Resubmissions
11-04-2024 01:27
240411-bt4tnsbf6s 3Static task
static1
General
-
Target
CS DUMPER_[unknowncheats.me]_.zip
-
Size
753KB
-
MD5
84699abe05f9f090f730ff0ddc6ae700
-
SHA1
a82b9f46239d2e154efc0c64d1f520c53d5af459
-
SHA256
dc871ff1d2467ff374aa8f5ac91c5402b5a02f4cb8f50f223356bd6f9e19b8a7
-
SHA512
998f1fc3d7e493076bebc6ac4c69cac0cf7f168b0d40b36f1472606667836ce3e961726ffb4c03b1bcee91cb2dfb25d3c0baaa8f5064398191a2d72255a038db
-
SSDEEP
12288:4Cnj37YCvmqhRSVMvXMTZYyKRoRAmuW4Qu3A3GSIseI9r2HgYVFRldYyyWTHxUUk:4Cnj373EiUNKRvWaDseI9KgYLFVTRUUk
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/cs2-dumper.exe
Files
-
CS DUMPER_[unknowncheats.me]_.zip.zip
-
config_win.json
-
cs2-dumper.exe.exe windows:6 windows x64 arch:x64
76f5b4d4d12ab9d975eafef7f7da9ba3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
bcryptprimitives
ProcessPrng
kernel32
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
WaitForSingleObject
GetFileInformationByHandleEx
GetCurrentThreadId
GetFullPathNameW
CreateDirectoryW
ExitProcess
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
LocalFree
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleA
Sleep
WriteProcessMemory
ReadProcessMemory
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
OpenProcess
K32GetModuleInformation
K32GetModuleFileNameExA
IsDebuggerPresent
UnhandledExceptionFilter
K32EnumProcessModulesEx
VirtualQueryEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
GetProcAddress
LoadLibraryExW
SetThreadErrorMode
FindFirstFileW
FindClose
FindNextFileW
GetSystemTimePreciseAsFileTime
CloseHandle
lstrlenW
SetUnhandledExceptionFilter
GetModuleFileNameW
SetLastError
GetCommandLineW
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleMode
GetStdHandle
HeapReAlloc
GetLastError
QueryPerformanceCounter
HeapFree
MultiByteToWideChar
GetFileInformationByHandle
IsProcessorFeaturePresent
api-ms-win-core-synch-l1-2-0
WakeByAddressAll
WaitOnAddress
WakeByAddressSingle
shell32
SHGetKnownFolderPath
ole32
CoTaskMemFree
ntdll
RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtQueryInformationProcess
oleaut32
GetErrorInfo
advapi32
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
user32
GetKeyState
GetKeyboardState
vcruntime140
memcpy
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memset
memmove
memcmp
__CxxFrameHandler3
api-ms-win-crt-string-l1-1-0
strlen
api-ms-win-crt-math-l1-1-0
ceilf
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
terminate
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_configure_narrow_argv
_set_app_type
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 437KB - Virtual size: 436KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ