5a778e89c2253f977e04fa638eac057109ca6bff58ef031b003e947f64aeb26f[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5a778e89c2253f977e04fa638eac057109ca6bff58ef031b003e947f64aeb26f.zip.zip
Size

42.5MB
MD5

197ebf88c507a4ed4f7ab5a73e70394a
SHA1

a63fafe019e56c788efd677f393d648ba18b6738
SHA256

5df24a79a5570c4694687f196e7358fcaf26a6f1de980c693766a99078a243f1
SHA512

04fe4f71c56bf39f56ab37d1c2cabf88ff9d5a32bcbab5b1818d213082734520ec42ffab9bc9651dac306726387675f30974fbec5133de725840fec5f146adb7
SSDEEP

786432:J4DJ0hsl+08u70xzUu+Nj9Cd6wVAN3CveK8nRPEtM7/rPBgy2suQBqsKpZxhp:J4+hJ097YOvCgwVANS18RMt6KsudLTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/RenegadePlatinumV130/DeltaPatcherLite.exe

Files

5a778e89c2253f977e04fa638eac057109ca6bff58ef031b003e947f64aeb26f.zip.zip
.zip

Password: infected
5a778e89c2253f977e04fa638eac057109ca6bff58ef031b003e947f64aeb26f.zip
.zip
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/ClassicVersion.xdelta
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/README.txt
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/ShinyRate_1_4096.xdelta
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/ShinyRate_1_8192.xdelta
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/SpeedUpPatch.xdelta
RenegadePlatinumV130/Additional Patches - USE THESE SECOND/TURN OFF CHECKSUM VALIDATION.txt
RenegadePlatinumV130/Base Patches - USE ONE OF THESE FIRST/README.txt
RenegadePlatinumV130/Base Patches - USE ONE OF THESE FIRST/RenegadePlatinum3541.xdelta
RenegadePlatinumV130/Base Patches - USE ONE OF THESE FIRST/RenegadePlatinum4997.xdelta
RenegadePlatinumV130/Changelog.txt
RenegadePlatinumV130/DeltaPatcherLite.exe
.exe windows:5 windows x86

16d8e3687310d520ea3ebda24cd11e1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

rpcrt4

UuidCreate

comctl32

ord16

user32

GetDC

gdi32

Pie

winspool.drv

ClosePrinter

comdlg32

PrintDlgW

advapi32

RegEnumKeyW

shell32

DragFinish

ole32

OleInitialize

oleaut32

SysAllocString

Sections

.MPRESS1
Size: 1.1MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RenegadePlatinumV130/Documentation/ActionReplayCodes.txt
RenegadePlatinumV130/Documentation/EvolutionChanges.txt
RenegadePlatinumV130/Documentation/FrequentlyAskedQuestions.txt
RenegadePlatinumV130/Documentation/ItemChanges.txt
RenegadePlatinumV130/Documentation/MoveChanges.txt
RenegadePlatinumV130/Documentation/NPCChanges.txt
RenegadePlatinumV130/Documentation/PokemonChanges.txt
RenegadePlatinumV130/Documentation/RandomiseInstructions.txt
RenegadePlatinumV130/Documentation/SpecialEvents.txt
RenegadePlatinumV130/Documentation/TradeChanges.txt
RenegadePlatinumV130/Documentation/TrainerPokemon.txt
RenegadePlatinumV130/Documentation/TypeChanges.txt
RenegadePlatinumV130/Documentation/WildPokemon.txt
RenegadePlatinumV130/HowToPatch.pdf
.pdf

Sharing

General

Malware Config

Signatures

Files

Password: infected

16d8e3687310d520ea3ebda24cd11e1d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

comctl32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 1.1MB - Virtual size: 3.9MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 135KB - Virtual size: 134KB

.MPRESS1
Size: 1.1MB - Virtual size: 3.9MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 135KB - Virtual size: 134KB