Release[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Release.7z
Size

220KB
MD5

c83e63cb5d41d3a1d718da2648fc2082
SHA1

ce03441afb235986e046a5d8354554be60696cd9
SHA256

e5b20704d636fd566ecdd037875d05d0a32c53908a011d089fc7d21cc4d00765
SHA512

90cd18aa2d1918b950245067680d7af119f00e10be6ebda2232cf736111a356cecd79728d39af3d029b757e49697519a7866276bcc06fc52740c305576a42165
SSDEEP

6144:C/Ux0fwKsJnlbt6V7bK0d5HcZ6kDYuRP/EM+:C/tfwKsrbIpKEHcgEP/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PixelGunCheat.dll
unpack001/minhook.x64.dll

Files

Release.7z
.7z
PixelGunCheat.dll
.dll windows:6 windows x64 arch:x64

589b2c3a88d4ab34e013cdbd7d5457fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\Stuff\Git\PixelGunCheatInternal\x64\Release\PixelGunCheat.pdb

Imports

kernel32

GetStdHandle
DisableThreadLibraryCalls
AllocConsole
SetConsoleTitleW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
SetConsoleTextAttribute
WideCharToMultiByte
GetProcAddress
CreateThread
CloseHandle
AreFileApisANSI
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
Sleep
GetModuleHandleA
GetModuleFileNameW
CreateDirectoryW

user32

TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetCapture
SetCapture
ReleaseCapture
IsWindowUnicode
GetForegroundWindow
SetCursor
LoadCursorA
GetKeyboardLayout
GetDesktopWindow
GetWindowRect
GetActiveWindow
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetCursorPos
SetCursorPos
ShowCursor
PostQuitMessage
GetClientRect
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetAsyncKeyState
CallWindowProcW
MapVirtualKeyW
SetWindowLongPtrW
ScreenToClient

minhook.x64

MH_RemoveHook
MH_DisableHook
MH_EnableHook
MH_CreateHook
MH_Initialize

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

d3dcompiler_47

D3DCompile

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strrchr
memcpy
memset
memchr
memcmp
memmove
strstr
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fflush
freopen_s
__stdio_common_vsscanf
fputc
_get_stream_buffer_pointers
__stdio_common_vsprintf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vfprintf
fopen_s
ftell
fwrite
_wfopen
__acrt_iob_func
fgetc
fclose
fseek

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

atof
strtof
strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_initterm
_errno
_cexit
_invalid_parameter_noinfo_noreturn
_beginthreadex
abort
_seh_filter_dll
_configure_narrow_argv
terminate
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

sinf
cosf
fmodf
acosf
sqrtf
log
ceilf
logf
pow
powf
sqrt

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
minhook.x64.dll
.dll windows:6 windows x64 arch:x64

046dd69cd6f1b6a025778e13f45e9be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Patrick\scoop\apps\vcpkg\current\buildtrees\minhook\x64-windows-rel\minhook.x64.pdb

Imports

kernel32

GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
CloseHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlCaptureContext

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table

Exports

Exports

MH_ApplyQueued
MH_CreateHook
MH_CreateHookApi
MH_CreateHookApiEx
MH_DisableHook
MH_EnableHook
MH_Initialize
MH_QueueDisableHook
MH_QueueEnableHook
MH_RemoveHook
MH_StatusToString
MH_Uninitialize

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

589b2c3a88d4ab34e013cdbd7d5457fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

minhook.x64

msvcp140

d3dcompiler_47

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

046dd69cd6f1b6a025778e13f45e9be3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 948B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 948B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 44B