CheatLab (1)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

CheatLab (1).rar
Size

2.0MB
MD5

c9789827ca6d7baee955ddc202750ed6
SHA1

e9edd6af074ec976264d52ff6368c5d4502acaee
SHA256

79d0a3654f26ad1df1533edbddd947fff3a9196e28b47e76aaa06627f20312bc
SHA512

b3f16b45a0aa849f6c425ea7aef3f10edc70eb9fc1d5c8b6d85f19d50f977db7bb685284af522d381233e7d1c53aa2aef62ada783643edc3a7150940cb1b6eb7
SSDEEP

49152:17Qqy7LR2asfvU91iJglzE0+tac6rJLnOAZuaLxixR:1E9inU9CgQvqEaN+

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/App/WinlicenseSDK.dll
unpack001/CheatLab.exe
unpack001/Data/demangler.dll
unpack001/Data/libspv.dll

Files

CheatLab (1).rar
.rar

Password: 123
App/TMLicenseA1.dat
App/WinlicenseSDK.dll
.dll windows:6 windows x86

Password: 123

b78020bd80886ef26c961debfd7fa0fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
GetLocalTime
ExitProcess
SetEnvironmentVariableA
SystemTimeToFileTime
GetModuleHandleW
GetEnvironmentVariableW
CreateProcessA
DecodePointer
SetEnvironmentVariableW
GetModuleFileNameW
GetPrivateProfileIntW
FreeLibrary
GetProcAddress
LoadLibraryW
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
CreateFileW
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleExW
HeapFree
HeapAlloc
GetACP
CompareStringW
LCMapStringW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetStringTypeW
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
ReadFile
ReadConsoleW
SetFilePointerEx
HeapSize
CloseHandle
RaiseException

user32

MessageBoxA
wsprintfW
MessageBoxW
wsprintfA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

ECCGenerateKeys
GenUniqueLicenseHash
WLActCheck
WLActDaysToActivate
WLActExpirationDate
WLActGetInfo
WLActInstall
WLActUninstall
WLBufferCrypt
WLBufferDecrypt
WLCheckVirtualPC
WLGenLicenseDynSmartKey
WLGenLicenseDynSmartKeyW
WLGenLicenseFileKey
WLGenLicenseFileKeyEx
WLGenLicenseFileKeyExW
WLGenLicenseFileKeyW
WLGenLicenseRegistryKey
WLGenLicenseRegistryKeyEx
WLGenLicenseRegistryKeyExW
WLGenLicenseRegistryKeyW
WLGenLicenseSmartKey
WLGenLicenseSmartKeyW
WLGenLicenseTextKey
WLGenLicenseTextKeyEx
WLGenLicenseTextKeyExW
WLGenLicenseTextKeyW
WLGenPassword
WLGenTrialExtensionFileKey
WLGenTrialExtensionRegistryKey
WLGetCurrentCountry
WLGetProtectionDate
WLGetVersion
WLHardwareCheckID
WLHardwareGetFormattedID
WLHardwareGetID
WLHardwareGetIDW
WLHardwareGetIdType
WLHardwareGetNumberUsbDrives
WLHardwareGetUsbIdAt
WLHardwareGetUsbIdAtW
WLHardwareGetUsbNameAt
WLHardwareGetUsbNameAtW
WLHardwareRuntimeCheckU3
WLLoadEncryptedLibrary
WLLoadWinlicenseDll
WLPasswordCheck
WLProtectCheckCodeIntegrity
WLProtectCheckDebugger
WLRegActivateSoftware
WLRegActivateSoftwareOffline
WLRegCheckMachineLocked
WLRegDateDaysLeft
WLRegDaysLeft
WLRegDeactivateSoftware
WLRegDeactivateSoftwareOffline
WLRegDisableCurrentKey
WLRegDisableKeyCurrentInstance
WLRegExecutionsLeft
WLRegExpirationDate
WLRegExpirationTimestamp
WLRegFirstRun
WLRegGetDynSmartKey
WLRegGetLicenseHardwareID
WLRegGetLicenseInfo
WLRegGetLicenseInfoW
WLRegGetLicenseRestrictions
WLRegGetLicenseType
WLRegGetStatus
WLRegGlobalTimeLeft
WLRegLicenseCreationDate
WLRegLicenseName
WLRegLockedCountry
WLRegNetInstancesGet
WLRegNetInstancesMax
WLRegNormalKeyCheck
WLRegNormalKeyCheckW
WLRegNormalKeyInstallToFile
WLRegNormalKeyInstallToFileW
WLRegNormalKeyInstallToRegistry
WLRegNormalKeyInstallToRegistryW
WLRegRemoveCurrentKey
WLRegRuntimeLeft
WLRegSmartKeyCheck
WLRegSmartKeyCheckW
WLRegSmartKeyInstallToFile
WLRegSmartKeyInstallToFileInFolder
WLRegSmartKeyInstallToFileInFolderW
WLRegSmartKeyInstallToFileW
WLRegSmartKeyInstallToRegistry
WLRegSmartKeyInstallToRegistryW
WLRegTotalDays
WLRegTotalExecutions
WLResetLicenseFeatures
WLRestartApplication
WLRestartApplicationArgs
WLSplashHide
WLStringDecrypt
WLStringDecryptW
WLTrialCustomCounter
WLTrialCustomCounterDec
WLTrialCustomCounterInc
WLTrialCustomCounterSet
WLTrialDateDaysLeft
WLTrialDaysLeft
WLTrialDebugCheck
WLTrialExecutionsLeft
WLTrialExpirationDate
WLTrialExpirationTimestamp
WLTrialExpireTrial
WLTrialExtGetLevel
WLTrialExtGetStatus
WLTrialExtendExpiration
WLTrialFirstRun
WLTrialGetStatus
WLTrialGetTrialRestrictions
WLTrialGlobalTimeLeft
WLTrialLockedCountry
WLTrialRuntimeLeft
WLTrialStringRead
WLTrialStringReadW
WLTrialStringWrite
WLTrialStringWriteW
WLTrialTotalDays
WLTrialTotalExecutions
_TestWinLicenseSDK@0

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/auth.bundle.js
.js
App/auth.bundle.js.LICENSE
App/background.bundle.js
.js
App/background.bundle.js.LICENSE
App/bundle.bundle.js
.js
App/bundle.bundle.js.LICENSE
App/bundle.css
App/getIframeVideoStill.bundle.js
.js
App/manifest.fingerprint
App/manifest.json
App/options.css
App/options.html
.html
App/options.js
.js
App/popup.bundle.js
.js
App/popup.bundle.js.LICENSE
App/popup.html
.html
App/vcomp140.dll
.dll windows:6 windows x86

Password: 123

8f713adc16efa9ec02a5f6f5397a2922

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:95:25:d2:ed:19:ef:c7:60:48:69:df:7a:f5:d4:43:c3:7c:20:61:e5:f2:48:2a:d8:1b:93:de:9c:c0:05:3e
Signer

Actual PE Digest

8c:95:25:d2:ed:19:ef:c7:60:48:69:df:7a:f5:d4:43:c3:7c:20:61:e5:f2:48:2a:d8:1b:93:de:9c:c0:05:3e

Digest Algorithm

sha256

PE Digest Matches

true

48:dc:f9:d3:e3:0e:d5:27:bd:de:79:fa:3f:9e:b2:cb:b5:de:53:29
Signer

Actual PE Digest

48:dc:f9:d3:e3:0e:d5:27:bd:de:79:fa:3f:9e:b2:cb:b5:de:53:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageW
OutputDebugStringW
LocalAlloc
LocalFree
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
GetCurrentThreadId
HeapFree
GetProcessHeap
UnhandledExceptionFilter
CloseHandle
WaitForSingleObjectEx
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Sleep
SwitchToThread
ExitProcess
GetStdHandle
CreateThread
QueueUserWorkItem
CreateEventW
GetNativeSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
ResetEvent
LoadLibraryExW
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
FindResourceExW
LoadResource
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
MultiByteToWideChar
SetLastError
GetACP
GetStringTypeW
GetCPInfo
FreeLibrary
LCMapStringW
IsValidCodePage
GetOEMCP
SetStdHandle
GetModuleHandleExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
RaiseException
CreateFileW
RtlUnwind

user32

MessageBoxW

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheatLab.exe
.exe windows:6 windows x86

Password: 123

b2bc7613f4d6d8b70381c3b070b11aab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ValidateRgn
WindowFromDC

advapi32

DeregisterEventSource

kernel32

CreateFileW
WriteConsoleW
DecodePointer
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bs5
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/LICENSE.TXT
Data/demangler.dll
.dll windows:4 windows x86

Password: 123

137d954e5f75ca12c168e2b9701905b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LCMapStringA
LeaveCriticalSection
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

GetUnmangledName
___CPPdebugHook

Sections

.text
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/libspv.dll
.dll windows:6 windows x86

Password: 123

66097c572747a4d30465c3691fa556f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
WSAStartup
select
htons
WSACleanup
recv
socket
closesocket
gethostbyname
send

kernel32

GetStdHandle
GetFileType
WriteFile
GetLastError
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
CloseHandle
QueryPerformanceCounter
GetTickCount
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetStringTypeW
OutputDebugStringW
CreateFileW
SetStdHandle
RtlUnwind
CompareStringW
SetEnvironmentVariableA
LCMapStringW
HeapSize
WriteConsoleW
GetCurrentProcessId
EnterCriticalSection
HeapFree
HeapAlloc
ReadFile
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
SetEndOfFile
LeaveCriticalSection
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetProcessHeap
GetModuleFileNameW
ReadConsoleW
SetFilePointerEx
DeleteCriticalSection
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
FlushFileBuffers
GetConsoleCP

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

Exports

Exports

TaggantAddHashRegion
TaggantComputeHashes
TaggantContextFree
TaggantContextNew
TaggantContextNewEx
TaggantFinalizeLibrary
TaggantGetLicenseExpirationDate
TaggantInitializeLibrary
TaggantObjectFree
TaggantObjectNew
TaggantObjectNewEx
TaggantPackerInfo
TaggantPrepare
TaggantPutInfo
TaggantPutTimestamp

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Other/README.md
Other/python

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

b78020bd80886ef26c961debfd7fa0fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 164B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

Password: 123

8f713adc16efa9ec02a5f6f5397a2922

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9cCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

8c:95:25:d2:ed:19:ef:c7:60:48:69:df:7a:f5:d4:43:c3:7c:20:61:e5:f2:48:2a:d8:1b:93:de:9c:c0:05:3eSigner

48:dc:f9:d3:e3:0e:d5:27:bd:de:79:fa:3f:9e:b2:cb:b5:de:53:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

Password: 123

b2bc7613f4d6d8b70381c3b070b11aab

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 5KB

.bs5 Size: 220KB - Virtual size: 219KB

.reloc Size: 4KB - Virtual size: 4KB

Password: 123

137d954e5f75ca12c168e2b9701905b9

Headers

File Characteristics

Imports

kernel32

user32

Exports

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 164B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8c:95:25:d2:ed:19:ef:c7:60:48:69:df:7a:f5:d4:43:c3:7c:20:61:e5:f2:48:2a:d8:1b:93:de:9c:c0:05:3e
Signer

48:dc:f9:d3:e3:0e:d5:27:bd:de:79:fa:3f:9e:b2:cb:b5:de:53:29
Signer

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 5KB

.bs5
Size: 220KB - Virtual size: 219KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 52KB

.data
Size: 11KB - Virtual size: 28KB

.tls
Size: 8KB - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.text
Size: 570KB - Virtual size: 569KB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 34KB - Virtual size: 33KB