98bcbba054dc7fb729d086278fa14383

Sharing

Copy URL Twitter E-mail

General

Target

98bcbba054dc7fb729d086278fa14383
Size

137KB
MD5

98bcbba054dc7fb729d086278fa14383
SHA1

e789bff12dd9e1d67f1aa24c921248f176b57efc
SHA256

91eb951284495a35b5ac895cb53629ff69217cd54bf49f6363768d1a0abbdbbc
SHA512

cf2580ba07858e69795d9763a6d1dfb43029a33cc9ec523f3b4b49b8d46fad6e5b79a1a70a4df34bd96d1a5a37cdd98423a4bcecb323655ca82dfc0542025101
SSDEEP

3072:pd8e4bBCHr5uWHsTxBYTZgeCvO03kHTMJ2Fo:pGe4b8Lg9DYTOjO00HIJGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Clan Spin/GDFwSvc.exe
unpack001/Clan Spin/rev0lt/bin/rev0lt.dll

Files

98bcbba054dc7fb729d086278fa14383
.rar
Clan Spin/GDFwSvc.exe
.exe windows:4 windows x86 arch:x86

e7075482c29e949390e49ccafcdce0e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Ex777\Desktop\Rev0lt\Rev0lt Loader\release\Rev0lt Loader.pdb

Imports

kernel32

Sleep
CloseHandle
CreateRemoteThread
GetProcAddress
CreateMutexA
VirtualAllocEx
GetLastError
OpenProcess
GlobalFree
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
lstrlenA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetTickCount
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateThread
GetModuleHandleA
FindFirstFileA
WriteProcessMemory
WriteFile
GetCurrentDirectoryA

user32

GetWindowLongA
SetWindowLongA
LoadCursorA
RegisterClassExA
GetClassInfoExA
TranslateMessage
DispatchMessageA
GetMessageA
CreateWindowExA
SetRect
GetClientRect
DrawTextA
GetWindowTextA
GetParent
SetWindowTextA
DefWindowProcA
EndPaint
PostQuitMessage
SetWindowPos
SetWindowRgn
InvalidateRect
UnregisterClassA
LoadIconA
UpdateWindow
SendMessageA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
ShowWindow
PostMessageA
LoadImageA
BeginPaint

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

BitBlt
GetObjectA
ExtCreateRegion
CombineRgn
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GetCurrentObject
SetTextColor
CreateFontA
SetBkMode

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Clan Spin/rev0lt/bin/rev0lt.dll
.dll windows:4 windows x86 arch:x86

60a6a61741598595851e0867d2c79dd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Dokumente und Einstellungen\Dieter Detmers\Eigene Dateien\HL²\AldiSkill's Hack\AldiSkill's Hack v1\Bunny 1.2\HL2\Release\HL2.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualProtect
Sleep
CreateThread
GetModuleFileNameA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
RaiseException
SetFilePointer
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
ReadFile

tier0

Error
g_pMemAlloc
GetCPUInformation

vstdlib

Q_snprintf
KeyValuesSystem

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Clan Spin/rev0lt/skin/Main.bmp
Clan Spin/rev0lt/skin/Mask.bmp
Clan Spin/rev0lt/skin/Thumbs.db
Clan Spin/rev0lt/skin/skin.ini
cs-warfoog.ucoz.ru.URL

Sharing

General

Malware Config

Signatures

Files

e7075482c29e949390e49ccafcdce0e2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

gdi32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 68KB - Virtual size: 66KB

60a6a61741598595851e0867d2c79dd2

Headers

File Characteristics

PDB Paths

Imports

kernel32

tier0

vstdlib

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 54KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 68KB - Virtual size: 66KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 54KB

.reloc
Size: 16KB - Virtual size: 15KB