{"report_id":"29ddd0fb-5398-4c2f-a96b-a0cfb6b602c5","version":6,"status":"done","tags":[],"date":"2025-01-12T03:52:41Z","url":{"schema":"http","addr":"github.com/BigBoiCJ/SteamAutoCracker/releases/download/2.2.1-gui/Steam.Auto.Cracker.GUI.v2.2.1.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-23T03:52:39Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-01-08T02:16:53.025381Z","alert_count":0,"request_count":1,"received_data":4359,"sent_data":552,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01T21:34:29Z","last_seen":"2025-01-08T04:17:30.806166Z","alert_count":1,"request_count":1,"received_data":17333641,"sent_data":976,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"93dd0c79faaa39c57d67aa07aed48c24","sha1":"65490baf70f3cd3375a161556dc908aaa683c085","sha256":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","sha512":"4f1bca38cec5c74f5c3dc0836086387ec57303d9b9231be8312159173e0ed519dd48aa4f5aa061c28c378b39e271790effafb6026ad95476dc8f74769b637ac0","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":17332829,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/469296549/bc01d8bb-7990-4a17-b24f-16598d30abd1?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250112%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250112T035211Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=2f37eb6e7715c6a91a408d6a1c2e4f7ada97dc3beeb49f9ffe0c9b4ee1eea4f0\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DSteam.Auto.Cracker.GUI.v2.2.1.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/config_override.ini","filename":"config_override.ini","modified":"2024-02-11T17:08:53+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":71,"md5":"b13418bdb6bd765d8df42deb52730404","sha1":"45e1f3bccf408a48f7f17dbdfbe61b268d1fbd51","sha256":"64c35b23eaddb266ef991a675ef3958a8b622faf7aa792cef8686919ef7097d5","sha512":"bc4a24e0f17e541410adb6ff76901d4d3fe28d9135362613d597491eb5ed23db6af17a11957be07d2939631d7185ca860fa8679133a043840a4e42c0c709fe5b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/cream_api.ini","filename":"cream_api.ini","modified":"2022-03-13T06:59:27+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1442,"md5":"edc03fb164d3b2eb45e3d374d5293767","sha1":"59ba159ed2e42ef31163f0fca8f6463854fdf6da","sha256":"877a2d6690f37ad6a529d21ad46f32f2ca277144c3dcf4b34f2fa0088cccdd79","sha512":"d0126eb199d47876edb357adb70a73341a51ea00895dac95d3313391be7f08516713e09cf8351cae9ebf42496a3609583ce4a6028888c7674186438bcee46eca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","filename":"steam_api.dll","modified":"2024-01-27T00:57:58+01:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":646504,"md5":"24c712826d939f5cec9049d4b94fcbdb","sha1":"de43e868668528a169cf474c962bbacb148583d0","sha256":"ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","sha512":"b341ab590e1083673c3b626f906782a472415411448f8722b7829517041d1c5efaf3b19470c4a172376a61d54b97803137b8dcc7579ddeaa76e3f9117cfa5af3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-02","alert":"Scan result 1/75","trigger":"ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","verdict":"suspicious","severity":"","comment":"suspicious - 1/75","link":"https://www.virustotal.com/gui/file/ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2024-01-27T00:57:58+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":693608,"md5":"1b14c913c0df41cc0667993d9b37404d","sha1":"87532d36ad3a7c5f15c89d2da2f5c2f69187cc07","sha256":"532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","sha512":"4e0068f4a5b0b33094b96149fa3fbbe36f659aa75f18f37ebfc2af3099aa504c5c57a52d3ff3d79c37629dc0ebbfaa3512c136d674cdc6c8f24fa23525767bbc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-04","alert":"Scan result 1/71","trigger":"532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/infos.txt","filename":"infos.txt","modified":"2024-04-27T14:31:45+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":188,"md5":"014a98492340e8dad263630ccb0c35c7","sha1":"ed0f378d93e4058186396b05e74ff3a046c5916a","sha256":"ff85642a74a3ea823f03b05b45bf82f55f35be52e0630262fcf580fd5ddb56c5","sha512":"c0b9f178a270c863a66b028399cb4eedaec7dfd63b82b8ae197d19964c7b8400489d7e9836dfd84ff367b6b4e600ee34722bb47c5d051277ee7775ebfef29650","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/SteamConfig.ini","filename":"SteamConfig.ini","modified":"2022-03-13T06:03:55+01:00","Modified":"","magic":"Generic INItialization configuration [DLC]","size":1288,"md5":"84a9ae246e1c2daf2bf2ddd6f5dae7b8","sha1":"52279a50000f72bae4a984c6429d1454bc22a25b","sha256":"04b11df82139f74e2e2754d1f384f7990a1c2b01201f837a6bf0180385e182ca","sha512":"0c40319f87843b70aae4178bba06235f6b3d87fa1851efe1728526b359a8e8e5dcac9cd85eb51532dfa1ac6a6b3024b597f2e3b725e5e8e10c69267e209f4faf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","filename":"steam_api.dll","modified":"2023-10-30T11:10:01+01:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections","size":920576,"md5":"7e890387f073f1d7af5d28d6b6a26dbb","sha1":"0edc825b58742fc6f2ba9a0510715ba1db8530d2","sha256":"2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","sha512":"f6e303ec9f7efa7b5ec63771fcf7330635881a1aeeb6effde36bdd81e6ad2f3e90aca63163be6543cadc08c04ba52dac88aa528a4342514c37bd1b8d279c113d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Winnti sample - file NlaifSvc.dll","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-01-25","description":"Winnti sample - file NlaifSvc.dll","hash1":"964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://goo.gl/VbvJtL","rule":"Winnti_NlaifSvc"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-25","alert":"Scan result 41/72","trigger":"2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","verdict":"malicious","severity":"","comment":"malicious - 41/72","link":"https://www.virustotal.com/gui/file/2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2023-10-30T11:11:13+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":3575808,"md5":"99a2cf782112b5ea29cb18674ca3182d","sha1":"76293671a4d3cad76cfb0d1cef6af1e06c113b5b","sha256":"9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","sha512":"6b07c4da646047bc6169a51f39aa659f2266fe0c6a751e5d69e4e8d7a8a10a3d485085482f0adbd79a9ddd1b227290a2d3d450b332ef6b4b116b98b62c09a594","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-07","alert":"Scan result 42/72","trigger":"9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","verdict":"malicious","severity":"","comment":"malicious - 42/72","link":"https://www.virustotal.com/gui/file/9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/infos.txt","filename":"infos.txt","modified":"2024-03-13T19:42:55+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":199,"md5":"e9d54c30467ef13cb50f424e6886a72c","sha1":"1d64fff7b503d96851ebdb70e43e288855fda8b8","sha256":"7697949d22f027a835c17b39af53ce358417770955d101a7fc246f0450504413","sha512":"7f9579b1b505a2f6002e7e24fd13301a4caecde10ca3d2029678228b3814d0194162243499850ef42224ba65d7b45e2df5f4f1c284e633ca9d1a83facf986f65","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_api.dll","filename":"steam_api.dll","modified":"2023-05-09T05:16:55+02:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections","size":2531328,"md5":"d6e749904e8116946c3734f496602bb1","sha1":"378e313efbdbbf373454769182c24b3c6303e3bb","sha256":"33585536081b1e6f4bc1e5cc91f16d5513822cb0510546446c2e9be35d08b74f","sha512":"5fd53c96b89eadaff44bc0fb6291321bca4afcbe953d2ff020262c290f6adbff3b3e6490cb88cb98d33f2abb92541e96ef0fa5f963019ca0fef8687a2da5b071","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2023-05-09T05:28:17+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections","size":3207680,"md5":"77f259bc5affc9d59958d2e35d946830","sha1":"d501e2b3ca6970dd1ab771a6dc6f2ae67dcff996","sha256":"286f2ed575fb16bba9c451bdf5c8738b5aa6587ec7831830cfae1739c6347edd","sha512":"7915f3fb4c4aa0728339fac274e104579e67b1af98a665124d5b1695d8d732ee0a114a7c2883ea5f8f15af1a3f3610733b42e1b70ff367b3c72948d99bb79430","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_settings/DLC.txt","filename":"DLC.txt","modified":"2024-02-11T14:34:11+01:00","Modified":"","magic":"ASCII text, with no line terminators","size":14,"md5":"ab4555b5fa14e6d6782fccafadfa6795","sha1":"9cd410bec16f64e9dcb3fb95e4e61586e78ff123","sha256":"a743592d6091f4fdd53b20ba6c76312cc1e1102ffa07918ee17400cf61ab8b0d","sha512":"628b59ca94fbb7f1126c6e658c2059fc6c8da0ca70126d30b35b71e92cfc089fac180d23bf5e620f31f2460ea8e80b26bbcb811e00215ee1b8957b40a23e6055","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_settings/steam_appid.txt","filename":"steam_appid.txt","modified":"2024-02-11T14:43:26+01:00","Modified":"","magic":"ASCII text, with no line terminators","size":9,"md5":"555b6846d647c5170b231b580d0f49a0","sha1":"b8d27d0a1288366c85c424d779b0e52d24208bd6","sha256":"b27708b95b4a73ce1c2e59ea41c6128174703455abf81447f9fc43ba1e10c053","sha512":"edf7ed9377ae102d77db5c5a9f85d869edee734f70002b56c82f6ada304ad0bfd41776845e4ee69de9ba4cedbfd6d4e53e4754796f8e4f7461b09dcbbd5affe2","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/infos.txt","filename":"infos.txt","modified":"2024-02-11T18:23:35+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":213,"md5":"38b421e420930f70245c01b1711b3a3b","sha1":"a4588461cc33c841c6c088e220310d83206d20d5","sha256":"00bb50a97d274bef68aa7e486735f5ae17278549ab6ac636c84bd92418f19535","sha512":"b1b833b318ecaaedd38ca8ef718ff3e3c4cdad1dccb1df5715200654c510e137bf5baf2013ad2d521d05270a37f46aac72b82ba000d4fe68b9d0a024faaad059","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/infos.txt","filename":"infos.txt","modified":"2024-04-27T14:35:09+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":210,"md5":"85374f62d6b65bcd3e5b078d3bbde213","sha1":"3b4c1071d692570c96a74c41334c799f953ee0a7","sha256":"25baf35bcfa1e30d77a587db81ad24cfb8519f19bdfa32afe594443c2e836d16","sha512":"dca1015b50faf8a10d53835a6a7ffe32fc3358bd8e6f31395f73dca4fda4686fef3c3cf5cb2894d251f7960bbd164e754b1275d264c308482206c9a3e9a1d71d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/ExamplePlugin.dll","filename":"ExamplePlugin.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":5632,"md5":"dbfe069390646f3402b21f28005f3156","sha1":"062664b8e81e0b06f72970acf8cac2ecc2001d51","sha256":"c6dce0ce7d432fbb8cea249e4dcd1394adc8c2adc819012c745b709c68e585a9","sha512":"904525f99e9c458e4e04db95e4d10bb34f78cfc569b61b5b9a57e557bc50bf768e6d29f43ecc70b381e7a50d74dc7ab93ed5202e14b77a3ec036d031e9db19ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/SharpDisasm.dll","filename":"SharpDisasm.dll","modified":"2019-03-30T07:03:10+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":220672,"md5":"0f900d9190603d646009ec3523fa43cc","sha1":"a04598dcef92337ec57c0a357c2e55a1fb9c0f40","sha256":"6d3ce990cdf58da228697d25416d16d15994135c5f66571fe1e00e9c975bc2cf","sha512":"24397a81c9ad30f3d5377632d74706345c4a9811076357df3fc8d307a8941167b2b40b85923a4782f22a531e9f3ac4fe234ab892bdc1139a1a60f4ed7798a467","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.API.dll","filename":"Steamless.API.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":34304,"md5":"c347632a60da1519c48ff043831ca7df","sha1":"5fa976d84468d69a7cda801651415f666e6e9b69","sha256":"d6acc4b0cc768213a46ffad0a6bf6070a6b13f79a22e0588f0ab50c950f9248c","sha512":"9ffab32ef1a53f9a08cab77d68b9d5b9676e4e1c2a63acc258f80769d544629a31b03c6f9b3fa17a19f7897e2fb0613379802e67758629a46b6d4978c5137906","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant10.x86.dll","filename":"Steamless.Unpacker.Variant10.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":11264,"md5":"31f399ccb6bf807bf07ec3ac264d930d","sha1":"db7757f66e377f737cc06976c03c4d3772a2c85c","sha256":"c890dcda2e79970e5a5541ee6340e503e829982f1613c36119be7f754c32065d","sha512":"af299d52be53d8a1d41a77dde40cd4fd81850960b9842caedd1a7f4f917cf3b5523bc355a13ba95af872d17d704c3ac2ac18dd0c769b2472e57828599b81e100","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant20.x86.dll","filename":"Steamless.Unpacker.Variant20.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":19456,"md5":"a058bf89c78880d7ca66c6513ba37a8f","sha1":"485f1d5a0d6a0958da1dde342d506f76c0bf91bd","sha256":"3cca1fb90b1aa3e1703565a095b665acfc8073b889ff44ef97d17f4221fe707f","sha512":"33224ad20c7eb7f7c8d6b962bbf42e066ec20d0eb23ca434010935d3620adc719b6736ad10af6444ee01ec7e9b0504fe51411c3c8ecfe532245058eccd0cdffb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant21.x86.dll","filename":"Steamless.Unpacker.Variant21.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":24576,"md5":"2144889fddfdeb1fa2cf4f18b611581c","sha1":"9232fd21d8f0fa92ff060c7ecb630025a1b0c015","sha256":"2f92eeaf47accd0f87bbe7fb7cf85fcd3c00830f464dfdbd4f661449bbc92b21","sha512":"94c019ba7b0cf15ed04378413b20e3a0afe7e59bead89d321d6b2323b7fee392436dfc86e606270ed97f4461bde889c0b3c770475b86c394794f949ff7b91978","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant30.x64.dll","filename":"Steamless.Unpacker.Variant30.x64.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":17408,"md5":"956eebdbafff1a5abb3eb9690f292165","sha1":"4c4183fe055476b35c517753a4eeb160d084e074","sha256":"81f1d36540fc8756b155b3e58b34f54da4f9bc1f974988cf91d0b17ffc1d14d8","sha512":"c8d461513431df1a09b7b10f3aac6f8b04ff9845a2c6323d4ad05b5b854be19c02d7066eb48991cd8301e6d01e7817700baef5f6ec84e2e2b9660bda79ceca38","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant30.x86.dll","filename":"Steamless.Unpacker.Variant30.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16384,"md5":"2a32a106e85dfdf75095d034b30b752a","sha1":"e62d15fbeaa2936f8d40760b2ec4e03115564947","sha256":"fe2102b096d44aa956788d067856225254ee4e43c133c939e3cd5c0a6cc37399","sha512":"b6639121884a023f771d4049f781ac821995f9cb38885bdce80811a0c2789fbafed22336b29ed203b01261f45fbad41fcaa1187707dca473c8e79d6fb3961eee","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant31.x64.dll","filename":"Steamless.Unpacker.Variant31.x64.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16384,"md5":"8cef9d57f82ed85f390ccd387e21e5a0","sha1":"e9c5eac6488c2467cb601ab534fe1560c9785502","sha256":"790f1974f97258058cb57c20787e8a2fcb5c16cca0911719b698580d74e38918","sha512":"8cc15de28e630c69e8d9b1b4b0064bcb7f28588156ec67c9c751da293bff0408f39c20b6dc15b90174748346716967104b25be2e2c57e3965c0a4af42c2f652d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant31.x86.dll","filename":"Steamless.Unpacker.Variant31.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16896,"md5":"2c7a10fb35202e73632b2637426d9d1b","sha1":"ef2a8cca203e05f6728a6d0bc61aefa5c22b650c","sha256":"fc7e1ac80a7d2c0121e083d218b7369c4d217eccaf395cd1c0292d000f19446b","sha512":"f502215a110d11bf6e52139e59553375c3d65f093859935fe5611b5ddcfdd1c5c2aa86696ace1a99720ec6bdd2e778c354f7cf7c393dc69a5ebf7894a3d0f7ac","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Steamless.CLI.exe","filename":"Steamless.CLI.exe","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":113152,"md5":"2a2f85ca57b8ffc8daf586c1773a1e56","sha1":"d340cadd1eb578c25ad393541f16ecd6b0eac2be","sha256":"70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","sha512":"4126a07df763fea7eaa142a29b5c13512f350153396a4d0ec6738c12a84f44765c8e3f80bf0b042adce810ee968d3d2a31ed243ab0f4fcc48c1600acdd3fd403","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-30","alert":"Scan result 1/72","trigger":"70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Steamless.CLI.exe.config","filename":"Steamless.CLI.exe.config","modified":"2022-04-05T05:04:41+02:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":189,"md5":"ef0181de18ef3951806c0ad63b897ba4","sha1":"4b6a4b0f7fbbbd1dceab385e7fac74a35fc132cb","sha256":"e8decc96235b5494880083eb79c22c84c6d9ef312828baf9490bee7782c350ec","sha512":"b1816817e8deaa7b22bc51966e9debed46b254be6463f2ac0204be348baefb751c5d846a5353d43cce66a005a73f6226462b8ec8b59d4e16a54130c327c68b79","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","filename":"steam_auto_cracker_gui.exe","modified":"2024-08-14T04:04:41+02:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 7 sections","size":10459160,"md5":"9b13d23586bc94a9a03a74c703544d2f","sha1":"404294664583896fc4e2fa82efcf30cea4d24a26","sha256":"4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","sha512":"02f72f2d26fa0c96a82e1a310fa7769b51822bccce2c4241571e89fae6493078b3eb13e2f71a5214ab2e95a59f3a14b74591d9b9c2a76636e73b5179e4a4bc5f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-01-12","alert":"Identifies executable converted using PyInstaller.","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-11","alert":"Scan result 4/72","trigger":"4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Winnti sample - file NlaifSvc.dll","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-01-25","description":"Winnti sample - file NlaifSvc.dll","hash1":"964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://goo.gl/VbvJtL","rule":"Winnti_NlaifSvc"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-01-12","alert":"Identifies executable converted using PyInstaller.","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-11","alert":"Scan result 39/65","trigger":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","verdict":"malicious","severity":"","comment":"malicious - 39/65","link":"https://www.virustotal.com/gui/file/c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"93dd0c79faaa39c57d67aa07aed48c24","sha1":"65490baf70f3cd3375a161556dc908aaa683c085","sha256":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","sha512":"4f1bca38cec5c74f5c3dc0836086387ec57303d9b9231be8312159173e0ed519dd48aa4f5aa061c28c378b39e271790effafb6026ad95476dc8f74769b637ac0","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":17332829,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/469296549/bc01d8bb-7990-4a17-b24f-16598d30abd1?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250112%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250112T035211Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=2f37eb6e7715c6a91a408d6a1c2e4f7ada97dc3beeb49f9ffe0c9b4ee1eea4f0\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DSteam.Auto.Cracker.GUI.v2.2.1.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/config_override.ini","filename":"config_override.ini","modified":"2024-02-11T17:08:53+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":71,"md5":"b13418bdb6bd765d8df42deb52730404","sha1":"45e1f3bccf408a48f7f17dbdfbe61b268d1fbd51","sha256":"64c35b23eaddb266ef991a675ef3958a8b622faf7aa792cef8686919ef7097d5","sha512":"bc4a24e0f17e541410adb6ff76901d4d3fe28d9135362613d597491eb5ed23db6af17a11957be07d2939631d7185ca860fa8679133a043840a4e42c0c709fe5b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/cream_api.ini","filename":"cream_api.ini","modified":"2022-03-13T06:59:27+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1442,"md5":"edc03fb164d3b2eb45e3d374d5293767","sha1":"59ba159ed2e42ef31163f0fca8f6463854fdf6da","sha256":"877a2d6690f37ad6a529d21ad46f32f2ca277144c3dcf4b34f2fa0088cccdd79","sha512":"d0126eb199d47876edb357adb70a73341a51ea00895dac95d3313391be7f08516713e09cf8351cae9ebf42496a3609583ce4a6028888c7674186438bcee46eca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","filename":"steam_api.dll","modified":"2024-01-27T00:57:58+01:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":646504,"md5":"24c712826d939f5cec9049d4b94fcbdb","sha1":"de43e868668528a169cf474c962bbacb148583d0","sha256":"ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","sha512":"b341ab590e1083673c3b626f906782a472415411448f8722b7829517041d1c5efaf3b19470c4a172376a61d54b97803137b8dcc7579ddeaa76e3f9117cfa5af3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-02","alert":"Scan result 1/75","trigger":"ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","verdict":"suspicious","severity":"","comment":"suspicious - 1/75","link":"https://www.virustotal.com/gui/file/ec17086182abcce73df94bd9a07c4eb6316fc5abc403befa79e7a713e71bb122","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2024-01-27T00:57:58+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":693608,"md5":"1b14c913c0df41cc0667993d9b37404d","sha1":"87532d36ad3a7c5f15c89d2da2f5c2f69187cc07","sha256":"532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","sha512":"4e0068f4a5b0b33094b96149fa3fbbe36f659aa75f18f37ebfc2af3099aa504c5c57a52d3ff3d79c37629dc0ebbfaa3512c136d674cdc6c8f24fa23525767bbc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-04","alert":"Scan result 1/71","trigger":"532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/532802e678b51f5279b50a21702c9f58929dafa61af9c45d1f0eb4dbb807c889","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/infos.txt","filename":"infos.txt","modified":"2024-04-27T14:31:45+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":188,"md5":"014a98492340e8dad263630ccb0c35c7","sha1":"ed0f378d93e4058186396b05e74ff3a046c5916a","sha256":"ff85642a74a3ea823f03b05b45bf82f55f35be52e0630262fcf580fd5ddb56c5","sha512":"c0b9f178a270c863a66b028399cb4eedaec7dfd63b82b8ae197d19964c7b8400489d7e9836dfd84ff367b6b4e600ee34722bb47c5d051277ee7775ebfef29650","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/SteamConfig.ini","filename":"SteamConfig.ini","modified":"2022-03-13T06:03:55+01:00","Modified":"","magic":"Generic INItialization configuration [DLC]","size":1288,"md5":"84a9ae246e1c2daf2bf2ddd6f5dae7b8","sha1":"52279a50000f72bae4a984c6429d1454bc22a25b","sha256":"04b11df82139f74e2e2754d1f384f7990a1c2b01201f837a6bf0180385e182ca","sha512":"0c40319f87843b70aae4178bba06235f6b3d87fa1851efe1728526b359a8e8e5dcac9cd85eb51532dfa1ac6a6b3024b597f2e3b725e5e8e10c69267e209f4faf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","filename":"steam_api.dll","modified":"2023-10-30T11:10:01+01:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections","size":920576,"md5":"7e890387f073f1d7af5d28d6b6a26dbb","sha1":"0edc825b58742fc6f2ba9a0510715ba1db8530d2","sha256":"2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","sha512":"f6e303ec9f7efa7b5ec63771fcf7330635881a1aeeb6effde36bdd81e6ad2f3e90aca63163be6543cadc08c04ba52dac88aa528a4342514c37bd1b8d279c113d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Winnti sample - file NlaifSvc.dll","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-01-25","description":"Winnti sample - file NlaifSvc.dll","hash1":"964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://goo.gl/VbvJtL","rule":"Winnti_NlaifSvc"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-11-25","alert":"Scan result 41/72","trigger":"2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","verdict":"malicious","severity":"","comment":"malicious - 41/72","link":"https://www.virustotal.com/gui/file/2a20ac96fac5c46b7dbd7bea0d073dbee40ca99c4fd0e36d1a2fa01ef66cd53a","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2023-10-30T11:11:13+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":3575808,"md5":"99a2cf782112b5ea29cb18674ca3182d","sha1":"76293671a4d3cad76cfb0d1cef6af1e06c113b5b","sha256":"9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","sha512":"6b07c4da646047bc6169a51f39aa659f2266fe0c6a751e5d69e4e8d7a8a10a3d485085482f0adbd79a9ddd1b227290a2d3d450b332ef6b4b116b98b62c09a594","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-07","alert":"Scan result 42/72","trigger":"9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","verdict":"malicious","severity":"","comment":"malicious - 42/72","link":"https://www.virustotal.com/gui/file/9d8165a2b06a26b566a6002f020030dba993d4bc36238001f40eaeb1810c711c","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/infos.txt","filename":"infos.txt","modified":"2024-03-13T19:42:55+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":199,"md5":"e9d54c30467ef13cb50f424e6886a72c","sha1":"1d64fff7b503d96851ebdb70e43e288855fda8b8","sha256":"7697949d22f027a835c17b39af53ce358417770955d101a7fc246f0450504413","sha512":"7f9579b1b505a2f6002e7e24fd13301a4caecde10ca3d2029678228b3814d0194162243499850ef42224ba65d7b45e2df5f4f1c284e633ca9d1a83facf986f65","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_api.dll","filename":"steam_api.dll","modified":"2023-05-09T05:16:55+02:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections","size":2531328,"md5":"d6e749904e8116946c3734f496602bb1","sha1":"378e313efbdbbf373454769182c24b3c6303e3bb","sha256":"33585536081b1e6f4bc1e5cc91f16d5513822cb0510546446c2e9be35d08b74f","sha512":"5fd53c96b89eadaff44bc0fb6291321bca4afcbe953d2ff020262c290f6adbff3b3e6490cb88cb98d33f2abb92541e96ef0fa5f963019ca0fef8687a2da5b071","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_api64.dll","filename":"steam_api64.dll","modified":"2023-05-09T05:28:17+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections","size":3207680,"md5":"77f259bc5affc9d59958d2e35d946830","sha1":"d501e2b3ca6970dd1ab771a6dc6f2ae67dcff996","sha256":"286f2ed575fb16bba9c451bdf5c8738b5aa6587ec7831830cfae1739c6347edd","sha512":"7915f3fb4c4aa0728339fac274e104579e67b1af98a665124d5b1695d8d732ee0a114a7c2883ea5f8f15af1a3f3610733b42e1b70ff367b3c72948d99bb79430","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_settings/DLC.txt","filename":"DLC.txt","modified":"2024-02-11T14:34:11+01:00","Modified":"","magic":"ASCII text, with no line terminators","size":14,"md5":"ab4555b5fa14e6d6782fccafadfa6795","sha1":"9cd410bec16f64e9dcb3fb95e4e61586e78ff123","sha256":"a743592d6091f4fdd53b20ba6c76312cc1e1102ffa07918ee17400cf61ab8b0d","sha512":"628b59ca94fbb7f1126c6e658c2059fc6c8da0ca70126d30b35b71e92cfc089fac180d23bf5e620f31f2460ea8e80b26bbcb811e00215ee1b8957b40a23e6055","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/files/steam_settings/steam_appid.txt","filename":"steam_appid.txt","modified":"2024-02-11T14:43:26+01:00","Modified":"","magic":"ASCII text, with no line terminators","size":9,"md5":"555b6846d647c5170b231b580d0f49a0","sha1":"b8d27d0a1288366c85c424d779b0e52d24208bd6","sha256":"b27708b95b4a73ce1c2e59ea41c6128174703455abf81447f9fc43ba1e10c053","sha512":"edf7ed9377ae102d77db5c5a9f85d869edee734f70002b56c82f6ada304ad0bfd41776845e4ee69de9ba4cedbfd6d4e53e4754796f8e4f7461b09dcbbd5affe2","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_goldberg/infos.txt","filename":"infos.txt","modified":"2024-02-11T18:23:35+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":213,"md5":"38b421e420930f70245c01b1711b3a3b","sha1":"a4588461cc33c841c6c088e220310d83206d20d5","sha256":"00bb50a97d274bef68aa7e486735f5ae17278549ab6ac636c84bd92418f19535","sha512":"b1b833b318ecaaedd38ca8ef718ff3e3c4cdad1dccb1df5715200654c510e137bf5baf2013ad2d521d05270a37f46aac72b82ba000d4fe68b9d0a024faaad059","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/infos.txt","filename":"infos.txt","modified":"2024-04-27T14:35:09+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":210,"md5":"85374f62d6b65bcd3e5b078d3bbde213","sha1":"3b4c1071d692570c96a74c41334c799f953ee0a7","sha256":"25baf35bcfa1e30d77a587db81ad24cfb8519f19bdfa32afe594443c2e836d16","sha512":"dca1015b50faf8a10d53835a6a7ffe32fc3358bd8e6f31395f73dca4fda4686fef3c3cf5cb2894d251f7960bbd164e754b1275d264c308482206c9a3e9a1d71d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/ExamplePlugin.dll","filename":"ExamplePlugin.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":5632,"md5":"dbfe069390646f3402b21f28005f3156","sha1":"062664b8e81e0b06f72970acf8cac2ecc2001d51","sha256":"c6dce0ce7d432fbb8cea249e4dcd1394adc8c2adc819012c745b709c68e585a9","sha512":"904525f99e9c458e4e04db95e4d10bb34f78cfc569b61b5b9a57e557bc50bf768e6d29f43ecc70b381e7a50d74dc7ab93ed5202e14b77a3ec036d031e9db19ca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/SharpDisasm.dll","filename":"SharpDisasm.dll","modified":"2019-03-30T07:03:10+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":220672,"md5":"0f900d9190603d646009ec3523fa43cc","sha1":"a04598dcef92337ec57c0a357c2e55a1fb9c0f40","sha256":"6d3ce990cdf58da228697d25416d16d15994135c5f66571fe1e00e9c975bc2cf","sha512":"24397a81c9ad30f3d5377632d74706345c4a9811076357df3fc8d307a8941167b2b40b85923a4782f22a531e9f3ac4fe234ab892bdc1139a1a60f4ed7798a467","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.API.dll","filename":"Steamless.API.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":34304,"md5":"c347632a60da1519c48ff043831ca7df","sha1":"5fa976d84468d69a7cda801651415f666e6e9b69","sha256":"d6acc4b0cc768213a46ffad0a6bf6070a6b13f79a22e0588f0ab50c950f9248c","sha512":"9ffab32ef1a53f9a08cab77d68b9d5b9676e4e1c2a63acc258f80769d544629a31b03c6f9b3fa17a19f7897e2fb0613379802e67758629a46b6d4978c5137906","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant10.x86.dll","filename":"Steamless.Unpacker.Variant10.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":11264,"md5":"31f399ccb6bf807bf07ec3ac264d930d","sha1":"db7757f66e377f737cc06976c03c4d3772a2c85c","sha256":"c890dcda2e79970e5a5541ee6340e503e829982f1613c36119be7f754c32065d","sha512":"af299d52be53d8a1d41a77dde40cd4fd81850960b9842caedd1a7f4f917cf3b5523bc355a13ba95af872d17d704c3ac2ac18dd0c769b2472e57828599b81e100","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant20.x86.dll","filename":"Steamless.Unpacker.Variant20.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":19456,"md5":"a058bf89c78880d7ca66c6513ba37a8f","sha1":"485f1d5a0d6a0958da1dde342d506f76c0bf91bd","sha256":"3cca1fb90b1aa3e1703565a095b665acfc8073b889ff44ef97d17f4221fe707f","sha512":"33224ad20c7eb7f7c8d6b962bbf42e066ec20d0eb23ca434010935d3620adc719b6736ad10af6444ee01ec7e9b0504fe51411c3c8ecfe532245058eccd0cdffb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant21.x86.dll","filename":"Steamless.Unpacker.Variant21.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":24576,"md5":"2144889fddfdeb1fa2cf4f18b611581c","sha1":"9232fd21d8f0fa92ff060c7ecb630025a1b0c015","sha256":"2f92eeaf47accd0f87bbe7fb7cf85fcd3c00830f464dfdbd4f661449bbc92b21","sha512":"94c019ba7b0cf15ed04378413b20e3a0afe7e59bead89d321d6b2323b7fee392436dfc86e606270ed97f4461bde889c0b3c770475b86c394794f949ff7b91978","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant30.x64.dll","filename":"Steamless.Unpacker.Variant30.x64.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":17408,"md5":"956eebdbafff1a5abb3eb9690f292165","sha1":"4c4183fe055476b35c517753a4eeb160d084e074","sha256":"81f1d36540fc8756b155b3e58b34f54da4f9bc1f974988cf91d0b17ffc1d14d8","sha512":"c8d461513431df1a09b7b10f3aac6f8b04ff9845a2c6323d4ad05b5b854be19c02d7066eb48991cd8301e6d01e7817700baef5f6ec84e2e2b9660bda79ceca38","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant30.x86.dll","filename":"Steamless.Unpacker.Variant30.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16384,"md5":"2a32a106e85dfdf75095d034b30b752a","sha1":"e62d15fbeaa2936f8d40760b2ec4e03115564947","sha256":"fe2102b096d44aa956788d067856225254ee4e43c133c939e3cd5c0a6cc37399","sha512":"b6639121884a023f771d4049f781ac821995f9cb38885bdce80811a0c2789fbafed22336b29ed203b01261f45fbad41fcaa1187707dca473c8e79d6fb3961eee","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant31.x64.dll","filename":"Steamless.Unpacker.Variant31.x64.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16384,"md5":"8cef9d57f82ed85f390ccd387e21e5a0","sha1":"e9c5eac6488c2467cb601ab534fe1560c9785502","sha256":"790f1974f97258058cb57c20787e8a2fcb5c16cca0911719b698580d74e38918","sha512":"8cc15de28e630c69e8d9b1b4b0064bcb7f28588156ec67c9c751da293bff0408f39c20b6dc15b90174748346716967104b25be2e2c57e3965c0a4af42c2f652d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Plugins/Steamless.Unpacker.Variant31.x86.dll","filename":"Steamless.Unpacker.Variant31.x86.dll","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":16896,"md5":"2c7a10fb35202e73632b2637426d9d1b","sha1":"ef2a8cca203e05f6728a6d0bc61aefa5c22b650c","sha256":"fc7e1ac80a7d2c0121e083d218b7369c4d217eccaf395cd1c0292d000f19446b","sha512":"f502215a110d11bf6e52139e59553375c3d65f093859935fe5611b5ddcfdd1c5c2aa86696ace1a99720ec6bdd2e778c354f7cf7c393dc69a5ebf7894a3d0f7ac","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Steamless.CLI.exe","filename":"Steamless.CLI.exe","modified":"2024-03-30T06:14:43+01:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":113152,"md5":"2a2f85ca57b8ffc8daf586c1773a1e56","sha1":"d340cadd1eb578c25ad393541f16ecd6b0eac2be","sha256":"70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","sha512":"4126a07df763fea7eaa142a29b5c13512f350153396a4d0ec6738c12a84f44765c8e3f80bf0b042adce810ee968d3d2a31ed243ab0f4fcc48c1600acdd3fd403","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-30","alert":"Scan result 1/72","trigger":"70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/70cd54354865ede605ec0fbfadf15f5302aa85a777394f28b0de6acfd243e795","meta":null}]}},{"path":"Steam Auto Cracker GUI (v2.2.1)/Steamless_CLI/Steamless.CLI.exe.config","filename":"Steamless.CLI.exe.config","modified":"2022-04-05T05:04:41+02:00","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":189,"md5":"ef0181de18ef3951806c0ad63b897ba4","sha1":"4b6a4b0f7fbbbd1dceab385e7fac74a35fc132cb","sha256":"e8decc96235b5494880083eb79c22c84c6d9ef312828baf9490bee7782c350ec","sha512":"b1816817e8deaa7b22bc51966e9debed46b254be6463f2ac0204be348baefb751c5d846a5353d43cce66a005a73f6226462b8ec8b59d4e16a54130c327c68b79","alerts":{"urlquery":null,"analyzer":null}},{"path":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","filename":"steam_auto_cracker_gui.exe","modified":"2024-08-14T04:04:41+02:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 7 sections","size":10459160,"md5":"9b13d23586bc94a9a03a74c703544d2f","sha1":"404294664583896fc4e2fa82efcf30cea4d24a26","sha256":"4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","sha512":"02f72f2d26fa0c96a82e1a310fa7769b51822bccce2c4241571e89fae6493078b3eb13e2f71a5214ab2e95a59f3a14b74591d9b9c2a76636e73b5179e4a4bc5f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-01-12","alert":"Identifies executable converted using PyInstaller.","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-11","alert":"Scan result 4/72","trigger":"4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/4544dd9ccce49465d264ed6725036551c32975ab96014322f65499b79497f56a","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-12","alert":"files - file ~tmp01925d3f.exe","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/dlc_creamapi/files/steam_api64.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Winnti sample - file NlaifSvc.dll","trigger":"Steam Auto Cracker GUI (v2.2.1)/sac_emu/game_ali213/files/steam_api.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-01-25","description":"Winnti sample - file NlaifSvc.dll","hash1":"964f9bfd52b5a93179b90d21705cd0c31461f54d51c56d558806fe0efff264e5","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://goo.gl/VbvJtL","rule":"Winnti_NlaifSvc"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2025-01-12","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2025-01-12","alert":"Identifies executable converted using PyInstaller.","trigger":"Steam Auto Cracker GUI (v2.2.1)/steam_auto_cracker_gui.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-11","alert":"Scan result 39/65","trigger":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","verdict":"malicious","severity":"","comment":"malicious - 39/65","link":"https://www.virustotal.com/gui/file/c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"github.com/BigBoiCJ/SteamAutoCracker/releases/download/2.2.1-gui/Steam.Auto.Cracker.GUI.v2.2.1.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-12T03:52:11.803Z","timestamp":1736653931803,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /BigBoiCJ/SteamAutoCracker/releases/download/2.2.1-gui/Steam.Auto.Cracker.GUI.v2.2.1.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Sun, 12 Jan 2025 03:52:11 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/469296549/bc01d8bb-7990-4a17-b24f-16598d30abd1?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250112%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250112T035211Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=2f37eb6e7715c6a91a408d6a1c2e4f7ada97dc3beeb49f9ffe0c9b4ee1eea4f0\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DSteam.Auto.Cracker.GUI.v2.2.1.zip\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: 4D5D:190E54:C62E684:CBA6A1C:67833C6B\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":342,"timings":{"blocked":90,"dns":10,"connect":20,"send":0,"wait":160,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/469296549/bc01d8bb-7990-4a17-b24f-16598d30abd1?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250112%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250112T035211Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=2f37eb6e7715c6a91a408d6a1c2e4f7ada97dc3beeb49f9ffe0c9b4ee1eea4f0\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DSteam.Auto.Cracker.GUI.v2.2.1.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-12T03:52:12.066Z","timestamp":1736653932066,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/469296549/bc01d8bb-7990-4a17-b24f-16598d30abd1?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250112%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250112T035211Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=2f37eb6e7715c6a91a408d6a1c2e4f7ada97dc3beeb49f9ffe0c9b4ee1eea4f0\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DSteam.Auto.Cracker.GUI.v2.2.1.zip\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 14 Aug 2024 02:06:22 GMT\r\netag: \"0x8DCBC05B1BFBE90\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: b80c10ab-b01e-004d-59d9-5e2eb9000000\r\nx-ms-version: 2024-11-04\r\nx-ms-creation-time: Wed, 14 Aug 2024 02:06:22 GMT\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=Steam.Auto.Cracker.GUI.v2.2.1.zip\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Sun, 12 Jan 2025 03:52:12 GMT\r\nx-served-by: cache-iad-kcgs7200146-IAD, cache-hel1410027-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 743, 0\r\nx-timer: S1736653932.109659,VS0,VE108\r\ncontent-length: 17332829\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17332829,"size_decoded":17332829,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"93dd0c79faaa39c57d67aa07aed48c24","sha1":"65490baf70f3cd3375a161556dc908aaa683c085","sha256":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","sha512":"4f1bca38cec5c74f5c3dc0836086387ec57303d9b9231be8312159173e0ed519dd48aa4f5aa061c28c378b39e271790effafb6026ad95476dc8f74769b637ac0","ssdeep":"393216:QGzV+s5SdCAOe9IcnfNPc02zyJLcbMhEo1W5BL906jz7RlyK:QXsk8SMz0LpDU57bHyK","tlshash":"d007330e0225418eb58ae276fdb599287b259f374f5476402b3ed285080ce7269fcfbd","first_seen":"2024-08-15T21:36:30Z","last_seen":"2025-01-12T03:52:58.39806Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2050,"timings":{"blocked":38,"dns":1,"connect":13,"send":0,"wait":583,"receive":1389,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-11","alert":"Scan result 39/65","trigger":"c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","verdict":"malicious","severity":"","comment":"malicious - 39/65","link":"https://www.virustotal.com/gui/file/c4949e748348256c219ec0406d2e16e3f4845fe676d3dc26dbfcb2059afdfa81","meta":null}],"urlquery":null}}]}