02-05-2024_b5W7lqhD6zmGreG[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

02-05-2024_b5W7lqhD6zmGreG.zip
Size

865KB
MD5

636f479c9f540056984b646484a58acc
SHA1

23c5f52ede45784204b681f505df148cd92ef110
SHA256

9163fa5a6b52206b2f7d33dae7e60a06aff5afc6c19e621e0e10d74b6de54947
SHA512

b8a2e4c9d40bbffdbc88505cefdd756676e74da5739ec7ac11d7cca651004934b9ccfe1770390a3fef59afa6864bc6fb475f90911399dcae110f1337ce85e806
SSDEEP

24576:Fpq4Y7vw0ArA4EKozm2842IpyfisYBWI40Wq:Fpqo2zm28425fzI40h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DevZwasHere-1.64.2/DevZwasHere-1.64.2.dll

Files

02-05-2024_b5W7lqhD6zmGreG.zip
.zip

Password: 123
DevZwasHere-1.64.2/DevZwasHere-1.64.2.dll
.dll windows:6 windows x64 arch:x64

Password: 123

9f20df8e2f46891a3fea24b98830eb3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetStdHandle
GetProcAddress
CreateEventA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
LoadLibraryA
GetTickCount
FindFirstFileA
CloseHandle
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
Sleep
WaitForSingleObject
GetModuleHandleA
FindNextFileA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind

user32

mouse_event
GetWindowThreadProcessId
EnumWindows
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetWindowLongPtrW
GetAsyncKeyState

d3d12

D3D12SerializeRootSignature

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Exports

Exports

?HK_CopyTextureRegion@@YAXPEAUID3D12GraphicsCommandList3@@PEBUD3D12_TEXTURE_COPY_LOCATION@@III1PEBUD3D12_BOX@@@Z
?present_hk@@YAJPEAUIDXGISwapChain3@@II@Z

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 926KB - Virtual size: 1017KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevZwasHere-1.64.2/Free Hacks for Games.url

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

9f20df8e2f46891a3fea24b98830eb3f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3d12

imm32

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 515KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 926KB - Virtual size: 1017KB

.pdata Size: 22KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 515KB - Virtual size: 515KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 926KB - Virtual size: 1017KB

.pdata
Size: 22KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB