Surge recoil script[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Surge recoil script.rar
Size

2.7MB
MD5

4a3411f38cdce71d1121f2860c018156
SHA1

6b2dc73c856b277e85154b1bda0b5d2c94fa1038
SHA256

35d20c02a3a6e4940c05e9835c08cba7eace2683a7c6867602c42d35f0b29372
SHA512

9316fa776973728beb919376c1021a29a7edef1ed32c0b4322e17ac2cfebe8be2fc618f5b8d433c374f48e816ea379b03776c4cc0a13ec6353fc8db5e7a6faaa
SSDEEP

49152:OKCvY+dW+qk9f76TL7zLbIXtbzfajbb/zQWbcXFnil37QHvsHpII1my:OBvY2qkN2/7zfCtHfanbbQWIXFilLQCh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Surge recoil script/Rename so it don't get detected.exe

Files

Surge recoil script.rar
.rar

Password: 4kOnTop
Surge recoil script/Readme.txt
Surge recoil script/Rename so it don't get detected.exe
.exe windows:6 windows x64 arch:x64

Password: 4kOnTop

efdbc883dd91d66a4ff381cfc052538a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\44785\Desktop\Surge\x64\Release\Surge.pdb

Imports

kernel32

PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
CreateDirectoryW
GetFileAttributesExW
MoveFileExA
GetTickCount
GetFileType
VerifyVersionInfoA
FreeLibrary
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
QueryFullProcessImageNameW
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OutputDebugStringW
GetLastError
CloseHandle
GetConsoleWindow
Sleep
GetCurrentProcess
SetPriorityClass
QueryPerformanceCounter
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
ReadFile
GetEnvironmentVariableA
RtlVirtualUnwind
WaitForSingleObjectEx
MultiByteToWideChar
CreateFileW

user32

SetClipboardData
MessageBoxA
GetClipboardData
GetAsyncKeyState
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
FindWindowA
UpdateWindow
SendInput
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
UnregisterClassW
SetWindowTextW
RegisterClassExW
WindowFromPoint
ShowWindow
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
CreateWindowExW

gdi32

GetDeviceCaps

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

xinput1_3

ord2
ord4

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

normaliz

IdnToAscii

wldap32

ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord46
ord32
ord27
ord26
ord217
ord45
ord143
ord22
ord41
ord211
ord50

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
WSAGetLastError
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
bind
freeaddrinfo
recvfrom
connect
send
sendto
getaddrinfo
gethostname
ntohl
recv
closesocket

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
_CxxThrowException
memchr
__current_exception
memcpy
memmove
__C_specific_handler
memset
strrchr
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

_read
_write
_close
_open
__p__commode
ftell
__stdio_common_vfprintf
fputc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
_lseeki64
feof
fputs
fopen
fseek
fclose
fflush
__acrt_iob_func
_popen
_pclose
fgets
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetc
fgetpos

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcpy_s
tolower
strpbrk
strcmp
strcspn
strspn
isupper
_strdup

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_set_new_mode
_callnewh
calloc

api-ms-win-crt-runtime-l1-1-0

strerror
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
_getpid
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
exit
_register_onexit_function
_beginthreadex
terminate
_errno
_initterm
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
system
_exit
_initterm_e

api-ms-win-crt-convert-l1-1-0

strtod
atof
strtoll
strtol
strtoul
strtoull
atoi

api-ms-win-crt-math-l1-1-0

fmodf
powf
sqrtf
cosf
sinf
logf
ceilf
acosf
_dsign
_dclass
__setusermatherr
round
floorf

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access
_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce

shell32

ShellExecuteA

Sections

.text
Size: 742KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 2.3MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 4kOnTop

Password: 4kOnTop

efdbc883dd91d66a4ff381cfc052538a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp140

xinput1_3

imm32

d3d9

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

advapi32

shell32

Sections

.text Size: 742KB - Virtual size: 742KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 85KB - Virtual size: 88KB

.pdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: - Virtual size: 2KB

.vlizer Size: 2.3MB - Virtual size: 7.4MB

.text
Size: 742KB - Virtual size: 742KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 85KB - Virtual size: 88KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: - Virtual size: 2KB

.vlizer
Size: 2.3MB - Virtual size: 7.4MB