AridekVM-Permanted-Hwid-Spoofer-Changer-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

AridekVM-Permanted-Hwid-Spoofer-Changer-main.zip
Size

2.6MB
MD5

96a4709352a3ffe8980a281dcddeeb56
SHA1

b67f25b07c5d24c69f497e962d1c926475d99c45
SHA256

7c234430fd1c5eb32070d34f5e924e41cbc758b5ad03138168109a48a74fc986
SHA512

4d06086b2fce79b7a6ed98da290412639d69fcdefc5d4c02f1629cf14ebda4b9d30a88c994d6aec307714b9c687a6a5bacd9983cace3435ce6ade43c4e1a1ea7
SSDEEP

49152:PZGNNDG7gMhdW4ESmPbf9QqKMh/4ef0c6IcT8kV7T+1kieCLVqbZdeMkd7kOqbZK:PgmPk9QqKMa3c6IBkVX+GCLVqbZsMkdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x64.dll
unpack001/AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x86.dll

Files

AridekVM-Permanted-Hwid-Spoofer-Changer-main.zip
.zip
AridekVM-Permanted-Hwid-Spoofer-Changer-main/.github/FUNDING.yml
AridekVM-Permanted-Hwid-Spoofer-Changer-main/.github/workflows/main.yml
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/dllmain.obj
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.Build.CppClean.log
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.dll.recipe
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.log
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.pch
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/CL.command.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/CL.read.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/CL.write.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/enoxus.lastbuildstate
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/link.command.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/link.read.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Debug/enoxus.tlog/link.write.1.tlog
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/HWID Spoofer Resou‮nls..scr
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58
Signer

Actual PE Digest

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\UNKNOWN\Desktop\projeSLNv2 beta\VisualStudio\obj\Debug\VisualStudio.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Program.cs
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/Spoofers.cs
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/dllmain.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/framework.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/include/MinHook.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x64.dll
.dll windows:5 windows x64 arch:x64

1421f4ff18ec2193e24871829e161edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x64.lib
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x86.dll
.dll windows:5 windows x86 arch:x86

5fd0d15ca0d62f378f328577ffc00bd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
InterlockedCompareExchange
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x86.lib
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/mac.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/HWID Spoofer Resou‮nls..scr
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58
Signer

Actual PE Digest

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\UNKNOWN\Desktop\projeSLNv2 beta\VisualStudio\obj\Debug\VisualStudio.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/data.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/driver.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/intel_driver.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/intel_driver.hpp
.js
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/intel_driver_resource.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/kdmapper.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/kdmapper.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/mac.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/main.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/main.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/nt.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/portable_executable.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/portable_executable.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/service.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/service.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/utils.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/utils.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/nt.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/packages.config
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/pch.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/pch.h
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/portable_executable.cpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/portable_executable.hpp
AridekVM-Permanted-Hwid-Spoofer-Changer-main/LICENSE
AridekVM-Permanted-Hwid-Spoofer-Changer-main/LOG
AridekVM-Permanted-Hwid-Spoofer-Changer-main/README.md

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 301KB - Virtual size: 301KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 12B

1421f4ff18ec2193e24871829e161edf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 336B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

5fd0d15ca0d62f378f328577ffc00bd5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 404B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 301KB - Virtual size: 301KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58
Signer

.text
Size: 301KB - Virtual size: 301KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 336B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 404B

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

30:6b:11:42:5f:1c:2a:44:77:d4:5e:a4:fd:56:de:32:e4:8e:d8:23:67:c5:80:3b:43:de:7a:bf:2d:4d:e1:58
Signer

.text
Size: 301KB - Virtual size: 301KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 12B