angelfree_4[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

angelfree_4.rar
Size

12.7MB
MD5

bbf567d2bda06e0fc0970be8000f0dc0
SHA1

389d358fa665df94feaa3c1c2f7d81edffd45ff0
SHA256

e0393022df2d02bd8e69e5c4c1a9aabaafd14925ecc1873b914190a2aa3af7c0
SHA512

bbb53ec197ca411c8e6be387f96d23c1a0459e01b9b0637e19d5cdf2013d4e9ffa91f7bd4d78cb257004ac840ce4254240952e9f3c8e87a34790f67351960b08
SSDEEP

393216:7BvYatutmcn2X84LSBwrjTkQ/VhZy3Cz+jBJ6PLIs:1vYaamc2s/BwHvRyYYJ6PL5

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack002/Fivem_Ext.exe	vmprotect

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Fivem-AE.exe
unpack002/Fivem_Ext.exe
unpack002/XINE TEAM CHEAT.exe

Files

angelfree_4.rar
.rar

Password: Syrex_VX
menus.rar
.rar

Password: Syrex_VX
Fivem-AE.exe
.exe windows:6 windows x64 arch:x64

Password: Syrex_VX

a0147094046123559cccf69406835345

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Module32FirstW
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowLongW
CharUpperBuffW

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXVec3Transform

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmAssociateContextEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

acosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;-Q
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Kgs
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.;>i
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Fivem_Ext.exe
.exe windows:6 windows x64 arch:x64

Password: Syrex_VX

ae1f2978d3af4988b92e05c05c19cf13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Module32FirstW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowLongW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXVec3Transform

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-stdio-l1-1-0

_wfopen

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-math-l1-1-0

sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XINE TEAM CHEAT.exe
.exe windows:6 windows x64 arch:x64

Password: Syrex_VX

a98fcc30097a9893402b8be27c43a74b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dx9_43

D3DXMatrixTranspose

dwmapi

DwmExtendFrameIntoClientArea

user32

FindWindowA
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DispatchMessageA
LoadCursorA
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetWindowThreadProcessId
GetWindowRect

kernel32

HeapReAlloc
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
SetConsoleTitleA
GetCurrentProcess
GetTickCount64
K32GetModuleBaseNameA
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
IsValidCodePage
AreFileApisANSI
GetLastError
GetModuleHandleW
MoveFileExW
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetLocaleInfoEx
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetEndOfFile
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TlsGetValue
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEnvironmentVariableW
SetStdHandle
HeapSize
WriteConsoleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext

d3dcompiler_43

D3DCompile

Sections

.text
Size: 701KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Syrex_VX

Password: Syrex_VX

Password: Syrex_VX

a0147094046123559cccf69406835345

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d9

d3dx9_43

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 305KB

.rdata Size: - Virtual size: 59KB

.data Size: - Virtual size: 3KB

.pdata Size: - Virtual size: 12KB

.;-Q Size: - Virtual size: 5.0MB

.Kgs Size: 3KB - Virtual size: 3KB

.;>i Size: 7.3MB - Virtual size: 7.3MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 512B - Virtual size: 480B

Password: Syrex_VX

ae1f2978d3af4988b92e05c05c19cf13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d9

d3dx9_43

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 259KB

.rdata Size: - Virtual size: 55KB

.data Size: - Virtual size: 936KB

.pdata Size: - Virtual size: 10KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 512B - Virtual size: 268B

.rsrc Size: 512B - Virtual size: 469B

Password: Syrex_VX

a98fcc30097a9893402b8be27c43a74b

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dx9_43

.text
Size: - Virtual size: 305KB

.rdata
Size: - Virtual size: 59KB

.data
Size: - Virtual size: 3KB

.pdata
Size: - Virtual size: 12KB

.;-Q
Size: - Virtual size: 5.0MB

.Kgs
Size: 3KB - Virtual size: 3KB

.;>i
Size: 7.3MB - Virtual size: 7.3MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 259KB

.rdata
Size: - Virtual size: 55KB

.data
Size: - Virtual size: 936KB

.pdata
Size: - Virtual size: 10KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 512B - Virtual size: 268B

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 701KB - Virtual size: 701KB

.rdata
Size: 649KB - Virtual size: 648KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 3KB - Virtual size: 3KB