Lime Free Cheat[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Lime Free Cheat.exe
Size

2.7MB
MD5

bce80bb5a4d51e22856472609eab5fa0
SHA1

b2b6e4ba26b1e69a9f3d08b3bda35dff6a9fcfad
SHA256

b5bb4441713b06e210135019eb90a3814b0084cfde95cb0750c51d929b469e5e
SHA512

c12e2e2a0801bbfc4457e5d1bc58d9c2c350c1a15081fe40bbb45430abb4c844ad9061ccd294eaea46e3d53a55fd8706cc9108df69bc778debdd574fa5800342
SSDEEP

49152:7fMewFUx7ZkyxPXOxuCunZND9+PZ9annMSJtrBPO7iRdU:7fpcKIPYJ3m7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lime Free Cheat.exe

Files

Lime Free Cheat.exe
.exe windows:6 windows x64 arch:x64

Password: freecheat

830a73c7785ec147b7e67f2c00da04f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Storm Project\Desktop\Storm\Storm\Storm\x64\Release\Gosth_External.pdb

Imports

opengl32

wglGetProcAddress
wglGetCurrentDC
glGetString
glGetIntegerv
glPixelStorei
glTexImage2D
glTexParameteri
glGenTextures
glBindTexture
glClear
glViewport

kernel32

GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTitleA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteProcessMemory
Process32First
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
SetLastError
LocalFree
CreateFileA
SetConsoleMode
IsDebuggerPresent
OpenProcess
CreateEventW
SetEvent
OutputDebugStringW
VirtualQuery
VirtualFree
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
CreateToolhelp32Snapshot
Sleep
GetConsoleMode
Process32Next
CloseHandle
CreateThread
ExitProcess
ReadProcessMemory
GetConsoleWindow
GetCurrentConsoleFont
GetModuleHandleW
SetThreadExecutionState
FormatMessageW
VerSetConditionMask
GetCurrentThreadId
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
GetLastError
TlsFree
GlobalUnlock
TlsSetValue
GlobalLock
GlobalFree
GlobalAlloc
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Module32Next
CreateFileW
GetFileAttributesW
GetCurrentProcess
WideCharToMultiByte
GetCurrentProcessId
GetExitCodeProcess
CreateRemoteThread
GetCurrentThread
VirtualProtect
VirtualAllocEx
VirtualProtectEx
CreateFileMappingW
MapViewOfFile
VirtualFreeEx
UnmapViewOfFile
IsWow64Process
GetModuleHandleA
QueryFullProcessImageNameW
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
HeapDestroy
HeapAlloc
HeapReAlloc
Module32First
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar

user32

RegisterDeviceNotificationW
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
SystemParametersInfoW
CreateIconIndirect
LoadImageW
UnregisterDeviceNotification
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
SetWindowTextW
RemovePropW
ToUnicode
DestroyIcon
FindWindowW
UnregisterClassW
SendMessageW
RegisterClassExW
GetPropW
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
PostMessageW
WaitMessage
SetFocus
IsZoomed
GetMessageTime
PeekMessageW
DispatchMessageW
DefWindowProcW
TranslateMessage
TrackMouseEvent
GetWindowThreadProcessId
CreateWindowExW
DestroyWindow
GetKeyState
GetLayeredWindowAttributes
GetWindowRect
SetWindowPos
GetSystemMetrics
GetActiveWindow
SetLayeredWindowAttributes
ShowWindow
GetAsyncKeyState
SetWindowLongA
ClientToScreen
FlashWindow
MessageBoxA
MoveWindow
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
MonitorFromWindow
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
FindWindowA
GetClientRect
mouse_event
GetWindowPlacement
GetForegroundWindow
GetMonitorInfoA

gdi32

CreateBitmap
CreateRectRgn
DeleteObject
CreateDIBSection
DeleteDC
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
CreateDCW
SwapBuffers

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?fail@ios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Thrd_join
_Thrd_detach
_Query_perf_counter
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Xout_of_range@std@@YAXPEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dx9_43

D3DXVec3Transform
D3DXMatrixTranspose

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen

ntdll

RtlAddFunctionTable
RtlAdjustPrivilege
NtRaiseHardError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

normaliz

IdnToAscii

wldap32

ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord46
ord217
ord143

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertAddCertificateContextToStore
CertGetNameStringA
CertFindExtension
CertCloseStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

ws2_32

bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
send
WSACleanup
recv
closesocket
WSAGetLastError
accept
ntohl
htonl
gethostname
sendto
recvfrom
listen
ioctlsocket
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

iphlpapi

GetAdaptersInfo

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler_noexcept
__vcrt_LoadLibraryExW
__current_exception_context
__current_exception
strrchr
memchr
__vcrt_GetModuleFileNameW
_CxxThrowException
memcmp
memmove
memset
__std_terminate
__C_specific_handler
strchr
strstr
__std_exception_copy
__std_exception_destroy
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_resetstkoflw
_errno
strerror
_getpid
__sys_nerr
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_cexit
_beginthreadex
_initialize_narrow_environment
_seh_filter_exe
_set_app_type
system
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_wassert

api-ms-win-crt-stdio-l1-1-0

__p__commode
_read
_get_stream_buffer_pointers
_close
_open
_set_fmode
_write
fgetpos
fgets
ungetc
fopen_s
fgetc
__stdio_common_vsprintf_s
ferror
fputc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fsetpos
_fseeki64
__stdio_common_vfprintf
fseek
_lseeki64
feof
_pclose
fclose
_popen
fputs
fopen
setvbuf
ftell
fflush
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strcmp
_wcsicmp
wcslen
wcscpy_s
tolower
strpbrk
isupper
strncpy
strncmp
strcpy_s
strcat_s
wcscpy
wcscmp
strcpy
strcspn
_strdup
strspn
strlen

api-ms-win-crt-utility-l1-1-0

srand
abs
qsort
rand

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoul
atof
strtol
atoi
strtoull

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_unlink
_stat64
_lock_file
_unlock_file
rename

api-ms-win-crt-math-l1-1-0

acosf
atan2f
ceilf
cosf
fmodf
pow
_dclass
sinf
__setusermatherr
sqrt
ldexp
sqrtf
powf

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

advapi32

RegCreateKeyExW
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
CryptEncrypt
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
AddAccessAllowedAce

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: freecheat

830a73c7785ec147b7e67f2c00da04f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

shell32

msvcp140

imm32

d3dx9_43

winhttp

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

iphlpapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 289KB - Virtual size: 289KB

.data Size: 1.0MB - Virtual size: 1.0MB

.pdata Size: 43KB - Virtual size: 43KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 289KB - Virtual size: 289KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.pdata
Size: 43KB - Virtual size: 43KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 8KB - Virtual size: 7KB