BLUE MOD MENU[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

BLUE MOD MENU.zip
Size

1.9MB
MD5

d45983c0afc1d17606c2bbd87e239fdd
SHA1

590d14ff40cca7edb434e864ade49c728d391a92
SHA256

a5aeb9e58c8af32434c42c1058bddcb4ec7e29760ffb7851d24d629a57e7c167
SHA512

44e06893c1c403d90f2f7ea4e29f581443b62fac3105abe6e41302da8e64ec371b8b972ae01f71881c981c36e155fdcce7d39943869ebfbf888b71a87d860866
SSDEEP

49152:DCO0y6QhUBAKCj/1HIw/rHBcz6cPoK4fjSS2:DCiUjC5HB4mf52

Score

1^/10

Malware Config

Signatures

Files

BLUE MOD MENU.zip
.zip .ps1
BLUE MOD MENU.rar
.rar
BLUE MOD MENU/BLU_Injector.exe
.exe windows x64

600cc4b8f89cf69244764bcbbeb48502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
Sleep
VirtualFreeEx
CloseHandle
CreateRemoteThread
WideCharToMultiByte
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetProcAddress

vcruntime140

memmove
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter
__current_exception_context
__current_exception
__std_type_info_destroy_list
__C_specific_handler
__CxxQueryExceptionSize
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
memcpy

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
abort
terminate
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BLUE MOD MENU/Key.txt
BLUE MOD MENU/SpanishNABLU.dll
.dll windows x64

0ce4018b732669842547cbc83ebeb830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

urlmon

URLDownloadToFileW

winmm

timeGetTime

kernel32

VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
FormatMessageW
WriteFile
GetSystemTimeAsFileTime
SleepEx
ConvertFiberToThread
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
AttachConsole
GetCurrentProcessId
AllocConsole
GetStdHandle
SetConsoleTitleA
SetConsoleOutputCP
SetConsoleTextAttribute
FreeConsole
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CreateThread
CloseHandle
GetModuleHandleA
IsThreadAFiber
ConvertThreadToFiber
GetProcessHeap
HeapSize
HeapReAlloc
GetUserDefaultLCID
IsValidLocale
Sleep
LeaveCriticalSection
RtlVirtualUnwind
EnterCriticalSection
SwitchToFiber
DeleteFiber
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
GetModuleFileNameW
SetStdHandle
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
ExitProcess
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlLookupFunctionEntry
GetCPInfo
GetStringTypeW
FlsFree
FlsSetValue
RtlUnwind
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
QueryPerformanceCounter
GetModuleHandleW
GetTickCount
SetEnvironmentVariableW
GetTickCount64
CreateFiber
EnumSystemLocalesW
WriteConsoleW
HeapCreate
GetCurrentProcess
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
VerifyVersionInfoW
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
RtlCaptureContext
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
LocalFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue

user32

MonitorFromWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetCursorPos
GetCursorPos
MessageBoxA
FindWindowW
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
ScreenToClient
ClientToScreen
SetCursor
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
SetProcessDPIAware

advapi32

CryptSignHashW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
CryptAcquireContextA
CryptDecrypt

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

ws2_32

WSAGetLastError
inet_pton
__WSAFDIsSet
select
WSASetLastError
bind
connect
getpeername
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
accept
closesocket
recv
send
socket
htonl
listen
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
recvfrom
sendto
gethostname
shutdown
getnameinfo
getsockname

wldap32

ord60
ord211
ord45
ord50
ord41
ord22
ord26
ord46
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord143
ord301

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

GetDeviceCaps

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

600cc4b8f89cf69244764bcbbeb48502

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

msvcp140

wtsapi32

mscoree

Sections

.text Size: 25KB - Virtual size: 25KB

.nep Size: 5KB - Virtual size: 4KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 116B

0ce4018b732669842547cbc83ebeb830

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

winmm

kernel32

user32

advapi32

bcrypt

imm32

d3dcompiler_43

ws2_32

wldap32

crypt32

gdi32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 108KB - Virtual size: 1.2MB

.pdata Size: 136KB - Virtual size: 136KB

_RDATA Size: 77KB - Virtual size: 77KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 25KB - Virtual size: 25KB

.nep
Size: 5KB - Virtual size: 4KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 116B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 108KB - Virtual size: 1.2MB

.pdata
Size: 136KB - Virtual size: 136KB

_RDATA
Size: 77KB - Virtual size: 77KB

.reloc
Size: 36KB - Virtual size: 36KB