ValorantAimESP[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ValorantAimESP.exe
Size

597KB
MD5

f3165122e314d85495fd08458cfb0d9e
SHA1

c54441c145271965c95662b1152a54679cf0df15
SHA256

115629f3fc00475d5e42166b0aa3ce3fffd490b2833678a00490c85c890c1c23
SHA512

a07dc22a9a000453d0b30a131c7ef5c5a4b9a7afb4764bd65629a5938aa67ccd6c5bf25500e4108dfaaa9cb5d1d6b3320198a6022f13021e1f87225fd81cd86b
SSDEEP

12288:rRKv98b8ZSlsftuwUwKzmIkOZs93GNbYUcPigO2ZuRs:rUl84EukwU/zbKBGNkU0igpMRs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ValorantAimESP.exe

Files

ValorantAimESP.exe
.exe windows x64

c17f04447d1a0f4b7a5f5c51085a2670

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
SleepEx
FormatMessageA
SetLastError
GetModuleHandleA
CreateThread
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
LocalFree
HeapDestroy
HeapAlloc
CloseHandle
MoveFileExA
IsDebuggerPresent
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
HeapReAlloc
GlobalFree
GetLastError
Sleep
MultiByteToWideChar
HeapSize
InitializeCriticalSectionEx
GetModuleFileNameA
GetCurrentProcess
SetConsoleTitleA
HeapFree
WaitForSingleObjectEx

user32

MessageBoxA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
GetUserNameA
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
ConvertSidToStringSidW
GetTokenInformation

shell32

ShellExecuteA

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

userenv

UnloadUserProfile

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord200
ord30
ord79
ord35
ord33
ord301
ord60
ord32
ord27
ord26
ord143
ord217
ord46
ord211
ord41
ord45
ord50
ord22

crypt32

CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

gethostname
sendto
recvfrom
htonl
listen
freeaddrinfo
getaddrinfo
ioctlsocket
__WSAFDIsSet
select
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
ntohl

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
memset
_CxxThrowException
memchr
memcmp
memcpy
strchr
strrchr
strstr
__current_exception
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_initterm
_beginthreadex
terminate
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_getpid
__p___argv
_invalid_parameter_noinfo_noreturn
abort
__p___argc
_seh_filter_exe
_errno
_cexit
_crt_atexit
_exit
_set_app_type
_resetstkoflw
_register_onexit_function
_initialize_onexit_table
strerror
_initialize_narrow_environment
__sys_nerr
_configure_narrow_argv
exit
_invalid_parameter_noinfo
system
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fopen
fseek
ftell
fgetc
feof
__stdio_common_vsscanf
_popen
_pclose
fgets
_open
fclose
fflush
_get_stream_buffer_pointers
_close
_fseeki64
fread
fsetpos
_write
ungetc
_read
fwrite
setvbuf
fgetpos
_lseeki64
__p__commode
__stdio_common_vsprintf
_set_fmode
fputc
fputs
__stdio_common_vswprintf_s

api-ms-win-crt-heap-l1-1-0

malloc
free
_recalloc
realloc
_callnewh
_set_new_mode
calloc

api-ms-win-crt-convert-l1-1-0

strtoull
atoi
strtol
strtoul
_wtoi
wcstol
strtod
strtoll

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy
strncmp
strcmp
_wcsnicmp
strcspn
wcscpy_s
_wcsicmp
iswdigit
tolower
_strdup
strpbrk
isupper
strspn
_wcslwr_s

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64_s
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

remove
_stat64
_fstat64
_unlink
_unlock_file
_access
_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17f04447d1a0f4b7a5f5c51085a2670

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

userenv

winhttp

urlmon

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 464KB - Virtual size: 463KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 464KB - Virtual size: 463KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB