Static task
static1
General
-
Target
PartialSource.rar
-
Size
8.8MB
-
MD5
5f4fb1831bb3bd9a1422db2d085de0e1
-
SHA1
2ddaa992c94160a53431bd74dc537d8f386695b9
-
SHA256
0b152e7497d907b3af76696724b1d24c77675f88ce180571a92f49c8c1c6212e
-
SHA512
a427030db150fdc5a03227ac4fe205e0ac6cc309c227f982e215e8a755a223457d79a736f188205a35c8341e18c62a31f31699e9b2ce955641c05996d46fa09e
-
SSDEEP
196608:eBT30dtXmQJI3Jvw3Axq3lZtbFbyVSFW2B7iRHT+atq1zVFCCsfeN:eBTWIWQ8lZV+EtB7WHfs1vH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Halloween Mod Menu Source/samples/NativeTrainer/bin/Release/NativeTrainer.asi
Files
-
PartialSource.rar.rar
-
Halloween Mod Menu Source/inc/enums.h
-
Halloween Mod Menu Source/inc/main.h
-
Halloween Mod Menu Source/inc/nativeCaller.h
-
Halloween Mod Menu Source/inc/natives.h
-
Halloween Mod Menu Source/inc/types.h
-
Halloween Mod Menu Source/lib/ScriptHookV.lib
-
Halloween Mod Menu Source/readme.txt
-
Halloween Mod Menu Source/samples/NativeSpeedo.sln
-
Halloween Mod Menu Source/samples/NativeSpeedo/NativeSpeedo.vcxproj
-
Halloween Mod Menu Source/samples/NativeSpeedo/NativeSpeedo.vcxproj.filters
-
Halloween Mod Menu Source/samples/NativeSpeedo/main.cpp
-
Halloween Mod Menu Source/samples/NativeSpeedo/script.cpp
-
Halloween Mod Menu Source/samples/NativeSpeedo/script.h
-
Halloween Mod Menu Source/samples/NativeSpeedo/textures/NativeSpeedoArrow.png.png
-
Halloween Mod Menu Source/samples/NativeSpeedo/textures/NativeSpeedoBack.png.png
-
Halloween Mod Menu Source/samples/NativeSpeedo/utils.cpp
-
Halloween Mod Menu Source/samples/NativeSpeedo/utils.h
-
Halloween Mod Menu Source/samples/NativeTrainer.sdf
-
Halloween Mod Menu Source/samples/NativeTrainer.sln
-
Halloween Mod Menu Source/samples/NativeTrainer.v12.suo
-
Halloween Mod Menu Source/samples/NativeTrainer/NativeTrainer.vcxproj
-
Halloween Mod Menu Source/samples/NativeTrainer/NativeTrainer.vcxproj.filters
-
Halloween Mod Menu Source/samples/NativeTrainer/bin/Release/NativeTrainer.asi.dll windows:6 windows x64 arch:x64
adf6ba362a428346cc66cbbbf2e3a9c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetTickCount
CreateFileW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
HeapAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetTimeZoneInformation
RtlUnwindEx
HeapSize
SetLastError
HeapFree
RtlPcToFileHeader
RaiseException
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CompareStringW
CloseHandle
user32
GetAsyncKeyState
scripthookv
?nativeCall@@YAPEA_KXZ
?nativeInit@@YAX_K@Z
?nativePush64@@YAX_K@Z
?scriptWait@@YAXK@Z
?scriptUnregister@@YAXPEAUHINSTANCE__@@@Z
?keyboardHandlerUnregister@@YAXP6AXKGEHHHH@Z@Z
?keyboardHandlerRegister@@YAXP6AXKGEHHHH@Z@Z
?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
Sections
.text Size: 267KB - Virtual size: 266KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Halloween Mod Menu Source/samples/NativeTrainer/keyboard.cpp
-
Halloween Mod Menu Source/samples/NativeTrainer/keyboard.h
-
Halloween Mod Menu Source/samples/NativeTrainer/main.cpp
-
Halloween Mod Menu Source/samples/NativeTrainer/script.cpp
-
Halloween Mod Menu Source/samples/NativeTrainer/script.h
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.log
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/CL.read.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/CL.write.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/NativeTrainer.lastbuildstate
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/cl.command.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/link.command.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/link.read.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/NativeTrainer.tlog/link.write.1.tlog
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/keyboard.obj
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/main.obj
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/script.obj
-
Halloween Mod Menu Source/samples/NativeTrainer/tmp/Release/vc120.pdb
-
Halloween Mod Menu Source/samples/Pools.sln
-
Halloween Mod Menu Source/samples/Pools/Pools.vcxproj
-
Halloween Mod Menu Source/samples/Pools/Pools.vcxproj.filters
-
Halloween Mod Menu Source/samples/Pools/main.cpp
-
Halloween Mod Menu Source/samples/Pools/script.cpp
-
Halloween Mod Menu Source/samples/Pools/script.h