99fa21f5792d9c07f41d26f26bf6b08d

Sharing

Copy URL Twitter E-mail

General

Target

99fa21f5792d9c07f41d26f26bf6b08d
Size

4.5MB
MD5

99fa21f5792d9c07f41d26f26bf6b08d
SHA1

b7cc9522ab11de4e320284fff63bca446eb6ff04
SHA256

92601851aa91c18b17991ab1651dd87397498d761b7c8d5c1a4e0d57d8608dd0
SHA512

d679a0b2b6e21fbf829018aabba060735385719cdd95e8205293ef322942ea5eaccaa4c1e46bff5d0babb7075560753c8a1cfd50f22fcfecdc2f9b2c885f5837
SSDEEP

98304:KLLr64DoH4DMMSppxg+yvg9Cu0kb9+BWCoccg8biAUaLaZWuSdz:K3rNoYgj/+qmnoZiAUHZWuiz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/mod_menu_externo_v1.2/GH Injector x64/GH Injector - x64.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mod_menu_externo_v1.2/FiveM mod menu v1.2.dll
unpack001/mod_menu_externo_v1.2/GH Injector x64/GH Injector - x64.dll
unpack001/mod_menu_externo_v1.2/GH Injector x64/GH Injector - x64.exe
unpack002/out.upx

Files

99fa21f5792d9c07f41d26f26bf6b08d
.zip
mod_menu_externo_v1.2/FiveM mod menu v1.2.dll
.dll windows:6 windows x64 arch:x64

3d578470315610b8b9529d427f6be2e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z

dbghelp

ImageDirectoryEntryToDataEx

winmm

timeGetTime

vcruntime140

__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

sqrtf

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-heap-l1-1-0

_aligned_free

Sections

.text
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.i1
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mod_menu_externo_v1.2/GH Injector x64/GH Injector - x64.dll
.dll windows:6 windows x64 arch:x64

4269d9f4fc5129def70d1dfac5155bfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\konra\Desktop\GH Injector 3.0\GH Injector Library\Release\x64\GH Injector - x64.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetLastError
LoadLibraryA
ReadProcessMemory
WriteProcessMemory
VirtualFree
GetHandleInformation
VirtualAlloc
GetTempPathW
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
CopyFileW
VirtualFreeEx
GetTickCount
DisableThreadLibraryCalls
IsWow64Process
GetCurrentThreadId
SuspendThread
ResumeThread
GetExitCodeThread
CloseHandle
DeleteFileW
QueueUserAPC
GetThreadContext
SetThreadContext
OpenThread
GetExitCodeProcess
Wow64SetThreadContext
Wow64GetThreadContext
Wow64SuspendThread
CreateProcessW
GetFileAttributesW
Module32FirstW
GetCurrentProcessId
Module32NextW
RtlLookupFunctionEntry
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
OpenProcess
DuplicateHandle
GetProcessId
Sleep
GetCurrentProcess
RtlCaptureContext

user32

GetWindowThreadProcessId
IsWindowVisible
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
SendMessageA
GetClassNameW
SetForegroundWindow
GetWindowTextW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken

msvcp140

??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ

wtsapi32

WTSQueryUserToken

vcruntime140

memset
memmove
__std_type_info_destroy_list
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
strchr
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs_s

api-ms-win-crt-stdio-l1-1-0

fgetwc
ungetwc
fputwc
setvbuf
__stdio_common_vswprintf
fputc
_get_stream_buffer_pointers
fflush
fclose
_fseeki64
fgetc
fread
fsetpos
fwrite
ungetc
fgetpos

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_wrename
_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

InjectA
InjectW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mod_menu_externo_v1.2/GH Injector x64/GH Injector - x64.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mod_menu_externo_v1.2/GH Injector x64/GH Injector Config.ini

Sharing

General

Malware Config

Signatures

Files

3d578470315610b8b9529d427f6be2e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

dbghelp

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: - Virtual size: 696KB

.rdata Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 364KB

.pdata Size: - Virtual size: 38KB

.i0 Size: - Virtual size: 2.0MB

.i1 Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 512B - Virtual size: 469B

4269d9f4fc5129def70d1dfac5155bfe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

wtsapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 180B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 378KB - Virtual size: 380KB

.rsrc Size: 500KB - Virtual size: 504KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 23KB - Virtual size: 44KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 507KB - Virtual size: 507KB

.text
Size: - Virtual size: 696KB

.rdata
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 364KB

.pdata
Size: - Virtual size: 38KB

.i0
Size: - Virtual size: 2.0MB

.i1
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 180B

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 378KB - Virtual size: 380KB

.rsrc
Size: 500KB - Virtual size: 504KB

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 23KB - Virtual size: 44KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 507KB - Virtual size: 507KB

.reloc
Size: 3KB - Virtual size: 2KB