Static task
static1
General
-
Target
Cheat.dll
-
Size
346KB
-
MD5
7f17f3b4eae116c7dcc2b85588f5c813
-
SHA1
fd69b2ad1935f23c6f3438c6003ec76651161c3d
-
SHA256
d19d79b4ed184f34ae81f8dd82f110e3cdefa87c16a169f5f0def110853611a3
-
SHA512
2af204e50da272f6fda0f3aca17af4afbf19fef208e79b60ce3c5645313834d7c8fbe506d5bf775e74123e556ea0b7bfe659806c7359111300241a2ea30d8e44
-
SSDEEP
6144:/pB6UBjisOuz2tUTB8CU3wDnNNaBRUBezPdNZGEiqnuFNU/:/C0kunpDLa8SlNMlqnx
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Cheat.dll
Files
-
Cheat.dll.dll windows:6 windows x64 arch:x64
1103d0835907ee5242cf8c52a9b7a82b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
CreateThread
GetCurrentProcess
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GlobalLock
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetCurrentThread
CloseHandle
GetLastError
CreateFileA
WriteFile
ReadFile
GetTickCount64
GetModuleHandleA
user32
SetClipboardData
DestroyWindow
DefWindowProcA
CreateWindowExA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
UnregisterClassA
SetWindowLongPtrA
RegisterClassExA
CallWindowProcA
GetForegroundWindow
GetMessageExtraInfo
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
d3d11
D3D11CreateDeviceAndSwapChain
vcruntime140
memmove
memchr
__std_type_info_destroy_list
_CxxThrowException
memset
memcpy
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memcmp
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
fclose
fflush
ftell
_wfopen
fseek
__acrt_iob_func
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
fwrite
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_initterm_e
_crt_atexit
_initterm
_cexit
_configure_narrow_argv
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncpy
strncmp
strcmp
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
cosf
fmodf
sinf
sqrtf
acosf
ceilf
Sections
.text Size: 268KB - Virtual size: 268KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ