forza-painter[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

forza-painter.exe
Size

736KB
MD5

05bda85de071730f4fbc1cc2bd3d401f
SHA1

68b6fed479b63b75102e000d784b84399b2c0b80
SHA256

b80d35464eeabf945f290e5fcf77ae421e49012e4c88eef65b76b29064e0ee6f
SHA512

ab6137c58fbacb3ed9f8fb37e28fa74edbf38c5c70faf10057717af7745171c957753253cbba450273d35ad1792c3f31f9474a602ae036633abded5774aa293b
SSDEEP

12288:dfbq5nM6Ik7jkLl8QvbJwH91iiSqha0Ps/KYfugW1YPvqSsvL:tW5nM6Eh80eHDSIa0Psk1YPySg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
forza-painter.exe

Files

forza-painter.exe
.exe windows:6 windows x64 arch:x64

Password: jesuskid

d332850635da4501f580bdfc5b9e04be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

wglMakeCurrent
glTexImage2D
wglDeleteContext
glClearColor
glViewport
wglCreateContext
glGenTextures
glBindTexture
glClear
glTexParameteri

kernel32

GetModuleFileNameW
K32GetModuleFileNameExW
K32EnumProcessModulesEx
OpenProcess
CreateToolhelp32Snapshot
FormatMessageW
GetLastError
Process32NextW
Process32FirstW
CloseHandle
CreateThread
LocalFree
ReadProcessMemory
SleepEx
VirtualQueryEx
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStdHandle
GetCurrentProcess
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
FormatMessageA
CreateSymbolicLinkW
GetFileInformationByHandleEx
CopyFileW
GetModuleHandleW
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetCommandLineW
SetConsoleTextAttribute
WriteProcessMemory
InitializeSListHead
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
GetCurrentProcessId
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FindFirstFileW
FindNextFileW

user32

OpenClipboard
GetCursorPos
CloseClipboard
IsWindowUnicode
ReleaseCapture
GetKeyState
GetClipboardData
SetClipboardData
DefWindowProcW
DestroyWindow
GetMessageExtraInfo
ScreenToClient
GetDC
GetCapture
GetClientRect
FillRect
CreateWindowExW
SetCursor
UnregisterClassW
ClientToScreen
ShowWindow
DispatchMessageW
TrackMouseEvent
GetForegroundWindow
SetCursorPos
EndPaint
BeginPaint
SetCapture
PeekMessageW
RegisterClassW
ReleaseDC
UpdateWindow
LoadCursorW
PostQuitMessage
TranslateMessage
EmptyClipboard

gdi32

SwapBuffers
ChoosePixelFormat
SetPixelFormat

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

shell32

CommandLineToArgvW

msvcp140

?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Cnd_wait
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA_W_W@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Random_device@std@@YAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Thrd_hardware_concurrency
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Xtime_get_ticks
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

winhttp

WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpReadData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect

imm32

ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__RTDynamicCast
__std_exception_copy
_purecall
memchr
memcmp
memcpy
__std_terminate
__std_exception_destroy
memmove
strstr
__current_exception
__current_exception_context
_CxxThrowException
memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

ftell
__p__commode
fputc
__acrt_iob_func
__stdio_common_vsscanf
_wfopen
fflush
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
feof
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
fopen_s
fwrite
fclose
__stdio_common_vfprintf
fgetc
fseek
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_set_app_type
_cexit
_configure_wide_argv
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_get_wide_winmain_command_line
_initterm
_initterm_e
_errno
terminate
exit
abort
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_exit

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-time-l1-1-0

clock
_time64

api-ms-win-crt-convert-l1-1-0

strtof
strtol

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
tolower

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

sinf
ldexp
sin
fmaxf
sqrt
fmodf
roundf
floor
fminf
powf
cosf
acosf
cos
__setusermatherr
ceilf
sqrtf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: jesuskid

d332850635da4501f580bdfc5b9e04be

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

msvcp140

winhttp

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 496KB - Virtual size: 496KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 23KB - Virtual size: 25KB

.pdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 496KB - Virtual size: 496KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 23KB - Virtual size: 25KB

.pdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 2KB - Virtual size: 2KB