LinksysWare_Free_Cheato[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

LinksysWare_Free_Cheato.rar
Size

430KB
MD5

106a8474412699f6a89db058edab61be
SHA1

55e3a4857c0214348a83625a324990f060ebc3b2
SHA256

76ff2f8ebd52bfe9714bfc0ac5a0a265c3ac5e5c924b8596cd6d6584c03cc80c
SHA512

0390f72e96078c6880f239d30b718a241a24276c4415337642475785e729f57f274bbe7105691a234b809d51d95919a33cc25335ea8e9f256d32b228b4189415
SSDEEP

12288:wjlTlFlo4z2op791vkWTBpTG0EcBrIrSKC7KSInne2lGH:wxFocL7VTKbcVIrbC7FOnPlGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LinksysWare Cheato Free/Driver/EFI/Boot/bootx64.efi
unpack001/LinksysWare Cheato Free/Driver/memory.efi
unpack001/LinksysWare Cheato Free/linksys.exe

Files

LinksysWare_Free_Cheato.rar
.rar
LinksysWare Cheato Free/Driver/EFI/Boot/bootx64.efi
.dll windows x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LinksysWare Cheato Free/Driver/memory.efi
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dynamic
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rela
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dynsym
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LinksysWare Cheato Free/linksys.exe
.exe windows x64

f317fe23924c4ecdb8320461ac0920aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GetProcAddress
GetCurrentProcess
GetStdHandle
CreateToolhelp32Snapshot
Sleep
Process32NextW
QueryPerformanceFrequency
Process32FirstW
CreateThread
Beep
WideCharToMultiByte
GetConsoleWindow
QueryPerformanceCounter
GetTickCount
IsDebuggerPresent
VirtualAlloc
GlobalAlloc
GetCurrentProcessId
GlobalLock
GlobalUnlock
LoadLibraryA
FreeLibrary
EnterCriticalSection
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LoadLibraryW
VirtualFree
MultiByteToWideChar
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
GlobalFree
WaitForSingleObjectEx

user32

ScreenToClient
GetCapture
TrackMouseEvent
SetCapture
SetCursor
SendInput
ReleaseCapture
SetCursorPos
MoveWindow
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindowLongW
DefWindowProcW
GetKeyState
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetCursorPos
UpdateWindow
UnregisterClassW
RegisterClassExW
ShowWindow
GetAsyncKeyState
ClientToScreen
SetWindowDisplayAffinity
FindWindowA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
FindWindowW
LoadCursorW
SetWindowLongW
GetClientRect
PeekMessageA
PostQuitMessage
GetForegroundWindow

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

d3d9

Direct3DCreate9Ex

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memset
__std_exception_copy
__std_exception_destroy
__std_terminate
memmove
memcpy
strstr
memcmp
memchr

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
_open
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__p__commode
__stdio_common_vsprintf_s
fseek
fclose
fflush
_set_fmode
ftell
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
system
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
exit
terminate
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_cexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-string-l1-1-0

strcmp
_wcsicmp
_stricmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

tanf
powf
sinf
cosf
sqrt
sqrtf
ceilf
asin
acosf
pow
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LinksysWare Cheato Free/tutorial.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 398KB - Virtual size: 398KB

.data Size: 498KB - Virtual size: 497KB

Size: 9KB - Virtual size: 9KB

.xdata Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 26KB

.reloc Size: 512B - Virtual size: 10B

.data Size: 9KB - Virtual size: 8KB

.dynamic Size: 512B - Virtual size: 272B

.rela Size: 4KB - Virtual size: 3KB

.dynsym Size: 1KB - Virtual size: 1KB

f317fe23924c4ecdb8320461ac0920aa

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

msvcp140

d3d9

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 226KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 488B

.text
Size: 398KB - Virtual size: 398KB

.data
Size: 498KB - Virtual size: 497KB

.xdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.reloc
Size: 512B - Virtual size: 10B

.data
Size: 9KB - Virtual size: 8KB

.dynamic
Size: 512B - Virtual size: 272B

.rela
Size: 4KB - Virtual size: 3KB

.dynsym
Size: 1KB - Virtual size: 1KB

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 226KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 488B