62_L4D2V Reborn V0301HF2_11[.]03[.]24[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

62_L4D2V Reborn V0301HF2_11.03.24.zip
Size

1.0MB
MD5

8b5a7fa42fc47e35f995f2a20a68d607
SHA1

9d6295384f45298bc6fc7c0d80e358a6c14efefc
SHA256

5268640aab8189c7c80c1b716bc6083cf1c6eef80d7839678afe54957f14e7a4
SHA512

83798afd179d1f3414ca1f56ea1d7d75e289a7af50ebebb5a33096da1c4265e52a3e7cc1104aac5b1bd6f069a96b6e35969fb19eb046410307d6a6d786a9cd5a
SSDEEP

24576:v2Fk5xOfTSyHDVmsiXfgssrpS0sx+U/4FiolRpt:vUUxMSGfivy9Oxv4X

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MD5 Changer.exe
unpack001/SKernelInjector.exe
unpack001/VR.dll

Files

62_L4D2V Reborn V0301HF2_11.03.24.zip
.zip
MD5 Changer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Ryan\Documents\Visual Studio 2013\Projects\MD5 Changer\md5modify\obj\Debug\MD5 Changer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SKernelInjector.exe
.exe windows:6 windows x86 arch:x86

32378e9e17d975ffb2c8087263b06942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\l4d2\Win32\Release\SKernelInjector.pdb

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

vcruntime140

memset
__std_exception_copy
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__p__commode
__stdio_common_vfprintf

api-ms-win-crt-conio-l1-1-0

_getwch

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
__p___argv
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
__p___argc
_exit
exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm

api-ms-win-crt-string-l1-1-0

strcat_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VR.dll
.dll windows:6 windows x86 arch:x86

968c475d8902e86a25d0408d4185c947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\l4d2\Win32\Release\VR.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
LocalFree
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
CreateFileA
FormatMessageA
SleepEx
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
GetLastError
VerSetConditionMask
FreeLibrary
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GlobalLock
GetModuleFileNameA
VirtualQuery
CreateDirectoryA
MultiByteToWideChar
CreateThread
VerifyVersionInfoW
GetTickCount64
LoadLibraryW
VirtualProtect
GetLocaleInfoEx

user32

FindWindowA
CallWindowProcA
SetWindowLongA
GetActiveWindow
GetAsyncKeyState
GetWindowRect
ReleaseCapture
SetCapture
GetCapture
GetClientRect
ScreenToClient
GetCursorPos
IsChild
GetForegroundWindow
SetCursorPos
ClientToScreen
LoadCursorA
SetCursor
GetDesktopWindow
SetClipboardData
EmptyClipboard
MessageBoxA
OpenClipboard
CloseClipboard
GetKeyState
GetClipboardData

libcef

cef_initialize
cef_do_message_loop_work
cef_shutdown
cef_api_hash
cef_log
cef_browser_host_create_browser_sync
cef_string_map_free
cef_string_utf16_cmp
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_free
cef_string_list_alloc
cef_string_utf8_to_utf16
cef_string_userfree_utf16_free
cef_string_utf16_clear
cef_string_utf16_set
cef_string_map_alloc

sdl2

SDL_free
SDL_GetWindowSize
SDL_GL_GetDrawableSize
SDL_GetPerformanceFrequency
SDL_ShowCursor
SDL_CaptureMouse
SDL_GetGlobalMouseState
SDL_GetWindowPosition
SDL_GetKeyboardFocus
SDL_GetMouseState
SDL_WarpMouseInWindow
SDL_FreeCursor
SDL_Quit
SDL_GetWindowWMInfo
SDL_GetCurrentVideoDriver
SDL_CreateSystemCursor
SDL_GetModState
SDL_DestroyWindow
SDL_SetClipboardText
SDL_GL_DeleteContext
SDL_RaiseWindow
SDL_GL_SwapWindow
SDL_GetPerformanceCounter
SDL_GetWindowFlags
SDL_PollEvent
SDL_GL_SetSwapInterval
SDL_SetCursor
SDL_GL_MakeCurrent
SDL_GL_CreateContext
SDL_CreateWindow
SDL_GL_SetAttribute
SDL_GetBasePath
SDL_GetClipboardText
SDL_GetError
SDL_Init
SDL_SetMainReady

opengl32

glDeleteTextures
glTexImage2D
glPixelStorei
glTexParameteri
glGenTextures
glPopAttrib
glPopMatrix
glDisableClientState
glDrawElements
glBindTexture
glScissor
glColorPointer
glTexCoordPointer
glVertexPointer
glPushAttrib
glGetTexEnviv
glGetIntegerv
glOrtho
glLoadIdentity
glPushMatrix
glTexEnvi
glPolygonMode
glEnableClientState
glDisable
glBlendFunc
glMatrixMode
glViewport
glClearColor
glEnable
glClear

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Query_perf_counter
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QBE_NXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Thrd_sleep
_Xtime_get_ticks
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

xinput1_3

ord2
ord4

bcrypt

BCryptGenRandom

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
_setjmp3
__std_type_info_destroy_list
longjmp
memmove
memchr
_CxxThrowException
memcpy
strchr
memset
_purecall
strstr
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
strrchr

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

remainderf
_CIatan2
_CIfmod
_fdopen
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
roundf

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_cexit
_crt_atexit
_execute_onexit_table
_initterm_e
_beginthreadex
_configure_narrow_argv
_register_onexit_function
terminate
__sys_nerr
__sys_errlist
_initialize_narrow_environment
_errno
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initterm

api-ms-win-crt-stdio-l1-1-0

fputs
__acrt_iob_func
__stdio_common_vfprintf
fgets
_wopen
_lseeki64
fopen_s
fseek
__stdio_common_vsscanf
_close
_wfopen
__stdio_common_vsprintf
ftell
fclose
_get_stream_buffer_pointers
_fileno
_write
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
_read
feof
fwrite
fputc
fread

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_callnewh
realloc

api-ms-win-crt-filesystem-l1-1-0

_unlink
_fstat64
_unlock_file
_lock_file
_wstat64
_waccess

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcpy_s
_wcsdup
strcspn
wcspbrk
strpbrk
strspn
_strdup

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
atof
strtoll
wcstombs

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
setsockopt
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAIoctl
socket
htons
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
listen
getsockopt
WSAWaitForMultipleEvents

wldap32

ord79
ord142
ord167
ord127
ord27
ord133
ord301
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord147

advapi32

CryptAcquireContextW
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptDestroyKey
CryptEncrypt

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 558.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 173KB - Virtual size: 172KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 12B

32378e9e17d975ffb2c8087263b06942

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 608B

968c475d8902e86a25d0408d4185c947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

libcef

sdl2

opengl32

msvcp140

imm32

xinput1_3

bcrypt

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

wldap32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 291KB - Virtual size: 558.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 173KB - Virtual size: 172KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 291KB - Virtual size: 558.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 80KB - Virtual size: 80KB