49f16ba86b82ea62f3bdc8ad5813d0c1

Sharing

Copy URL Twitter E-mail

General

Target

49f16ba86b82ea62f3bdc8ad5813d0c1
Size

84KB
MD5

49f16ba86b82ea62f3bdc8ad5813d0c1
SHA1

1975b5ece943e4e0e2626145734e34c89c6874ab
SHA256

e8d3fad4fcc897794b9187132356727e60b68ee35f315661d23ea40601059354
SHA512

572c8c2cca2daa5dca1689d8d1705c1ab886c7945bf2cbd46c24ae8ce622b62d2320de7033534b07475963246135d648b68854acae032ad46d6b442aa0e4e36a
SSDEEP

1536:YpNlVwLA6MLb2Qyzw8Mnuu7s4ZsGvE5tfxdNC+NZ6Yp7jBzHEl0PeAYcOCItVvz:YDGA6MLpyM37s42GexxHtv6YxBzHtPeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WR-Cheats Public.dll
unpack001/WR-Cheats Public.exe

Files

49f16ba86b82ea62f3bdc8ad5813d0c1
.rar
WR-Cheats Public.dll
.dll windows:5 windows x86 arch:x86

d63da8ef073eeb7ba76264b8beb4caa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
CreateThread
GetModuleHandleA
Sleep
OutputDebugStringA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
MulDiv
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

user32

GetSystemMetrics
GetAsyncKeyState

gdi32

DeleteDC
GetDeviceCaps
SetTextColor
GetTextExtentPoint32A
CreateFontA
CreateDIBSection
ExtTextOutA
SetTextAlign
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
SetBkColor

msvcr90

_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_malloc_crt
_encode_pointer
_HUGE
sprintf
_vsnprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
strncpy
ceil
_CIatan2
_CIatan
memset
_encoded_null
_CIacos
_finite
_ftol
__CxxFrameHandler
_CIsqrt
_CIsin
_CIcos
memcpy

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Sections

_TEXT
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WR-Cheats Public.exe
.exe windows:4 windows x86 arch:x86

c986eedcd433450c3b8f6181daf42787

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetLastError
OpenProcess
Process32Next
GetFileSize
CreateFileA
GetModuleFileNameA
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetStdHandle
WriteConsoleA
CloseHandle
GetModuleHandleA
Sleep
GetProcAddress
VirtualProtect
ExitProcess

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.warhax0
Size: - Virtual size: 294B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.warhax1
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.warhax2
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d63da8ef073eeb7ba76264b8beb4caa9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

advapi32

Sections

_TEXT Size: 512B - Virtual size: 431B

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 5KB - Virtual size: 4KB

c986eedcd433450c3b8f6181daf42787

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.warhax0 Size: - Virtual size: 294B

.warhax1 Size: - Virtual size: 20KB

.warhax2 Size: 38KB - Virtual size: 37KB

_TEXT
Size: 512B - Virtual size: 431B

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.warhax0
Size: - Virtual size: 294B

.warhax1
Size: - Virtual size: 20KB

.warhax2
Size: 38KB - Virtual size: 37KB