05-04-2024_oUPr3kjs04BqB2h[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

05-04-2024_oUPr3kjs04BqB2h.zip
Size

2.4MB
MD5

4c750c93009c09faa2e489f6483f469d
SHA1

1a947e3a7bbdbcd1062d5ae2fb979dc303c3bf50
SHA256

d15c3bd94ab93ebb95c7094c4c5486ee3c1bf8381a52d2c089c9158a4e2e3db1
SHA512

f44bda12e3d8314f520977b105c7f5c2b42e8191b7a494c828ac9c5f3e7385278c9681db34c255ce6953056fc3bb64a9bf9f3bbf043c6be89c1dbef5b46c21bd
SSDEEP

49152://bKD3dx1QK+QukME5KKTaFkBJE7Iy9nIpH7LSVNepgHFHx:HbKD3KvQukME5ZBJEn9nA7L1glHx

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/guabi.dll
unpack001/pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/kd64.exe
unpack001/pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/pubg.dll
unpack001/pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/start.exe
unpack001/pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/yy.exe

Files

05-04-2024_oUPr3kjs04BqB2h.zip
.zip

Password: 123
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/Free Hacks for Games.url
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/OffSet.ini
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/guabi.dll
.dll windows:6 windows x64 arch:x64

Password: 123

0ff5cf82d5071bc7193ced3b4f2508d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
GetTickCount64
CloseHandle
GetCurrentProcess
CreateThread
GetThreadContext
ExitProcess
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
SetThreadContext
OpenThread
MultiByteToWideChar
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
RaiseException
WriteConsoleW
CreateFileW
VirtualProtect
FreeLibrary
GetProcAddress
DeleteCriticalSection
LoadLibraryA
GetLastError
InitializeCriticalSection
LeaveCriticalSection
K32GetModuleInformation
EnterCriticalSection
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
HeapSize
SetStdHandle
SetFilePointerEx
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
HeapCreate
HeapFree
HeapReAlloc
HeapAlloc
FlushInstructionCache
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
EncodePointer

user32

SetRect
FillRect
wsprintfW
GetSystemMetrics
MessageBoxA

gdi32

CreateSolidBrush
GetCurrentObject
GetObjectA
DeleteObject

d3dcompiler_47

D3DCompile

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Exports

Exports

FW1CreateFactory

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/kd64.exe
.exe windows:6 windows x64 arch:x64

Password: 123

e5781e29f48709c9d0dbaf1702eff9ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\kuangcao\Desktop\kdmapper-win11\x64\Release\kdmapper.pdb

Imports

kernel32

GetCurrentThreadId
GetModuleHandleA
GetLastError
CloseHandle
GetProcAddress
CreateFileW
GetCurrentProcessId
OutputDebugStringW
CreateFileA
SetUnhandledExceptionFilter
GetTempPathW
EnterCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeCriticalSectionEx
VirtualAlloc
DeviceIoControl
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

MessageBoxW

advapi32

RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

msvcp140

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
_CxxThrowException
memcpy
__current_exception
__C_specific_handler
memset
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove

api-ms-win-crt-stdio-l1-1-0

fflush
fputc
fclose
fwrite
__p__commode
_set_fmode
fgetpos
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetc

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_wremove
_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

_wcsicmp
_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_register_onexit_function
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
terminate
_configure_wide_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/pubg.dll
.dll windows:6 windows x64 arch:x64

Password: 123

960cf2628d86d86ebc18b881711084c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\2022-beifen\pubg_dll\x64\Release\pubg.pdb

Imports

kernel32

CloseHandle
ReadProcessMemory
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenFileMappingW
GetCurrentProcess
OutputDebugStringA
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent

user32

GetSystemMetrics

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/readme.txt
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/start.exe
.exe windows:6 windows x64 arch:x64

Password: 123

678a8a3223a6b46164c7c497bdfc58bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vm\Downloads\SRC\x64\Release\login_apex.pdb

Imports

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
LCMapStringEx
OutputDebugStringW
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
GetUserDefaultLCID
GetTempFileNameA
GetWindowsDirectoryA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
TerminateProcess
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
SearchPathA
GetProfileIntA
GetTickCount
GetCPInfo
GetOEMCP
VirtualProtect
GetTempPathA
FileTimeToSystemTime
GetACP
GetThreadLocale
lstrcmpiA
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
GetFileSize
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
FindResourceA
GlobalFree
GlobalUnlock
GlobalAddAtomA
GetCurrentProcessId
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleW
GetModuleHandleA
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExA
GetCurrentThread
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
SetLastError
ResumeThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
SetEvent
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
WriteProcessMemory
IsWow64Process
GetPrivateProfileIntA
MapViewOfFile
WinExec
ExitProcess
CloseHandle
Process32Next
CreateFileA
GetFileAttributesA
Sleep
CreateToolhelp32Snapshot
OpenProcess
OpenFileMappingW
CreateMutexA
OutputDebugStringA
GetCurrentProcess
Process32First
GetModuleFileNameA
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
SetFilePointerEx
SizeofResource
RtlUnwind

user32

GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
MonitorFromPoint
SetParent
CopyImage
LoadImageW
LoadImageA
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IntersectRect
GetMenuItemInfoA
DestroyMenu
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
EqualRect
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetCapture
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
GetClassNameA
InvalidateRect
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoA
SystemParametersInfoA
LoadCursorW
LoadCursorA
CopyRect
SetRectEmpty
SetClassLongPtrA
GetClassInfoA
DefWindowProcA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetUpdateRect
RealChildWindowFromPoint
WaitMessage
UnregisterClassA
EnableWindow
IsIconic
GetClientRect
AppendMenuA
GetMenuState
GetMenuStringA
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
UnhookWindowsHookEx
PtInRect
ScreenToClient
ClientToScreen
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetLastActivePopup
ReleaseCapture
SetTimer
KillTimer
LoadMenuW
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
SetCursorPos
SetRect
UnionRect
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
GetWindowThreadProcessId
GetWindowLongA
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
ModifyMenuA
IsChild
SendMessageA
LoadIconW
MessageBoxA
DrawIcon
GetSystemMetrics
GetSystemMenu
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
RegisterWindowMessageA
DrawEdge
DrawFrameControl
GetFocus
DrawStateA
SetWindowRgn
RedrawWindow
GetWindowRect
MapWindowPoints
GetSysColor
GetSysColorBrush
DrawFocusRect
FillRect
InflateRect
OffsetRect
IsRectEmpty
GetParent
DrawIconEx
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
IsWindowEnabled
UpdateLayeredWindow
CharNextA
CopyAcceleratorTableA
DestroyAcceleratorTable
InvalidateRgn
GetNextDlgGroupItem
GetKeyboardLayout
InvertRect
HideCaret
GetKeyboardState
GetWindowRgn
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
CharUpperBuffA
RegisterClipboardFormatA
SubtractRect
GetKeyNameTextA
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
SetLayeredWindowAttributes
ToAsciiEx

gdi32

CreateCompatibleDC
CreatePen
CreatePatternBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
CreateBitmap
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectA
EnumFontFamiliesA
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
GetRgnBox
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
BitBlt
GetDeviceCaps
CreateDCA
CopyMetaFileA
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
SetWindowExtEx
DeleteDC
CombineRgn

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
LookupPrivilegeValueA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
OpenProcessToken
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AdjustTokenPrivileges

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHAppBarMessage
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathIsUNCA
PathFindFileNameA

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
IsAppThemed

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoInitializeEx
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoDisconnectObject
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocString
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pubg_pc_hack_cheater.fun_/pubg_pc_hack_cheater.fun/yy.exe
.exe windows:6 windows x64 arch:x64

Password: 123

00ff0c1305084c912480b3ef0c1b27eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\kuangcao\Desktop\pubg\pubg_injector\x64\Release\pubg_injector.pdb

Imports

kernel32

CloseHandle
GetProcAddress
Process32First
GetCurrentProcess
LoadLibraryA
CreateFileA
Process32Next
DeviceIoControl
GetModuleHandleA
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
GetLastError
Sleep
CreateToolhelp32Snapshot
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
QueryPerformanceCounter
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetEvent
GetCurrentThread
GetThreadTimes
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
RtlUnwind

user32

GetForegroundWindow
ShowWindow
MessageBoxA

advapi32

OpenProcessToken
GetTokenInformation

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

0ff5cf82d5071bc7193ced3b4f2508d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

d3dcompiler_47

ntdll

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 6KB - Virtual size: 40KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

Password: 123

e5781e29f48709c9d0dbaf1702eff9ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 172B

Password: 123

960cf2628d86d86ebc18b881711084c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 300B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 24B

Password: 123

678a8a3223a6b46164c7c497bdfc58bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 6KB - Virtual size: 40KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 300B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 561KB - Virtual size: 561KB

.data
Size: 32KB - Virtual size: 61KB

.pdata
Size: 90KB - Virtual size: 89KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 61KB - Virtual size: 60KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB