z:\interception-api\library\objfre_win7_amd64\amd64\interception.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Release_[unknowncheats.me]_.zip
Resource
win10v2004-20240226-en
General
-
Target
Release_[unknowncheats.me]_.zip
-
Size
188KB
-
MD5
7b47481e67b0b2480f6401c833807f77
-
SHA1
8c7d297bff32b6e1b3d20bfd51689020837f9f43
-
SHA256
5c0da1c6f8e92e54ca122e4975b4a954bd47d7fb9680dd226ce2b2b196d453aa
-
SHA512
f141db0a8aa5d075bb964d2a7617ecb1f4674bbad4dc43dfb3a6bd387e5bb9087b1bd6b3151e7113549b7dabbde0089cc1af99e8fe4639ba3910e2ea0055f839
-
SSDEEP
3072:xm+N/d2fVJVQH709MKUFq0iWZqJxEwwdYKaPQ0i3W8V7JrK69DqI/7CMzPtRqXvO:s+f2fV+709MJqRWZq7EdYXP83W8ZJrKq
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Release/BlueFireColorbot.exe unpack001/Release/interception.dll
Files
-
Release_[unknowncheats.me]_.zip.zip
-
Release/BlueFireColorbot.exe.exe windows:6 windows x64 arch:x64
f8c7941c643ea174d0b83262fca01412
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d9
Direct3DCreate9
kernel32
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Sleep
GetModuleHandleW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalUnlock
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CloseHandle
user32
ReleaseCapture
GetClientRect
SetCursor
SetCapture
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ScreenToClient
DefWindowProcW
DestroyWindow
GetCursorPos
CreateWindowExW
SendMessageW
UnregisterClassW
RegisterClassExW
ShowWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
TranslateMessage
LoadIconW
FindWindowW
PostQuitMessage
UpdateWindow
SetCursorPos
ReleaseDC
LoadCursorW
GetDC
GetKeyState
ClientToScreen
IsChild
GetForegroundWindow
GetCapture
gdi32
GetDeviceCaps
BitBlt
interception
interception_create_context
interception_send
interception_set_filter
interception_is_mouse
interception_wait
interception_receive
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
msvcp140
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
d3d11
D3D11CreateDevice
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
_CxxThrowException
__current_exception
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memcmp
memchr
strstr
__std_terminate
memmove
memcpy
__current_exception_context
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
ftell
_get_stream_buffer_pointers
__p__commode
_fseeki64
fsetpos
fclose
ungetc
setvbuf
fgetpos
_set_fmode
fgetc
fflush
fputc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fseek
api-ms-win-crt-string-l1-1-0
isspace
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
_callnewh
malloc
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-runtime-l1-1-0
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_cexit
_initialize_narrow_environment
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-math-l1-1-0
tan
sqrt
sinf
powf
pow
logf
log
sqrtf
acosf
fmodf
floorf
cosf
ceilf
atan
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 244KB - Virtual size: 243KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/interception.dll.dll windows:6 windows x64 arch:x64
fc13c2509303a1017f557c2e52abb49d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
sprintf
kernel32
DeviceIoControl
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
CreateEventA
WaitForMultipleObjects
CloseHandle
Sleep
QueryPerformanceCounter
Exports
Exports
interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ