Resubmissions
29-02-2024 06:41
240229-hf7rqshe22 3Static task
static1
General
-
Target
cs2-dumper.exe
-
Size
2.7MB
-
MD5
decad1a161eaf5642c9714589ef0d061
-
SHA1
bafbffb507df7c9fa54922d2c13c310cbbb4f3b4
-
SHA256
f2b0ba443d793d91f10fd684cc31320c5994809016c7bd8c8680b1896d5db14c
-
SHA512
605cb3aaf53c0591044eb7a8e2362c7f69e80b66b792ff2232a92a7e20b7c1fdb3494a49c797f57ebfb2838b42e58c765b14842746d08a203583ceaabe8aa37f
-
SSDEEP
49152:/0/Zfp588MIlwh97/N7jW/l8dDPreD3wn+3C38ZkAxwDiSeejpSY:EZfs8MPPgD3wn+3uAx/ejpSY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cs2-dumper.exe
Files
-
cs2-dumper.exe.exe windows:6 windows x64 arch:x64
1b0b4fc80b9bf8b23c3d5c9589da1be5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCurrentProcess
RtlCaptureContext
GetCommandLineW
SetFileInformationByHandle
QueryPerformanceCounter
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetConsoleMode
GetConsoleMode
GetStdHandle
GetCurrentProcessId
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
ReleaseSRWLockShared
QueryPerformanceFrequency
AcquireSRWLockExclusive
HeapReAlloc
AcquireSRWLockShared
ReleaseMutex
GetModuleHandleA
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
FormatMessageW
GetFileType
GetCurrentThreadId
InitializeSListHead
WaitForSingleObject
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
GetCurrentThread
GetSystemTimeAsFileTime
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
ReleaseSRWLockExclusive
GetProcessHeap
CloseHandle
Module32Next
Module32First
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
TryAcquireSRWLockExclusive
IsProcessorFeaturePresent
oleaut32
SysStringLen
GetErrorInfo
SysFreeString
advapi32
SystemFunction036
ntdll
RtlNtStatusToDosError
NtReadFile
NtWriteFile
bcrypt
BCryptGenRandom
vcruntime140
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
memcmp
memcpy
memmove
__CxxFrameHandler3
__current_exception
api-ms-win-crt-string-l1-1-0
strlen
api-ms-win-crt-runtime-l1-1-0
_initialize_narrow_environment
_initterm
_initterm_e
exit
_exit
_configure_narrow_argv
__p___argc
__p___argv
_cexit
terminate
_c_exit
_get_initial_narrow_environment
_set_app_type
_crt_atexit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 881KB - Virtual size: 881KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ