binary_[unknowncheats[.]me]_[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

binary_[unknowncheats.me]_.zip
Size

1.1MB
MD5

d621e777b3216c3adf6912957db817c4
SHA1

d7055f98efc58ccb68600742abd8ffd4788652a5
SHA256

98abe682604f5ecf85d73b989220537543c0c9ebf2030ffa1a60a37cb7b86268
SHA512

7cbd91a927ac487a78853d8ffec290d2d26e1a829e89b96e77e1d1c9d40e6f4bfeadb13eb3348152143328c1a07e3300e6d386d60ebf1fff07584e2a1a8a99c5
SSDEEP

24576:mbyUV3FsvOY3hZUSDtwVQ0lGXFY42W3/nunoEykEriirZRK6u8rn3Xo:y33FsWEhZdBwVfSR/unoeizRu8rHo

Score

N/A

Malware Config

Signatures

Files

binary_[unknowncheats.me]_.zip
.zip
dsound.exe
.exe windows x86

4a635420c8d216d2c4632d1d051fe149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ReleaseMutex
CreateMutexA
Sleep
OpenMutexA
AllocConsole
CloseHandle
OpenProcess
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount64
LocalFree
FormatMessageA
CreateThread
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
FreeLibrary
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
VerSetConditionMask
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
InitializeSListHead

user32

ShowWindow
TranslateMessage
DispatchMessageA
SetWindowPos
MessageBoxA
SendMessageA
SetProcessDPIAware
UpdateWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
LoadIconA
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetWindowInfo
RegisterClassA
EnumWindows
SetLayeredWindowAttributes
IsIconic
PeekMessageA
IsWindow
SetTimer
KillTimer
GetSystemMetrics
GetWindowRect
FindWindowA
FindWindowExA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetDC
ReleaseDC
GetClientRect
SetCursorPos
GetWindowThreadProcessId

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

shell32

ShellExecuteA

msvcp140

?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Random_device@std@@YAIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9

vcruntime140

__std_type_info_destroy_list
memcpy
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
__current_exception_context
memmove
memset
strstr
memchr
__current_exception
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_narrow_winmain_command_line
_initterm
_initterm_e
_execute_onexit_table
exit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_wassert
_exit
_controlfp_s

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_acos_precise
ceil
_libm_sse2_sqrt_precise
_CIatan2
_libm_sse2_log_precise
_libm_sse2_pow_precise
_CIfmod
__setusermatherr
_dclass
roundf
_except1
_dsign
_libm_sse2_atan_precise
floor
_libm_sse2_sin_precise
_fdsign
_fdclass
_ldclass
_ldsign

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtod
atof

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf
fwrite
setvbuf
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
ungetc
fsetpos
__stdio_common_vsscanf
ftell
fseek
__stdio_common_vsprintf
_wfopen
_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-string-l1-1-0

strncmp
toupper
strncpy

api-ms-win-crt-utility-l1-1-0

qsort
srand

api-ms-win-crt-time-l1-1-0

_time64
clock

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a635420c8d216d2c4632d1d051fe149

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

imm32

dwmapi

d3d9

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

d2d1

dwrite

Sections

.text Size: 690KB - Virtual size: 690KB

.rdata Size: 266KB - Virtual size: 265KB

.data Size: 1.1MB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 690KB - Virtual size: 690KB

.rdata
Size: 266KB - Virtual size: 265KB

.data
Size: 1.1MB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 32KB - Virtual size: 31KB