859817be27015012c33cc139adb6a4a0

Sharing

Copy URL Twitter E-mail

General

Target

859817be27015012c33cc139adb6a4a0
Size

432KB
MD5

859817be27015012c33cc139adb6a4a0
SHA1

97539517731b3a574823229248830a27299ebabe
SHA256

c97a98aeeefbdfbd04e236f3bfd2ecc40eb7eebe9183aad8b6e677460fdb370c
SHA512

f856493fe874da5a60a1f8811e5ef65a8d3669af4a6f44c50fb025291a8488405018376bfcfa73dcc62f0098a24da25c491cf95e6795b0c3a90cc289bd3d1313
SSDEEP

12288:6TkZ+t/36o4AqSpFZwXfUQNhgE5uwblQobDbu:6AGKoqSpFZwPUBEB9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/alterNative updated/alterNative updated.dll
unpack001/alterNative updated/loader.exe

Files

859817be27015012c33cc139adb6a4a0
.rar
alterNative updated/alterNative updated.dll
.dll windows:6 windows x86 arch:x86

e06a31b17ac88a48537e9cf21bd2cc8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\cheat's\AlNa\new\Release\AlterNative.pdb

Imports

kernel32

lstrlenA
lstrcpynA
lstrcmpA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyA
FreeLibraryAndExitThread
Sleep
DisableThreadLibraryCalls
CreateThread
CreateDirectoryA
IsBadReadPtr
GetCurrentProcess
TerminateProcess
GetModuleHandleA
FlushInstructionCache
GetProcAddress
GetPrivateProfileStringA
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetLastError
GetTickCount
WritePrivateProfileStringA
VirtualProtect

user32

GetForegroundWindow
MessageBoxA
SetWindowLongA
CallWindowProcA
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
mouse_event
GetAsyncKeyState
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
MapVirtualKeyA
GetKeyNameTextA
FindWindowA

shell32

ShellExecuteA

msvcp140

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
_File_size
_Unlink
_Remove_dir
_To_wide
_Close_dir
_Open_dir
_Lstat
_Read_dir
_Stat
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z

opengl32

glDepthFunc
glGetFloatv
glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glEnable
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glTexCoordPointer
glTexImage2D
glColorPointer
glDrawElements
glDisable
glPushMatrix
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
glDepthRange
glLineWidth
glClearColor
glTexEnvi

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

vcruntime140

__current_exception
memchr
__CxxFrameHandler3
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
__current_exception_context
__std_type_info_destroy_list
__std_type_info_compare
memset
_except_handler4_common
memmove
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_initterm_e
_configure_narrow_argv
_wassert
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_wfopen
fflush
fclose
__stdio_common_vfprintf
fseek
__acrt_iob_func
fgetc
ftell
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite

api-ms-win-crt-math-l1-1-0

_CIatan2
_CIfmod
_fdclass
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_log10_precise
roundf
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor
_dclass

api-ms-win-crt-filesystem-l1-1-0

_access
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alterNative updated/loader.exe
.exe windows:6 windows x86 arch:x86

5f0cbf93fb1b047015c214a0c4bd0139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcessId
CreateRemoteThread
GetExitCodeThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
OpenProcess
GetVersionExA
WriteProcessMemory
GetModuleHandleA
GetProcAddress
LoadLibraryA
IsBadReadPtr
FindFirstFileA
GetLastError
CreateMutexA
CreateThread
GetModuleFileNameA
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

user32

MessageBoxA
GetWindowRect
SetForegroundWindow
GetSystemMetrics
LoadIconA
DialogBoxParamA
IsWindowVisible
MoveWindow
ShowWindow
PostMessageA
SendMessageA
EndDialog

shell32

ShellExecuteA
Shell_NotifyIconA

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e06a31b17ac88a48537e9cf21bd2cc8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp140

opengl32

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 425KB - Virtual size: 425KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 2KB - Virtual size: 157KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 27KB - Virtual size: 26KB

5f0cbf93fb1b047015c214a0c4bd0139

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 5KB

.msvcjmc Size: 512B - Virtual size: 38B

.rsrc Size: 412KB - Virtual size: 412KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 425KB - Virtual size: 425KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 2KB - Virtual size: 157KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.msvcjmc
Size: 512B - Virtual size: 38B

.rsrc
Size: 412KB - Virtual size: 412KB

.reloc
Size: 4KB - Virtual size: 4KB