PBDevilCheats[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PBDevilCheats.exe
Size

14KB
MD5

4f42f6e2315d0c112ca9984f5a7365df
SHA1

73626b4d5b30b4ad5d7e87c8a50c3429c2d282d3
SHA256

f1b3ceb928eba516af1e6e86e637e58ae40c25f2dc00af996f250a889ced1d11
SHA512

a70707040427eeaf8119a26ca006aa4fd821d9d116701c672876b729ee0fcd70d316c2b49e1456a62c6854ca9f8ea7db7e6f5b3885c32cf51dc91d583a843da0
SSDEEP

192:IL7hX1HMmWfzi+unMOoUxt0xcsxHlByePSzr/Dkt+x833KPGJ6twVPgky:ah1HMmWmbnM80xcclByePSHe33KPGVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PBDevilCheats.exe

Files

PBDevilCheats.exe
.exe windows:5 windows x86 arch:x86

9375924e71426b49202316cd3e715878

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
OpenProcess
GetLastError
GetProcAddress
VirtualAllocEx
Process32Next
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
ExitProcess
lstrlenA
GetTickCount
Sleep
GetConsoleWindow
Beep
Process32First
DeleteFileA
GetCurrentProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
DecodePointer
EncodePointer
SetConsoleTitleA
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
TerminateProcess

user32

MoveWindow
FindWindowA
GetWindowRect

msvcr100

_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
fclose
strrchr
fwrite
??3@YAXPAX@Z
fopen
system
fflush
malloc
_controlfp_s
printf
__CxxFrameHandler3
memset
_commode

msvcp100

?_Decref@facet@locale@std@@QAEPAV123@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9375924e71426b49202316cd3e715878

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100

msvcp100

wininet

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 3KB - Virtual size: 2KB