e4977081b070d8ef8afe4477ee1cf9be19dde4063cc3f9ca88eac98a11656b18[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e4977081b070d8ef8afe4477ee1cf9be19dde4063cc3f9ca88eac98a11656b18.exe
Size

1.8MB
MD5

faff67fcc2669dd6006bb6b1872922f2
SHA1

88ab34140c37133755982a3f2b2b5932ad484f92
SHA256

e4977081b070d8ef8afe4477ee1cf9be19dde4063cc3f9ca88eac98a11656b18
SHA512

aad021fc60dbfa756cf584dc2d879b515fb84f47a00446ce8399c60167e7bc09930f6db928cb3e818869ea492a0b5982e5de4479b19aaa4cb396d3fbebf20693
SSDEEP

24576:Mn+P4LP6nis+GOLIUnNv7pLyyAVeahQdiH2M7wjHYC1eVuQs:BZ+G+/nNv7p2yAVxhQY2M7e4C1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4977081b070d8ef8afe4477ee1cf9be19dde4063cc3f9ca88eac98a11656b18.exe

Files

e4977081b070d8ef8afe4477ee1cf9be19dde4063cc3f9ca88eac98a11656b18.exe
.dll windows:6 windows x64 arch:x64

6ce5a0fe92cd6200350979b53716f64e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\canib\OneDrive\Desktop\ПРОЧЕЕ\MR.V1.5 (OBNOVA)\x64\Release\EasyAntiCheat.pdb

Imports

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

d3dcompiler_43

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

winmm

PlaySoundA

user32

GetKeyState
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DefWindowProcW
CallWindowProcW
MessageBoxW
SetWindowLongPtrW
GetSystemMetrics
GetWindowLongPtrW
GetAsyncKeyState
CreateWindowExA
RegisterClassExA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

kernel32

GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
HeapCreate
VirtualQuery
VirtualAlloc
VirtualFree
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateThread
GetCurrentThread
DisableThreadLibraryCalls
Sleep
GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
VirtualProtect
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
SetLastError
TerminateProcess
CloseHandle
GetSystemInfo
HeapAlloc

vcruntime140

memchr
memcmp
memmove
__std_exception_destroy
__std_exception_copy
strstr
__C_specific_handler
_CxxThrowException
memset
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vsprintf
_wfopen
fclose
fflush
ftell
fwrite
fseek
fread
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

atof

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

acosf
fmodf
powf
atan2f

Sections

.text
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce5a0fe92cd6200350979b53716f64e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

d3dcompiler_43

d3d11

winmm

user32

imm32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

vcruntime140_1

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 354KB - Virtual size: 353KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 13KB - Virtual size: 13KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 77KB - Virtual size: 76KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 354KB - Virtual size: 353KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 13KB - Virtual size: 13KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 77KB - Virtual size: 76KB

.reloc
Size: 1KB - Virtual size: 1KB