6e66d879fcaf98f9e32d67ed149c582f[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

6e66d879fcaf98f9e32d67ed149c582f.dll
Size

2.6MB
MD5

6e66d879fcaf98f9e32d67ed149c582f
SHA1

59358afe3ee3e0c02469eeb18c955baab2128cd2
SHA256

319c0d574084ae0f07bab6f4c386a274e5c2237a30364d454c57062f4cb52251
SHA512

db1091cbb6c3188bdc3f715c348c259891e54248eeb9a3b69494adbf0643f5e049acc2e75c0685d6c6e8ba3d1fbd3dd7d7b64558bfc52dfb71bdb9299cc64450
SSDEEP

49152:mSmtOWNP8ccsHcz8OjXn/Ve+CwteUfrhh+h8ccsHcz8OjXn/Ve+CwteUfrhh+bk:qNP8i8w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e66d879fcaf98f9e32d67ed149c582f.dll

Files

6e66d879fcaf98f9e32d67ed149c582f.dll
.dll windows:5 windows x86 arch:x86

4a184a776eec19e076437c49798daa09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SS2\Source\Source\GameGuard\Release\1. GetLicense\Cheat.pdb

Imports

kernel32

QueryPerformanceCounter
SetThreadPriority
WaitForMultipleObjects
CreateMutexA
GetLastError
UnmapViewOfFile
CreateFileW
GetFileInformationByHandle
CreateFileMappingA
MapViewOfFile
SetFilePointer
CreateDirectoryA
TerminateProcess
GetFullPathNameA
GetCurrentProcessId
OpenMutexA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
GetCurrentThreadId
VirtualQuery
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
LoadLibraryA
WinExec
QueryPerformanceFrequency
GetVersionExA
GlobalMemoryStatusEx
DeviceIoControl
GetCurrentProcess
TryEnterCriticalSection
VirtualProtect
GetLogicalDriveStringsW
QueryDosDeviceW
SetEvent
CreateEventA
SetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
InterlockedCompareExchange
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
DecodePointer
EncodePointer
OpenProcess
Sleep
GetModuleHandleA
GetProcAddress
GetLocalTime
GetTickCount
DeleteFileA
WriteFile
ReadFile
GetFileSize
CreateFileA
GetCurrentThread
OpenFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
TerminateThread
SetFileAttributesA
CreateThread

user32

SetWindowsHookExA
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
GetWindowThreadProcessId
FindWindowA
GetWindowLongA
SetWindowLongA
UnregisterClassA
GetForegroundWindow
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadImageA
EndPaint
GetClientRect
BeginPaint
PostQuitMessage
DefWindowProcA
ReleaseDC
GetDC
GetWindowRect
GetDesktopWindow
GetSystemMetrics
wsprintfW
wsprintfA
SendMessageA
UnhookWindowsHookEx
CallNextHookEx
MessageBoxA

gdi32

SetTextColor
TextOutA
SetBkMode
GetObjectA
CreateFontA
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA

ole32

CreateStreamOnHGlobal

msvcp100

?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??Bid@locale@std@@QAEIXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

shlwapi

SHDeleteKeyA
PathRemoveFileSpecW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipGetImageEncoders
GdipDisposeImage

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
getpeername
WSAStartup
ntohs
WSACreateEvent
htons
inet_addr
gethostbyname
connect
WSAGetLastError
WSAEventSelect
WSACloseEvent
recv
send
socket
closesocket

psapi

GetModuleInformation
GetProcessImageFileNameW
EnumProcesses
EnumProcessModules
GetModuleFileNameExA

dbghelp

ImageRvaToSection

msvcr100

malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
memset
memcpy
wcsrchr
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
fgetc
ungetc
fwrite
fputc
_unlock_file
_lock_file
_stricmp
wcscpy_s
mbstowcs
vsprintf_s
strcpy_s
_itoa
wcsstr
system
strstr
sprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
sprintf_s
remove
??_V@YAXPAX@Z
rand
memmove
free
_CxxThrowException
fopen_s
fclose
fread
_wfopen_s
??3@YAXPAX@Z

wininet

InternetOpenA
FtpCreateDirectoryA
InternetConnectA
FtpPutFileA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

Exports

Exports

EntryProc

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a184a776eec19e076437c49798daa09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcp100

shlwapi

gdiplus

ws2_32

psapi

dbghelp

msvcr100

wininet

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 1.0MB - Virtual size: 1.1MB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 1.0MB - Virtual size: 1.1MB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 16KB - Virtual size: 16KB