C:\Users\titan\Desktop\SRC\NewConfigCSA\ConfigCSAEngine\x64\Release\ConfigCSAEngine.pdb
Static task
static1
1 signatures
General
-
Target
ConfigCSA.rar
-
Size
480KB
-
MD5
be8113acaee49d169eb31d01486904cf
-
SHA1
a4ce2bdbe72e2ec91706fa82401b1e7d5b71abf7
-
SHA256
2f1c1441dfffca770a07623df06d6d5ae7e48623ca16f468c6dc6a7f17b53cb5
-
SHA512
b5e6bcade1396c13577209d37abf294489c09c41a4684c37e23f6282cd64f1bf4056f211a4689ad8d67856bebd923818c4e6eb09e32816d2fcf933722347a1bb
-
SSDEEP
12288:G9R6K274UJwM58K3zc4aEzc4aKMy5Myf7acllRpiwW:URc74mX51g4ar4ayljaol3hW
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/ConfigCSA/ConfigCSAEngine.exe unpack001/ConfigCSA/ReturnKeys.exe
Files
-
ConfigCSA.rar.rar
-
ConfigCSA/ConfigCSAEngine.exe.exe windows:6 windows x64 arch:x64
8ba4bb05d1979eefa57e7cb11a5e9a33
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
DeviceIoControl
WaitForMultipleObjects
CreateFileA
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
SetPriorityClass
GetCurrentProcess
WriteConsoleW
HeapSize
SetStdHandle
CreateEventA
Sleep
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
WaitForSingleObject
CreateFileW
CreateEventW
GetLastError
SetEvent
WaitForSingleObjectEx
CreateThread
GetOverlappedResult
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
MultiByteToWideChar
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
ReleaseSRWLockExclusive
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
DuplicateHandle
CreateProcessW
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind
user32
MessageBoxA
BlockInput
advapi32
GetUserNameA
ole32
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
oleaut32
VariantClear
SysAllocString
SysFreeString
wininet
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
ws2_32
WSAStartup
htons
accept
bind
recv
send
socket
listen
winmm
sndPlaySoundA
timeBeginPeriod
setupapi
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
Sections
.text Size: 362KB - Virtual size: 362KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ConfigCSA/Login
-
ConfigCSA/ReturnKeys.exe.exe windows:6 windows x64 arch:x64
00cdf0dd5fa11b116473156c121b3324
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\User\Desktop\SRC\NewAimAssist\ReturnKeys\x64\Release\ReturnKeys.pdb
Imports
kernel32
HeapFree
DeviceIoControl
WaitForMultipleObjects
CreateFileA
CloseHandle
HeapAlloc
GetProcessHeap
CreateEventA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
memcpy
__C_specific_handler
_CxxThrowException
__current_exception_context
__std_exception_copy
memset
__current_exception
memmove
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_c_exit
__p___argc
_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
exit
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
_set_fmode
__stdio_common_vsprintf
__p__commode
__acrt_iob_func
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
_callnewh
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout
Sections
.text Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 936B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ConfigCSA/Sound/Act.wav
-
ConfigCSA/Sound/ActToggle.wav
-
ConfigCSA/Sound/Desact.wav
-
ConfigCSA/Sound/DesactToggle.wav
-
ConfigCSA/Sound/Save.wav
-
ConfigCSA/current_config.bin