lol[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

lol.exe
Size

3.4MB
MD5

10d740b8bd1bf5b555eb76670d30af63
SHA1

79dcf88ec9f7b2904889f5f18be9efe62f0cd6ce
SHA256

8410128115fe694825a5a7ca85efc642259ec17dea39ee1b58eb8818ee58c39e
SHA512

e69296e02893cae68e5a2221f9e7a4b0f968e38c0f46cfda17fd88682acdaf0e258b014bf534cf40f316e53fb3a5888d2fe2db3f3af9f4e0bc0fb1e752527775
SSDEEP

49152:SkeGtlqfIU6ivxydG9XLWO6cv3fK0BxIf/bzhuUnxTXOum+IC5tmOrPLn9ctPNPr:Pz+1XLWOf1GpE+h1z4PG8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lol.exe

Files

lol.exe
.exe windows:6 windows x64 arch:x64

59656f5d18e016d0f79f7c1f2d8a211b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\karee\Downloads\Fortnite Cheat surcen\Hanna - Privat Cheat\x64\Release\Mercy Public.pdb

Imports

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateChain
CertOpenStore

ws2_32

connect
bind
WSASetLastError
recv
send
socket
htonl
select
__WSAFDIsSet
inet_pton
listen
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
recvfrom
sendto
gethostname
closesocket
getpeername
WSAGetLastError
getsockname
getsockopt
accept
htons
ntohs
setsockopt
shutdown
WSAIoctl
WSAStartup
WSACleanup
WSASocketW
getnameinfo

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeviceIoControl
GetConsoleWindow
GetVolumeInformationW
CreateFileW
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
lstrcmpiW
SetConsoleTitleW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
IsDebuggerPresent
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleExW
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead
GetStdHandle
GetEnvironmentVariableW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
GetAsyncKeyState
DispatchMessageW
PeekMessageW
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
SetWindowLongW
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
ScreenToClient
GetActiveWindow
ClientToScreen
LoadCursorW
SetCursor
GetClientRect
mouse_event
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
SetWindowDisplayAffinity

advapi32

CryptGetUserKey
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptAcquireContextA
CryptGetProvParam

msvcp140

?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$collate@D@std@@2V0locale@2@A
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ

d3d9

Direct3DCreate9Ex

dwmapi

DwmExtendFrameIntoClientArea

wldap32

ord35
ord32
ord30
ord200
ord301
ord79
ord33
ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord27
ord26

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
__std_type_info_name
__std_type_info_compare
_purecall
__std_exception_copy
memchr
memcmp
memmove
strrchr
memset
memcpy
wcsstr
strchr
strstr
__std_terminate
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

system
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
exit
_initterm
signal
strerror_s
_get_initial_narrow_environment
_exit
_invalid_parameter_noinfo_noreturn
raise
_set_app_type
_invalid_parameter_noinfo
__sys_nerr
strerror
_seh_filter_exe
terminate
_cexit
_crt_atexit
_errno
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_beginthreadex
_initterm_e

api-ms-win-crt-stdio-l1-1-0

fgets
setvbuf
fopen
_lseeki64
puts
__stdio_common_vsprintf_s
feof
ferror
ftell
__acrt_iob_func
fflush
fclose
__stdio_common_vswprintf
fseek
_fileno
__stdio_common_vsnprintf_s
_set_fmode
fputs
__stdio_common_vfprintf
setbuf
clearerr
fread
__stdio_common_vsprintf
__p__commode
_wfopen
_read
_write
_close
_open
__stdio_common_vsscanf
_setmode
fwrite
fputc

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_aligned_malloc
_set_new_mode
free
malloc
_aligned_free
_callnewh

api-ms-win-crt-utility-l1-1-0

srand
rand
_byteswap_ulong
qsort

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strncpy
_strnicmp
tolower
isspace
isprint
_strdup
strlen
isdigit
strpbrk
strcspn
_wcsicmp
strspn
isupper
_stricmp

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_fstat64i32
_stat64
_access
_stat64i32
remove

api-ms-win-crt-time-l1-1-0

_gmtime64
_gmtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtol
atoi
strtoull
atof
strtod

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sqrtf
sqrt
sinf
powf
fmodf
floorf
cosf
_dtest
ceilf
atan2
_dsign
asin
_dclass
__setusermatherr
pow
tanf

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 790KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59656f5d18e016d0f79f7c1f2d8a211b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

user32

advapi32

msvcp140

d3d9

dwmapi

wldap32

imm32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 790KB - Virtual size: 789KB

.data Size: 45KB - Virtual size: 69KB

.pdata Size: 105KB - Virtual size: 105KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 790KB - Virtual size: 789KB

.data
Size: 45KB - Virtual size: 69KB

.pdata
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 29KB - Virtual size: 29KB