SoTExternal_[unknowncheats[.]me]_[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SoTExternal_[unknowncheats.me]_.zip
Size

163KB
MD5

c71d7e340d92fb450eb5e65a56e46e3e
SHA1

55b08870f5dc6f1d8620fdb224557bc33ca5b6d8
SHA256

9d5e75d372c265aa838b13726c7dd0bb7f8f7c4f65756f96b3ef5bc160b2beab
SHA512

b598fcfcbe5e83a4d1e90a441dac59757134f838d74d513c011a3da90adb867f42761a61a8038cbacf4a9212004bf17711796097d54ac47dd809aa34d912d080
SSDEEP

3072:SpknQe+cFiliaFgXSF+Moas64CvVvKPOR06P+zCrnNcXYS5WCyCDKNSmhB3Nx:ukHNmiMCSb4C9yPZ9CrBQ8QqZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SoTExternal/SoTExternalV3.2.1.exe

Files

SoTExternal_[unknowncheats.me]_.zip
.zip
SoTExternal/SoTExternalV3.2.1.exe
.exe windows:6 windows x64 arch:x64

ef6f63d9c249d098ed2f6408f7b17b96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\breez\Desktop\ESPV3\x64\Release\SoTExternalV3.pdb

Imports

kernel32

ReadProcessMemory
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
Module32Next
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualQueryEx
FormatMessageA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetLocaleInfoEx
LocalFree

user32

GetForegroundWindow
IsZoomed
GetWindowRect
TranslateMessage
FindWindowA
DispatchMessageA
LoadCursorA
ShowWindow
PeekMessageA
PostQuitMessage
RegisterClassExA
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
OpenClipboard
MoveWindow
CloseClipboard
EmptyClipboard
MessageBoxA
GetClipboardData
SetClipboardData
GetAsyncKeyState

msvcp140

?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
_To_wide
_Close_dir
_Open_dir
_Make_dir
_Current_get
_Read_dir
_Stat
_To_byte
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateLine
D3DXCreateFontA

dwmapi

DwmExtendFrameIntoClientArea
DwmGetWindowAttribute

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
memmove
memcpy
__current_exception
__C_specific_handler
__std_type_info_destroy_list
__std_type_info_name
_purecall
memcmp
__std_type_info_compare
__std_terminate
memchr
__std_exception_copy
__std_exception_destroy
__current_exception_context

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
terminate
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_crt_at_quick_exit
_errno
_crt_atexit
_execute_onexit_table
_wassert
_configure_narrow_argv
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
exit
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fputc
_set_fmode
fgetc
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
__p__commode
fwrite
_get_stream_buffer_pointers
fclose
fflush

api-ms-win-crt-math-l1-1-0

sinf
cosf
_dclass
_dsign
sqrtf
tanf
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-time-l1-1-0

clock

Sections

.text
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoTExternal/config

Sharing

General

Malware Config

Signatures

Files

ef6f63d9c249d098ed2f6408f7b17b96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

d3d9

d3dx9_43

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 328KB - Virtual size: 328KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 472B

.text
Size: 328KB - Virtual size: 328KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 472B