ex_cod2bot_[unknowncheats[.]me]_[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ex_cod2bot_[unknowncheats.me]_.rar
Size

14KB
MD5

5c7e751772618ac50e92977e9cb9c367
SHA1

d5b9ebc5bea19f3df2ffc73e4c21761609725be1
SHA256

a3ae2fb42f81b2ba637f3127b92f2b45ddfa6fa8e7e90021ffa4bb6d3b20f63a
SHA512

ad0a02795195cb948b923e058f7d017ce81f62bb9568aba91784439086eb5525e22e75b208a4f11ad1c5fd8c6eca7f048c76088d621d4b3b67a0dfdc775f29ef
SSDEEP

384:pKe1/9PFiUwlOqM5VF0dlha37RXXg5OrQuWjQ3NTifHX:EeFiZlDoVKlhy7dcAaQ3NmX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Haxing Folder/EX_COD2Bot.exe

Files

ex_cod2bot_[unknowncheats.me]_.rar
.rar

Password: 1111
Haxing Folder/EX_COD2Bot.exe
.exe windows:5 windows x86 arch:x86

Password: 1111

ff43bdcdcbb991c349c5d16143fa5f5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
ReadFile
GetCompressedFileSizeA
Module32First
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
CloseHandle
WriteProcessMemory
GetCurrentProcess
Process32First
Sleep
OpenProcess
SetCurrentDirectoryA
FindFirstFileA
Process32Next
ResumeThread
DeleteFileA
ExitProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
CreateRemoteThread
CreateFileA
GetFileSize
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
GetProcAddress
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
FlushInstructionCache
SetLastError
GetTickCount

user32

ShowCursor
GetForegroundWindow
MessageBoxA
FindWindowA
GetAsyncKeyState
SetForegroundWindow

comdlg32

GetOpenFileNameA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcr90

fclose
fprintf
sprintf
fwrite
_vsnprintf
memset
memcpy
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
fopen
fgets
??3@YAXPAX@Z
rand
strstr
??2@YAPAXI@Z
_stricmp
_CItan
_CIsin
_CIcos
_CIatan2
exit
_CIsqrt

Exports

Exports

?DllEntry@@YGKPAUHINSTANCE__@@@Z

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1111

Password: 1111

ff43bdcdcbb991c349c5d16143fa5f5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

msvcr90

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 700B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 700B

.reloc
Size: 3KB - Virtual size: 3KB