SotCam_[unknowncheats[.]me]_[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SotCam_[unknowncheats.me]_.zip
Size

625KB
MD5

84efdab3ed4fbd289279e930165c8010
SHA1

5215919ccd80b9842964c50cd99bf13775dd6958
SHA256

a1f8d00991163b451f4c83abd1518bce6b2d20e48f1837ea59a8c8ab82ffa763
SHA512

3a2ec86ddabc0d6571834adf30e4027871c0958d25191b0c490e55b81be6d22459940ffebc95af54337e12325ecb471aa15253a640341ce2233ef11c2582989d
SSDEEP

12288:0BXjMxzRDxn3hlcvoO7X7ros/Tntpx871N1pgNI9PGePWvQ42qa34FY4pmKvqTDZ:0WxzRd3Y3ros/T5m1NbOI9uNvQqa34YB

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SotCam 3.0.4.dll
unpack001/SotCamLoader.exe

Files

SotCam_[unknowncheats.me]_.zip
.zip
SotCam 3.0.4.dll
.dll windows:6 windows x64 arch:x64

db6e102dfac477c6bab0e74bb9741417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\psp\Desktop\SotCam\SotCam\x64\Release\SotCam.pdb

Imports

msvcp140

?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_FExp
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Winerror_map@std@@YAHH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

user32

SetWindowLongPtrW
SetWindowLongPtrA
MessageBoxW
GetAsyncKeyState
CallWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SendInput

kernel32

TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
GetModuleFileNameW
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
WriteFile
ReadFile
CreateFileW
FreeConsole
AllocConsole
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
Sleep
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
VirtualQuery
VirtualFree
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
GetProcAddress
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
K32GetModuleInformation
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
AreFileApisANSI
GetLastError
HeapCreate
GetThreadContext
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

vcruntime140

__current_exception_context
__std_type_info_destroy_list
__C_specific_handler
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception
memchr
memcmp
memcpy
memmove
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
system
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initterm_e
_beginthreadex
_cexit
terminate

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp
towlower
isdigit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc

api-ms-win-crt-math-l1-1-0

copysignf
ilogbf
scalbnf
truncf
pow
atan2f
cos
cosf
logf
powf
sin
sinf
sqrtf
tanf
log
_fdsign
acosf
fmodf
ldexp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fread
_wfopen
__stdio_common_vsprintf_s
freopen_s
fclose
fflush
__stdio_common_vsscanf
fwrite
ftell
fseek
__stdio_common_vsprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SotCamLoader.exe
.exe windows:6 windows x64 arch:x64

2f69e9ae88b384921ffe26c4c318b5b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Module32Next
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
TerminateProcess
LoadLibraryW
VirtualAllocEx
LocalFree
CreateRemoteThread
VirtualFreeEx
GetSystemTimeAsFileTime
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
CloseHandle
WriteProcessMemory
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
FormatMessageA
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memchr
memset
__current_exception_context
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf
fflush

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
exit

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db6e102dfac477c6bab0e74bb9741417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_47

xinput1_4

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 578KB - Virtual size: 577KB

.rdata Size: 489KB - Virtual size: 488KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 464B

2f69e9ae88b384921ffe26c4c318b5b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 168B

.text
Size: 578KB - Virtual size: 577KB

.rdata
Size: 489KB - Virtual size: 488KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 168B