HWAntiBan[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

HWAntiBan.zip
Size

8.3MB
MD5

b2916dfbcd29832d1a004f3433862944
SHA1

64fce89dfa206c7c557acd9dbb47849b8264020f
SHA256

8517004d0f303e447e63516b9856ff5f61d08abeed758b84b12d7525a7b24997
SHA512

4f373af1e1e1bdd86a211081744dcd447a87753c5ee6d6ed1432662ce49a16576b0211ad4e8d8d743fc5c09b0f9479f95a6d4981da0cc95bb65c85092d2328fc
SSDEEP

196608:gYI/Ov2cvPgTz7Qahng8uo5Pk3TAOQy6kVOBBxndOPxxP1+oYy1emBr:J3vq7QogqPEkOQlkoBBmvh

Score

1^/10

Malware Config

Signatures

Files

HWAntiBan.zip
.zip
HWAntiBan.exe
.exe windows x64

321d59276b6814ccf0d76fd5f3ac56ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LockResource
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetCursor
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

OpenThreadToken

shell32

ShellExecuteA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z

setupapi

SetupDiEnumDeviceInterfaces

urlmon

URLDownloadToFileA

d3d9

Direct3DCreate9

winhttp

WinHttpOpen

imm32

ImmReleaseContext

xinput1_3

ord2

vcruntime140

memset

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

321d59276b6814ccf0d76fd5f3ac56ac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

setupapi

urlmon

d3d9

winhttp

imm32

xinput1_3

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 281KB

.pdata Size: - Virtual size: 10KB

.idata Size: - Virtual size: 7KB

.gfids Size: - Virtual size: 64B

.tls Size: - Virtual size: 9B

.text0 Size: - Virtual size: 7.1MB

.text1 Size: 8.7MB - Virtual size: 8.7MB

.rsrc Size: 67KB - Virtual size: 66KB

.text
Size: - Virtual size: 281KB

.pdata
Size: - Virtual size: 10KB

.idata
Size: - Virtual size: 7KB

.gfids
Size: - Virtual size: 64B

.tls
Size: - Virtual size: 9B

.text0
Size: - Virtual size: 7.1MB

.text1
Size: 8.7MB - Virtual size: 8.7MB

.rsrc
Size: 67KB - Virtual size: 66KB