Spoof[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Spoof.rar
Size

1.1MB
MD5

fbc567850396fd4ec0dc0bc41c8a01d2
SHA1

942bc819af7a5a0cab03a1a973d14a51db8befb8
SHA256

ffd618ed957ffb2c8d0d3730b94504a261682cf8a2aadc2d371d3fd2a227adcd
SHA512

5bcc7be374aa3b9bf4b69b7f51be9dac67b8cab3a57ac0dad0bfa8281cb5aaccb97bfb9818512764c18d7143ae4119be867a5dc593730925262f81f317729303
SSDEEP

24576:rEQZRx5NbUnrkjkr6fLPGXYmY0SjSrq4XyhSj1XfrgS8IqHnaV1w0nz:rEQvNAwu6fLPGomYrSrq4X2SJfrunHnI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HWID Spoofer.exe

Files

Spoof.rar
.rar

Password: rfgtn
HWID Spoofer.exe
.exe windows:6 windows x64 arch:x64

Password: rfgtn

b9e983240c9d4490452f0be542557c75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
VerifyVersionInfoW
CloseHandle
WaitForSingleObject
Sleep
GetExitCodeProcess
AllocConsole
GetCurrentProcessId
GetCurrentThread
OpenProcess
VirtualProtectEx
WriteProcessMemory
SetLastError
GetSystemInfo
GetCurrentProcess
VirtualAlloc
VirtualFree
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
SetFileInformationByHandle
GetModuleHandleA
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GlobalAlloc

user32

UpdateWindow
SetClipboardData
GetDesktopWindow
FindWindowA
OpenClipboard
GetWindowRect
CloseClipboard
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
BlockInput
PostQuitMessage
GetClipboardData
EmptyClipboard
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
IsChild
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
IsIconic
BringWindowToTop
SetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
SetWindowTextW
GetClientRect
AdjustWindowRectEx
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
PeekMessageA
ScreenToClient
WindowFromPoint
GetWindowLongW
SetWindowLongA
SetWindowLongW
LoadCursorA
MonitorFromWindow
GetMonitorInfoA
EnumDisplayMonitors
TranslateMessage
DispatchMessageA
PostMessageA

gdi32

GetDeviceCaps

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ntdll

NtRaiseHardError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAdjustPrivilege

vcruntime140

memcmp
__std_exception_copy
__std_exception_destroy
_CxxThrowException
wcsstr
__C_specific_handler
__current_exception
__current_exception_context
memchr
strstr
memset
memmove
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fgetc
fgetpos
fputc
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
fsetpos
_set_fmode
_fseeki64
_pclose
_popen
setvbuf
fgets
ungetc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
acosf
cosf
fmodf
__setusermatherr
ceilf

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_crt_atexit
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_beginthreadex
terminate
_cexit
_invalid_parameter_noinfo_noreturn
system

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
READ ME!!!.txt

Sharing

General

Malware Config

Signatures

Files

Password: rfgtn

Password: rfgtn

b9e983240c9d4490452f0be542557c75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

d3d9

d3dx9_43

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 381KB - Virtual size: 380KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 202KB - Virtual size: 204KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 268KB - Virtual size: 268KB

.reloc Size: 512B - Virtual size: 380B

.text
Size: 381KB - Virtual size: 380KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 202KB - Virtual size: 204KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 268KB - Virtual size: 268KB

.reloc
Size: 512B - Virtual size: 380B