quasar | Fortnite-cheats-undetected--main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Fortnite-cheats-undetected--main.zip
Size

629KB
MD5

bbe3c6fadab19a68eb82987be52a7509
SHA1

b0e29ea01ca707430057fa6bcaed8340ca6c288e
SHA256

61c21fc27957bda548e3d648bb4b1002a79f9c654140863a9a36e8c4145f9ed5
SHA512

a89c40103531cd72d68bb47bd26428cebba6cf3f6b2ad2c47651e5bd019a967a05e88a74c3822c52389b0326187b67006e54c3fe516bea235c6e86b05baec249
SSDEEP

12288:S31vMxBE7DSlzVxlWYo7ljPv8DB0CEbJNo+Go+6uyImsGvdc:mJMH6mlzjct7l7UFvEFXjYxM2

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/Fortnite-cheats-undetected--main/BenMod Beta 1.1.exe	family_quasar

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Fortnite-cheats-undetected--main/Ben.sys
unpack001/Fortnite-cheats-undetected--main/BenMod Beta 1.1.exe
unpack001/Fortnite-cheats-undetected--main/Finder.exe

Files

Fortnite-cheats-undetected--main.zip
.zip
Fortnite-cheats-undetected--main/Ben.sys
.sys windows:10 windows x64 arch:x64

a70a3819f8d617b6088df0625740b273

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jojo0604\Desktop\kernel\x64\Release\kernel.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
ObfDereferenceObject
KeAttachProcess
KeDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
MmCopyVirtualMemory
PsGetProcessSectionBaseAddress
ZwProtectVirtualMemory
MmHighestUserAddress
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
IofCompleteRequest
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlRandomEx
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
RtlCompareUnicodeString
RtlGetVersion
MmUnmapIoSpace
MmMapIoSpaceEx
ZwSetValueKey
MmCopyMemory
PsGetProcessPeb

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fortnite-cheats-undetected--main/BenMod Beta 1.1.exe
.exe windows:5 windows x86 arch:x86

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\DarkCoderSc\Desktop\Celesty Binder\Stub\STATIC\Stub.pdb

Imports

kernel32

CreateFileA
FindResourceA
FreeLibrary
LoadResource
WriteFile
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
EnumResourceNamesA
CloseHandle
FreeResource
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fortnite-cheats-undetected--main/Finder.exe
.exe windows:6 windows x64 arch:x64

dc05b941cfcf2b45155d9541b3d972b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ryanj\Desktop\kdmapper-master\x64\Release\kdmapper.pdb

Imports

kernel32

GetModuleHandleA
GetTempPathA
GetLastError
CloseHandle
CreateFileW
GetProcAddress
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
FormatMessageA
InitializeCriticalSectionEx
VirtualAlloc
DeviceIoControl
VirtualFree
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
SetLastError
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree

advapi32

RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegSetKeyValueA
RegCreateKeyA

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
memmove
__current_exception
__std_exception_copy
__std_exception_destroy
memcmp
_CxxThrowException
__C_specific_handler
__current_exception_context
__std_terminate
memcpy

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fread
fsetpos
ungetc
_set_fmode
fputc
setvbuf
fgetpos
fwrite
__acrt_iob_func
__p__commode
__stdio_common_vfprintf
fgetc
fflush
fclose
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
exit
_initterm_e
terminate
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_initterm

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fortnite-cheats-undetected--main/README.md

Sharing

General

Malware Config

Signatures

Files

a70a3819f8d617b6088df0625740b273

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 61B

.pdata Size: 512B - Virtual size: 264B

INIT Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 32B

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 5KB - Virtual size: 4KB

dc05b941cfcf2b45155d9541b3d972b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 244B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 61B

.pdata
Size: 512B - Virtual size: 264B

INIT
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 32B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 244B