quyengabon hack[.]exe

Resubmissions

20/02/2024, 09:28

240220-lfc4xaeh88 3

Sharing

Copy URL Twitter E-mail

General

Target

quyengabon hack.exe
Size

335KB
MD5

4c86bd4a91f3c5bfecf5c11b68a3762b
SHA1

d7dd40b821ab47551b9fdec9235db165d954ed06
SHA256

b336095582c8e96df864275520955a21f5742d9bbd6934d299dd178130c06db6
SHA512

5a439d24bdc86db7124b0b35e26c0f9f33786181f821d5996872b9155de626f0577908b6b8063cec1fbbf5110e3e85eb23f3f92d96f453ead179a175320aab1a
SSDEEP

6144:9h2ODGuc79HTNsy3cVqsDszjO49DOFy4PganSTxkJTIkm:SODoB36xDjeDOF6anSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quyengabon hack.exe

Files

quyengabon hack.exe
.exe windows:6 windows x64 arch:x64

4cfdf9f142d03ba26cd59b4cf4d5c250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\q\Downloads\Farlight-84-External-main bloodstrcik\Farlight-84-External-main\x64\Release\HackExternal.pdb

Imports

kernel32

QueryPerformanceCounter
SetLastError
GetLastError
CreateThread
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GlobalUnlock
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQueryEx
ReadProcessMemory
GetModuleHandleA
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
CloseHandle
Process32Next
CreateToolhelp32Snapshot
CreateFileW
ReleaseSRWLockExclusive
LoadLibraryA
DeviceIoControl
IsProcessorFeaturePresent
Process32First

user32

GetWindowThreadProcessId
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
EnumWindows
DefWindowProcA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
ClientToScreen
GetCapture
CreateWindowExA
GetActiveWindow
TranslateMessage
LoadIconA
MessageBoxA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient

msvcp140

??Bios_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9Ex

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
memchr
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memcmp

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
fwrite
__p__commode
_set_fmode
fseek
fclose
fflush
__acrt_iob_func
ftell
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_initterm_e
system
_initterm
_get_initial_narrow_environment
_set_app_type
exit
_seh_filter_exe
_cexit

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

cosf
fmodf
__setusermatherr
sqrtf
acosf
atan2f
ceilf
sinf
powf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

advapi32

GetTokenInformation
OpenProcessToken

ntdll

NtQueryVirtualMemory
NtReadVirtualMemory

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4cfdf9f142d03ba26cd59b4cf4d5c250

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

dwmapi

imm32

d3d9

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

ntdll

Sections

.text Size: 266KB - Virtual size: 266KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 1KB - Virtual size: 8KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 308B

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 1KB - Virtual size: 8KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 308B