pizzahuntmodmanger_527ee[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

pizzahuntmodmanger_527ee.rar
Size

1.3MB
MD5

3d66e8b90f8c356398e6a49e90a0d754
SHA1

faf5d85ef07c663d6d68adcb26c1b5f52964c60a
SHA256

6029e2c400f4f1e93aaf5bb232f31db6e8bafb9fc86ae14ec5e265a8c5a0438f
SHA512

4112cbdb4a462590841102473ba9c909a7c7bed5944bfa9cb38081f149f12383e5b787db462e28c52fee799059d88b6d332d98f6afb55bdb9c1e04e01adebe1d
SSDEEP

24576:gMKOLw68Xh9q0qifrEgHnBAXO2ahaf73Pgv2FLUPV0MvqDtAaW3BfKlqycyJnvZG:g7MIjEbDH3Q2FLvDGL3BCgqBHsD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PizzaHuntModManger/Pizza Tower Mod Manger.exe

Files

pizzahuntmodmanger_527ee.rar
.rar
PizzaHuntModManger/Pizza Tower Mod Manger.exe
.exe windows:6 windows x64 arch:x64

62933b426e6f8d1ce599445c3b89a18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Shadow\Downloads\untitled\target\debug\deps\untitled.pdb

Imports

kernel32

SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
AcquireSRWLockShared
CloseHandle
ReleaseSRWLockShared
GetLastError
Sleep
GetModuleHandleA
GetProcAddress
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetSystemInfo
SetFileInformationByHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
ReleaseMutex
CreateFileW
GetFinalPathNameByHandleW
DuplicateHandle
SwitchToThread
GetConsoleMode
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
InitializeSListHead
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
IsDebuggerPresent
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
GetTempPathW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsProcessorFeaturePresent

advapi32

SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

secur32

AcceptSecurityContext
FreeContextBuffer
DecryptMessage
EncryptMessage
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
InitializeSecurityContextW

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertDuplicateStore

ws2_32

WSAIoctl
setsockopt
send
ioctlsocket
recv
shutdown
getpeername
getsockname
connect
bind
WSASocketW
closesocket
getsockopt
getaddrinfo
freeaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
WSASend

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
NtWriteFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__current_exception_context
__current_exception
memcpy
memset
__C_specific_handler
memmove
memcmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_crt_atexit
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_initterm_e
_configure_narrow_argv
_set_app_type
terminate
__p___argc
_seh_filter_exe
_initialize_onexit_table
_initterm
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62933b426e6f8d1ce599445c3b89a18a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

secur32

crypt32

ws2_32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 296KB - Virtual size: 295KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 296KB - Virtual size: 295KB

.reloc
Size: 23KB - Virtual size: 22KB