KIZUNECHEAT[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

KIZUNECHEAT.exe
Size

530KB
MD5

55916cbac8accdc1a1ef39dc93c47f32
SHA1

93e48fe2b49aea5e1963cb36cce8763f9af22db3
SHA256

2bb9e71eadf08daddcb8bdb246dc99fa42a9acf25f1c486e98bd267bc27aae54
SHA512

74e039b47cc32171e9ea5bac93c17b70e6c65838250c1a97ea0274737e58c968258d1128c34fdf59d728016e9adb893a692025d197256a6c37e7fbaef5eef74b
SSDEEP

12288:uPzgOp4R2U1JdxE29NP/ZJBtypf2k78ZQS/fSZFXI03cp:uPzgO42GlNPWJ2/ZQS/WFXIV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KIZUNECHEAT.exe

Files

KIZUNECHEAT.exe
.exe windows:6 windows x86 arch:x86

8c2420f7e17bfbaba463818119aa0006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\source\repos\Updater\Release\Updater.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
LoadLibraryA
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
FormatMessageA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageW
SetLastError
GetModuleFileNameA
GetLastError
GetModuleHandleW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateRemoteThread
VirtualAllocEx
GetProcAddress
CloseHandle
Process32Next
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
GetCurrentProcess
SetConsoleTitleA
VirtualFree
WriteProcessMemory
Process32First
WaitForMultipleObjects
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
LocalFree

advapi32

CryptEncrypt
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
OpenProcessToken

shell32

ShellExecuteA

crypt32

CryptStringToBinaryA
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore

ws2_32

send
getsockopt
WSACreateEvent
ioctlsocket
WSAEnumNetworkEvents
WSAEventSelect
getpeername
WSAResetEvent
sendto
WSAWaitForMultipleEvents
recvfrom
freeaddrinfo
getaddrinfo
closesocket
WSAGetLastError
ntohs
recv
WSASetLastError
WSAStartup
WSACleanup
setsockopt
WSACloseEvent
WSAIoctl
htons
socket
__WSAFDIsSet
listen
htonl
getsockname
select
accept
connect
bind
gethostname

normaliz

IdnToUnicode
IdnToAscii

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

msvcp140

??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

bcrypt

BCryptGenRandom

vcruntime140

strstr
memmove
memchr
memcpy
strrchr
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_CxxThrowException
__current_exception_context
__current_exception
_except_handler4_common
strchr

api-ms-win-crt-stdio-l1-1-0

_fileno
_write
fputc
_lseeki64
__acrt_iob_func
_read
fflush
fclose
__stdio_common_vsprintf
fgets
_open
fopen
__stdio_common_vsscanf
fgetc
__stdio_common_vfprintf
ftell
feof
fwrite
__p__commode
fputs
fopen_s
fgetpos
fseek
_set_fmode
_close
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
__sys_nerr
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_errno
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_beginthreadex
_set_app_type
_initterm
exit
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
__sys_errlist

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh
_set_new_mode
realloc

api-ms-win-crt-convert-l1-1-0

atoi
strtod
strtoull
strtoll
strtoul
strtol
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_unlink
_access
_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strcspn
_stricmp
strpbrk
strspn
strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass
round
_fdopen

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c2420f7e17bfbaba463818119aa0006

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

crypt32

ws2_32

normaliz

wldap32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 18KB - Virtual size: 18KB