59_L4D2V Reborn V0301HF1_18[.]02[.]24[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

59_L4D2V Reborn V0301HF1_18.02.24.zip
Size

1.0MB
MD5

a9a76a17b9d6742509f7d9d8b47cd859
SHA1

fc1170bdd42b8552e7ae5b368b80d937b1f1e298
SHA256

0b53d8e36caa9054fae88a27ae788781e21f726b8bff837dbce50dc4a271a997
SHA512

4549f74685afb191b25bfbb7ee330ccc016039d1e9dc46a12d3bf3bf65035f91a03831dfcbe416ff330282aca5db29dac0ef64171d07926f8ba28ab9659f98b8
SSDEEP

24576:vD9ERg2kF3s/0qNGgOyKNFvSJFu8Ob6bxUb6RVYr:vZkg2kZq4g2v0FldxUb8+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MD5 Changer.exe
unpack001/SKernelInjector.exe
unpack001/VR.dll

Files

59_L4D2V Reborn V0301HF1_18.02.24.zip
.zip
MD5 Changer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Ryan\Documents\Visual Studio 2013\Projects\MD5 Changer\md5modify\obj\Debug\MD5 Changer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SKernelInjector.exe
.exe windows:6 windows x86 arch:x86

32378e9e17d975ffb2c8087263b06942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\l4d2\Win32\Release\SKernelInjector.pdb

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

vcruntime140

memset
__std_exception_copy
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__p__commode
__stdio_common_vfprintf

api-ms-win-crt-conio-l1-1-0

_getwch

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
__p___argc
_exit
exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm

api-ms-win-crt-string-l1-1-0

strcat_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VR.dll
.dll windows:6 windows x86 arch:x86

64586dd7b2b1b20b8b7dcb01b0e2da74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\l4d2\Win32\Release\VR.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
VerSetConditionMask
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
CreateFileA
FormatMessageA
SleepEx
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
GetLastError
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalFree
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
GlobalLock
GetModuleFileNameA
VirtualQuery
CreateDirectoryA
MultiByteToWideChar
CreateThread
VerifyVersionInfoW
GetTickCount64
VirtualProtect
SetUnhandledExceptionFilter

user32

EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
MessageBoxA
LoadCursorA
ClientToScreen
ReleaseCapture
GetWindowRect
SetCapture
GetCapture
GetAsyncKeyState
GetKeyState
SetCursorPos
GetDesktopWindow
GetForegroundWindow
IsChild
GetCursorPos
ScreenToClient
FindWindowA
CallWindowProcA
SetWindowLongA
GetActiveWindow
SetCursor
GetClientRect

libcef

cef_initialize
cef_shutdown
cef_do_message_loop_work
cef_api_hash
cef_log
cef_browser_host_create_browser_sync
cef_string_map_free
cef_string_utf16_cmp
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_string_map_alloc
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf16_clear

sdl2

SDL_GL_SetAttribute
SDL_ShowCursor
SDL_PollEvent
SDL_CaptureMouse
SDL_GL_SetSwapInterval
SDL_GetGlobalMouseState
SDL_GetWindowPosition
SDL_GL_MakeCurrent
SDL_SetMainReady
SDL_GetKeyboardFocus
SDL_Init
SDL_GetMouseState
SDL_GetError
SDL_GetBasePath
SDL_WarpMouseInWindow
SDL_FreeCursor
SDL_GetWindowWMInfo
SDL_GL_CreateContext
SDL_CreateWindow
SDL_GetCurrentVideoDriver
SDL_CreateSystemCursor
SDL_GL_SwapWindow
SDL_RaiseWindow
SDL_GL_DeleteContext
SDL_DestroyWindow
SDL_Quit
SDL_free
SDL_GetClipboardText
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GL_GetDrawableSize
SDL_GetWindowSize
SDL_SetCursor
SDL_SetClipboardText
SDL_GetModState
SDL_GetWindowFlags

opengl32

glTexImage2D
glPixelStorei
glTexParameteri
glTexEnvi
glGenTextures
glPopAttrib
glPopMatrix
glDisableClientState
glDrawElements
glBindTexture
glScissor
glColorPointer
glTexCoordPointer
glVertexPointer
glPushAttrib
glGetTexEnviv
glGetIntegerv
glOrtho
glLoadIdentity
glPushMatrix
glDeleteTextures
glPolygonMode
glEnableClientState
glDisable
glBlendFunc
glMatrixMode
glViewport
glClearColor
glClear
glEnable

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Query_perf_counter
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_sleep
_Xtime_get_ticks
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

xinput1_3

ord4
ord2

bcrypt

BCryptGenRandom

vcruntime140

__std_exception_destroy
__CxxFrameHandler3
strstr
_purecall
memset
__std_exception_copy
_CxxThrowException
strchr
memcpy
strrchr
memchr
memmove
longjmp
_setjmp3
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_terminate

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

floor
_fdopen
ceil
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
remainderf
_CIatan2
_CIfmod
_libm_sse2_acos_precise

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
_beginthreadex
_errno
__sys_nerr
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_read
_write
_fileno
_close
fseek
fread
fputc
_lseeki64
fwrite
ftell
__stdio_common_vsprintf_s
fgets
_wopen
__acrt_iob_func
feof
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
fputs
fflush
setvbuf
fsetpos
fopen_s
_fseeki64
__stdio_common_vsscanf
fclose
_wfopen
__stdio_common_vsprintf
fgetpos
fgetc
_get_stream_buffer_pointers
ungetc

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh
calloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_unlink
_wstat64
_waccess
_lock_file

api-ms-win-crt-string-l1-1-0

strncmp
strcpy_s
_wcsdup
strcspn
strncpy
_strdup
strpbrk
strspn
wcspbrk

api-ms-win-crt-convert-l1-1-0

strtoul
atof
strtol
atoi
wcstombs
strtoll

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

WSACloseEvent
send
getsockopt
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
socket
setsockopt
WSAIoctl
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
recv

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord219
ord145
ord46

advapi32

CryptHashData
CryptAcquireContextW
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptReleaseContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 558.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 173KB - Virtual size: 172KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 12B

32378e9e17d975ffb2c8087263b06942

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 608B

64586dd7b2b1b20b8b7dcb01b0e2da74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

libcef

sdl2

opengl32

msvcp140

imm32

xinput1_3

bcrypt

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

wldap32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 291KB - Virtual size: 558.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 80KB - Virtual size: 79KB

.text
Size: 173KB - Virtual size: 172KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 291KB - Virtual size: 558.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 80KB - Virtual size: 79KB