2024-03-08_da7940ce968a02063a61da90a692ae5f_darkside

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-08_da7940ce968a02063a61da90a692ae5f_darkside
Size

577KB
MD5

da7940ce968a02063a61da90a692ae5f
SHA1

b6745828120c4bf0b1bd3f1e3f008143dcabdbb5
SHA256

650e77cc2247230c38c146c2464953ed1d59229dbc2580d20867fc2f18617b31
SHA512

aeca4ffb7a63d6c1a4a5dd98f2150af1c7bdf16ba18d4af1cff156a5c5dad627fa2cea74c1b9b8f3806e28ea4300c672394b7c932182e4f5ee91fc1a4e580589
SSDEEP

6144:WtvL5ckpcL/ZZKP64REXZrZOwmN2RvKPGL7ZXCU:WCt4qXZc2RvzBt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-08_da7940ce968a02063a61da90a692ae5f_darkside

Files

2024-03-08_da7940ce968a02063a61da90a692ae5f_darkside
.exe windows:5 windows x86 arch:x86

e679c41977b941d08b0ec6449f924c9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\My\CM\CheatMaker\Release\Runner.pdb

Imports

mfc90u

ord4653
ord959
ord2614
ord2637
ord2632
ord3234
ord3492
ord436
ord686
ord2100
ord1688
ord1769
ord2103
ord1601
ord4510
ord2277
ord1668
ord4654
ord3497
ord616
ord4492
ord2595
ord2470
ord4815
ord1313
ord4543
ord3528
ord654
ord1678
ord1779
ord1708
ord3627
ord750
ord2286
ord1786
ord1722
ord4663
ord3278
ord3661
ord785
ord4268
ord404
ord4159
ord814
ord1250
ord1254
ord6096
ord613
ord337
ord2593
ord1063
ord1248
ord1088
ord3741
ord3749
ord6187
ord3488
ord3543
ord2106
ord1183
ord333
ord2592
ord4044
ord692
ord595
ord3562
ord3286
ord5664
ord4657
ord1493
ord6411
ord3355
ord1695
ord1602
ord2105
ord6791
ord1488
ord2081
ord5867
ord2479
ord2504
ord5979
ord4405
ord4519
ord1333
ord1108
ord1137
ord4442
ord935
ord2537
ord310
ord601
ord818
ord1608
ord305
ord3221
ord285
ord3220
ord1607
ord266
ord899
ord2676
ord6164
ord277
ord4494
ord12404
ord13194
ord9972
ord10457
ord10304
ord13136
ord12165
ord12617
ord7766
ord9965
ord1666
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord8452
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord4681
ord9272
ord1599
ord2597
ord3399
ord2209
ord664
ord405
ord2490
ord665
ord406
ord1113
ord1098
ord4211
ord663
ord7332
ord7138
ord4043
ord4967
ord813
ord811
ord296
ord280
ord265
ord799
ord5632
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord2275
ord4508
ord4934
ord611
ord3489
ord4652
ord1665
ord2274
ord1354
ord3537
ord1581
ord5939
ord6697
ord6013
ord290
ord1314
ord2326
ord2478
ord3515
ord1486
ord4741
ord4398
ord3953
ord4351
ord2725
ord4131
ord6203
ord6579
ord2360
ord6065
ord4530
ord4527
ord6604
ord6311
ord1603
ord4774
ord6577
ord5194
ord744
ord524
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord778
ord3654
ord4660
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord4702
ord2069
ord4631
ord5008
ord4000
ord639
ord374
ord3794
ord286
ord1719
ord2283
ord316
ord821
ord2082
ord2481
ord4521
ord4448
ord812
ord1272
ord600
ord4265
ord801

msvcr90

_CxxThrowException
memcpy
__RTDynamicCast
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_purecall
_gcvt_s
_wtof
_wtoi
_wcsicmp
strcpy_s
_beginthreadex
calloc
_recalloc
vsprintf_s
_itoa_s
atol
strtol
memmove_s
wcstoul
_msize
ftell
realloc
malloc
toupper
free
fread
fseek
fclose
fwrite
_wfopen_s
memcpy_s
?what@exception@std@@UBEPBDXZ
wcscpy_s
exit
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3

kernel32

UpdateResourceW
EndUpdateResourceW
MulDiv
VirtualQueryEx
ReadProcessMemory
BeginUpdateResourceW
WriteProcessMemory
lstrlenW
WideCharToMultiByte
CreateEventW
GlobalLock
GlobalUnlock
GlobalFree
ResumeThread
GlobalAlloc
LoadResource
SizeofResource
LockResource
WaitForSingleObject
SetEvent
lstrcpyW
GetProcAddress
LoadLibraryW
SetLastError
TerminateThread
CreateThread
ExitThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
CreateFileW
CopyFileW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
GetLastError
GetModuleHandleW
FindResourceW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesW
GetLocalTime
QueryPerformanceCounter
LocalFree
FormatMessageW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
MultiByteToWideChar
lstrlenA
FreeLibrary
ResetEvent

user32

GetWindowLongW
InvalidateRect
SetTimer
IsRectEmpty
GetActiveWindow
CopyImage
CloseWindow
BringWindowToTop
LoadIconW
DestroyIcon
GetFocus
GetNextDlgTabItem
PostMessageW
GetSystemMetrics
GetWindowRect
SetParent
PtInRect
SetActiveWindow
GetWindowTextW
GetClassNameW
EnumWindows
GetWindowThreadProcessId
GetParent
IsWindowVisible
SetWindowLongW
IsWindow
SetRect
CreateIconFromResource
CreateIconFromResourceEx
FillRect
GetSysColor
CopyRect
DrawFocusRect
SendMessageW
ReleaseDC
GetDC
GetKeyState
GetDesktopWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW
EnableWindow
SetLayeredWindowAttributes
KillTimer

gdi32

CreateFontIndirectW
SelectObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
DeleteDC
SetStretchBltMode
StretchBlt
CreatePatternBrush
GetObjectW
GetStockObject
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
GetDeviceCaps

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

comctl32

InitCommonControlsEx

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp90

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules
EnumProcesses

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e679c41977b941d08b0ec6449f924c9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

msvcp90

psapi

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 10KB - Virtual size: 16KB

.rsrc Size: 289KB - Virtual size: 288KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 16KB

.rsrc
Size: 289KB - Virtual size: 288KB