Player Remover_JC[.]sf

Sharing

Copy URL Twitter E-mail

General

Target

Player Remover_JC.sf
Size

464KB
MD5

78fe45222b30517261ab0243e56e248c
SHA1

e0d32f08bd6fcafec0027b5059fd19d3565501c7
SHA256

ce2c6361d98da731e5942f353f3dffaf83bc722f1e2bbed8d5c144d0186f6759
SHA512

06cbe6caf1495d1bbf19b044f5bbb3a10d53cd182f16836c759491090a1e7062b161faa98ca2731570e8628f45f326743cf09d914a1c2c19bf3b43657d6b132c
SSDEEP

12288:idBvfasnMhTHxZu4XeP/NgSalt4H3DUsZXa:OvfotE/K5t4H3NK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Player Remover_JC.sf

Files

Player Remover_JC.sf
.dll windows x86

99993edd9868cb66d19d0d2e2fe1bf17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sampfuncs.asi

?AddChatMessage@stChatInfo@@QAAXKPBDZZ
?getChat@SFSAMP@@QAEPAUstChatInfo@@XZ
?getRakNet@SAMPFUNCS@@QAEPAVSFRakNet@@XZ
?getRender@SAMPFUNCS@@QAEPAVSFRender@@XZ
?getGame@SAMPFUNCS@@QAEPAVSFGame@@XZ
?initPlugin@SAMPFUNCS@@QAE_NP6GXXZPAUHINSTANCE__@@@Z
?registerD3DCallback@SFRender@@QAEXW4eDirect3DDeviceMethods@@PAX@Z
?getD3DDevice@SFRender@@QAEPAUIDirect3DDevice9@@XZ
?BeginRender@SFRender@@QAEJXZ
?EndRender@SFRender@@QAEJXZ
??0BitStream@@QAE@XZ
??1BitStream@@QAE@XZ
?WriteBits@BitStream@@QAEXPBEH_N@Z
?IsInitialized@SFSAMP@@QAE_NXZ
?registerChatCommand@SFSAMP@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6GX0@Z@Z
?registerWndProcCallback@SFGame@@QAEXW4WndProcCallbackPriority@1@P6G_NPAUHWND__@@IIJ@Z@Z
?GAME@@3PAVCGame@@A
?emulateRecvRPC@SFRakNet@@QAEXHPAVBitStream@@@Z
?UpdateScoreAndPing@stSAMP@@QAEXXZ
?GetPlayerName@stPlayerPool@@QAEPBDH@Z
?getVehicles@SFSAMP@@QAEPAUstVehiclePool@@XZ
?GetPlayerColor@stPlayerPool@@QAEKH@Z
?getScreenResolution@SFGame@@QAEXPAH0@Z
?isGTAMenuActive@SFGame@@QAE_NXZ
?getMisc@SFSAMP@@QAEPAUstMiscInfo@@XZ
?getSAMP@SAMPFUNCS@@QAEPAVSFSAMP@@XZ
?getPlayers@SFSAMP@@QAEPAUstPlayerPool@@XZ
?getInfo@SFSAMP@@QAEPAUstSAMP@@XZ
?ToggleCursor@stMiscInfo@@QAEX_N@Z

kernel32

GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DecodePointer
ReadConsoleW
FlushFileBuffers
LCMapStringW
OutputDebugStringW
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCurrentDirectoryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
SetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
FindFirstFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetTickCount
CreateDirectoryA
GetConsoleCP
WriteFile
CloseHandle
HeapFree
ExitProcess
ReadFile
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
CreateFileW
GetStringTypeW
GetLastError
InterlockedFlushSList
SetEndOfFile
HeapSize
HeapReAlloc
RtlUnwind
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess

user32

OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsChild
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
GetActiveWindow

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

xinput1_3

ord2
ord4

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99993edd9868cb66d19d0d2e2fe1bf17

Headers

DLL Characteristics

File Characteristics

Imports

sampfuncs.asi

kernel32

user32

d3dx9_43

imm32

xinput1_3

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 28KB - Virtual size: 31KB

_RDATA Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 28KB - Virtual size: 31KB

_RDATA
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB