Nova-Cheats-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Nova-Cheats-main.zip
Size

166KB
MD5

dc3961f8dae8bcc849a0fad2ea645a2c
SHA1

de8729cef0c4d5303ea008f5198d908721de1fa8
SHA256

91e790462d0ce399a46d555dcf7fc2446911e5e004de0fc1cdfb0cbd480f6053
SHA512

f59919dad8b4fb0331f0ec0655bd3552c8eef89be8d434c30f2c4821776d228e81596881d5105ae3873065ca4f3ea043221e9d368dbebd3de7682c76c1ca9aa1
SSDEEP

3072:20TAGTQuy6M6KYi0BVVP2Akebo3KxyyImSI2YRNj0:20TAGTQ4PVVfM6xoIZRNj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nova-Cheats-main/Nova Cheet/FortinayteLababagi.dll
unpack001/Nova-Cheats-main/Nova Cheet/injector.exe

Files

Nova-Cheats-main.zip
.zip
Nova-Cheats-main/Nova Cheet/FortinayteLababagi.dll
.dll windows:6 windows x64 arch:x64

266f5704187ecb055934835b5d29e3d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miguel\Documents\srcs\nova\x64\Release\FortinayteLababagi.pdb

Imports

kernel32

CloseHandle
FreeConsole
CreateThread
AllocConsole
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
HeapFree
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
FreeLibraryAndExitThread
HeapReAlloc
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
GetProcAddress
ReleaseSRWLockExclusive
Sleep
GetModuleHandleA
CreateToolhelp32Snapshot
VirtualProtect

user32

RegisterClassExW
DestroyWindow
DefWindowProcW
GetKeyState
ScreenToClient
CreateWindowExW
UnregisterClassW
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCursor
GetClientRect
MessageBoxA
SetWindowLongPtrW
CallWindowProcW
GetAsyncKeyState
GetSystemMetrics
SetClipboardData
SetCapture
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memcpy
memmove
__std_type_info_destroy_list
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
fflush
fclose
fseek
__stdio_common_vsprintf
fwrite
_wfopen
__stdio_common_vsscanf
fread
freopen_s

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

atan2f
ceilf
floorf
fmodf
asinf
sqrtf
cosf
powf
sinf

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nova-Cheats-main/Nova Cheet/Process key.txt
Nova-Cheats-main/Nova Cheet/injector.exe
.exe windows:6 windows x64 arch:x64

41d47768be27a1b9dc153c47ae3e0cb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\CruZ\Desktop\Simple-Manual-Map-Injector\x64\Release\Injector-x64.pdb

Imports

kernel32

LoadLibraryA
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetLastError
GetCurrentProcess
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsWow64Process
GetCurrentProcessId
Sleep
RtlAddFunctionTable
GetExitCodeProcess
WriteProcessMemory
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
_CxxThrowException
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
__C_specific_handler
memset
memmove

api-ms-win-crt-stdio-l1-1-0

setvbuf
ungetc
__p__commode
fwrite
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fgetc
fclose
fflush
fsetpos
fputc
fread
__stdio_common_vfprintf
__acrt_iob_func
fgetpos

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_invalid_parameter_noinfo_noreturn
system
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_configure_wide_argv
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initialize_wide_environment
terminate
_get_initial_wide_environment
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

266f5704187ecb055934835b5d29e3d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

imm32

d3dcompiler_47

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 496B

41d47768be27a1b9dc153c47ae3e0cb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 888B

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 140B

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 888B

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 140B