1d12ab589fdac3990374961ee47980a6

Sharing

Copy URL Twitter E-mail

General

Target

1d12ab589fdac3990374961ee47980a6
Size

525KB
MD5

1d12ab589fdac3990374961ee47980a6
SHA1

2e55ad453d3b7f77c0ffc7991f7f1582caa630de
SHA256

2f4a89227f955327edf1727e3a69bbd551f3e962e77461d78b40b03e50256d2a
SHA512

632047eb82dcda2841f691ceeb7662f277aeb2e88d2e3d50f53c7e3febe9cc3bf552daed691a3dd0bbde55fd5546a40856aea2f9e537b9a8a7c6f72e6ce80587
SSDEEP

12288:Ir5VtlbmyGUb8+9hr+9Vs/3I/M4yhVvZUrQ6glL:q7F5GcBQs/3C+ZN7lL

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Новая папка/freehack.dll
unpack001/Новая папка/injector.exe

Files

1d12ab589fdac3990374961ee47980a6
.rar
Новая папка/freehack.dll
.dll windows:6 windows x86 arch:x86

7efd84790d4dcef4387e9dcb0d3343fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Random_device@std@@YAIXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0_Lockit@std@@QAE@H@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

user32

LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongA
FlashWindowEx
ShowWindow
GetAsyncKeyState
FindWindowW
MessageBoxA
CallWindowProcA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

kernel32

RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
TerminateProcess
QueryPerformanceCounter
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
VirtualProtect
GetProcAddress
GetModuleHandleW
K32GetModuleInformation
VirtualQuery
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
QueryPerformanceFrequency
AreFileApisANSI
CloseHandle
GetLastError
SetLastError
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls

vcruntime140

memmove
__std_type_info_destroy_list
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
strstr
memchr
_purecall
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

abort
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_seh_filter_dll
_crt_atexit
_cexit
exit
_initterm
_initterm_e
terminate
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_wfopen
fseek
ftell
__stdio_common_vfprintf
_get_stream_buffer_pointers
fgetpos
fputc
fread
fclose
fsetpos
fflush
__stdio_common_vsprintf_s
_fseeki64
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
fgetc
setvbuf
ungetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

isblank
strncpy
isdigit
strcpy_s

api-ms-win-crt-math-l1-1-0

ceil
_except1
_finite
__libm_sse2_pow
modf
_dtest
_fdtest
_hypotf
remainderf
_CIfmod
__libm_sse2_sinf
__libm_sse2_cosf
_isnan
__libm_sse2_powf

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

atof

Sections

.text
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Новая папка/injector.exe
.exe windows:6 windows x86 arch:x86

c21234a4bc8e1d95db025091b2fd97c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetFullPathNameA
CloseHandle
CreateRemoteThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
GetConsoleWindow
CreateToolhelp32Snapshot
Process32Next
WriteConsoleW
GetLastError
FormatMessageW
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
TryEnterCriticalSection
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
LoadLibraryW
WaitForSingleObject
RaiseException
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
WriteFile
ExitProcess
GetCommandLineA
GetCommandLineW
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
SetConsoleCtrlHandler
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
RtlCaptureStackBackTrace

Sections

.text
Size: 610KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7efd84790d4dcef4387e9dcb0d3343fb

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

msvcp140

user32

imm32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 499KB - Virtual size: 499KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 1024B - Virtual size: 28KB

_RDATA Size: 3KB - Virtual size: 3KB

.reloc Size: 23KB - Virtual size: 23KB

c21234a4bc8e1d95db025091b2fd97c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 610KB - Virtual size: 610KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 499KB - Virtual size: 499KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 1024B - Virtual size: 28KB

_RDATA
Size: 3KB - Virtual size: 3KB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 610KB - Virtual size: 610KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 30KB - Virtual size: 30KB