam_GSBLoggedOn

Ordinal 20
Address 0x18850

Steam_GSBSecure

Ordinal 21
Address 0x18860

Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient

Ordinal 22
Address 0x18870

Steam_GSGetSteamID

Ordinal 23
Address 0x18880

Steam_GSLogOff

Ordinal 24
Address 0x18890

Steam_GSLogOn

Ordinal 25
Address 0x188a0

Steam_GSRemoveUserConnect

Ordinal 26
Address 0x188b0

Steam_GSSendSteam2UserConnect

Ordinal 27
Address 0x188c0

Steam_GSSendSteam3UserConnect

Ordinal 28
Address 0x188d0

Steam_GSSendUserDisconnect

Ordinal 29
Address 0x188e0

Steam_GSSendUserStatusResponse

Ordinal 30
Address 0x188f0

Steam_GSSetServerType

Ordinal 31
Address 0x18900

Steam_GSSetSpawnCount

Ordinal 32
Address 0x18910

Steam_GSUpdateStatus

Ordinal 33
Address 0x18920

Steam_GetAPICallResult

Ordinal 34
Address 0x182e0

Steam_GetGSHandle

Ordinal 35
Address 0x18840

Steam_InitiateGameConnection

Ordinal 36
Address 0x18930

Steam_IsKnownInterface

Ordinal 37
Address 0x18940

Steam_LogOff

Ordinal 38
Address 0x18950

Steam_LogOn

Ordinal 39
Address 0x18960

Steam_NotifyMissingInterface

Ordinal 40
Address 0x18970

Steam_ReleaseThreadLocalMemory

Ordinal 41
Address 0x18980

Steam_ReleaseUser

Ordinal 42
Address 0x18990

Steam_SetLocalIPBinding

Ordinal 43
Address 0x189a0

Steam_TerminateGameConnection

Ordinal 44
Address 0x189b0

1

Type RT_VERSION
Language Russian - Russia
Codepage UNKNOWN
Size 0x240
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39841
MD5 79b67989900aa29fee249ebe4aa0472e
SHA1 97ce9cac3609659be45194ef9e5b237d0448f260
SHA256 0033048191cef175f1e056941b29d6d07ef5f344a0f3c9781c8d21fe2bf22b30
SHA3 13f55f0a01d9124bc5975ab489fee425abdffbec76658a2bdf3efb1d573598ee

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.3.3.0
ProductVersion 1.3.3.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
CompanyName Online-Fix.Me
FileDescription Online-Fix Steamclient
FileVersion (#2) 1.3.3.0
LegalCopyright Copyright (C) 2021-2024, 0xdeadc0de
ProductVersion (#2) 1.3.3.0
Resource LangID Russian - Russia

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x101b8a00
SEHandlerTable 0x10d9cbb0
SEHandlerCount 141

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .of0 has a size of 0!
Leave a comment

No comments yet.