Neverlose[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Neverlose.zip
Size

6.0MB
MD5

e28d70716965ab37369b92a081f99b20
SHA1

bc58ab38d25287201bb11f8c3460520424eb6581
SHA256

0f358140c36211eddf11aad28e893a8691b31e867e26c79b46dc7dffadb53d71
SHA512

0bbecc17004837985462f591812feeb96b6b29da00de46f12b994d2125acfd4a0a363a4b554096f53e778fc5bab54a83a91827926a95366ed87f67b1f369d5e5
SSDEEP

98304:nkMwRa8oBKkXiiXnAJRZ/RjQeHwbp1YecgggQpRX0zK6tXHp1pRuhjZTIK/1kmEa:kMwRpoBKkyiXMXJjQCw8DXGK6hHp1LyB

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Neverlose.crack.exe
unpack001/zeer64.dll

Files

Neverlose.zip
.zip

Password: 123
Neverlose.crack.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

oOZ$ZzO
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
info.docx
.docx office2007
saved/FrameXML.log
saved/connection.log
saved/cpu.log
saved/skins.cfg
zeer64.dll
.dll windows:6 windows x86 arch:x86

Password: 123

c8d68dbdd4ce954b2c649addde015a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\!!!rawetrip imgui render\release\legendware.pdb

Imports

ws2_32

WSACleanup
closesocket
getaddrinfo
WSAGetLastError
send
socket
connect
recv
freeaddrinfo
WSAStartup

kernel32

CreateDirectoryA
VirtualProtect
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
MultiByteToWideChar
GetWindowsDirectoryA
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
WriteProcessMemory
GetCurrentProcess
FreeConsole
CreateThread
GetModuleHandleA
K32GetModuleInformation
GlobalAlloc
EnterCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FormatMessageA
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
FlushInstructionCache
GetFileInformationByHandleEx
AreFileApisANSI
SetLastError

user32

OpenClipboard
GetAsyncKeyState
CallWindowProcA
GetClipboardData
GetKeyState
ReleaseCapture
EmptyClipboard
GetCapture
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
IsChild
ClientToScreen
ScreenToClient
CloseClipboard
SetClipboardData
SetCapture
LoadCursorA

shell32

SHGetFolderPathA
ShellExecuteA

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?fail@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Throw_C_error@std@@YAXH@Z
_Xtime_get_ticks
_Mtx_unlock
_Mtx_trylock
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_Thrd_sleep

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemory

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

xinput1_4

ord2
ord4

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
_setjmp3
memchr
memmove
longjmp
strrchr
memcpy
memcmp
memset
strchr
strstr
_purecall
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-math-l1-1-0

_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_dclass
_libm_sse2_exp_precise
ldexp
_libm_sse2_cos_precise
_libm_sse2_asin_precise
_libm_sse2_pow_precise
round
llround
fmaxf
_libm_sse2_acos_precise
_CIfmod
_CIatan2
_fdclass
_dsign
ceil
copysignf
_libm_sse2_atan_precise
frexp
floor

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
system
exit
terminate
_initialize_onexit_table
strerror
_initterm_e
_initterm
_cexit
_crt_atexit
abort
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno

api-ms-win-crt-stdio-l1-1-0

fsetpos
setvbuf
fgets
tmpfile
_popen
_pclose
_ftelli64
clearerr
fread
feof
ferror
freopen
getc
fgetpos
__stdio_common_vsprintf
_fseeki64
ungetc
fopen
__stdio_common_vswprintf_s
fwrite
__stdio_common_vsscanf
_wfopen
fseek
tmpnam
ftell
__acrt_iob_func
fgetc
fputc
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
fclose

api-ms-win-crt-string-l1-1-0

strcoll
strpbrk
iscntrl
isgraph
ispunct
isxdigit
islower
towlower
isupper
isalpha
strspn
isdigit
strncmp
iswalpha
strcpy_s
strncpy
isspace
isalnum
toupper
tolower
isblank

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
rename
_unlock_file

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

strtol
strtod
strtoul
strtoull
atoi
atof
strtoll

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
setlocale

api-ms-win-crt-time-l1-1-0

_time64
_difftime64
_localtime64
clock
_gmtime64
strftime
_mktime64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.7MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

oOZ$ZzO Size: 694KB - Virtual size: 693KB

.text Size: 673KB - Virtual size: 673KB

.rsrc Size: 1024B - Virtual size: 536B

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

Password: 123

c8d68dbdd4ce954b2c649addde015a8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

shell32

msvcp140

d3dx9_43

winmm

imm32

xinput1_4

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 504KB - Virtual size: 503KB

.data Size: 5.7MB - Virtual size: 7.5MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 108KB - Virtual size: 108KB

oOZ$ZzO
Size: 694KB - Virtual size: 693KB

.text
Size: 673KB - Virtual size: 673KB

.rsrc
Size: 1024B - Virtual size: 536B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 504KB - Virtual size: 503KB

.data
Size: 5.7MB - Virtual size: 7.5MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 108KB - Virtual size: 108KB