Cyrix SCP_[unknowncheats[.]me]_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Cyrix SCP_[unknowncheats.me]_.dll
Size

368KB
MD5

297249e1dcd61d1e13351753573556f7
SHA1

d0c752f7b93e018f97a62f2923132a6485d2d88a
SHA256

b86e6673754dc82e177c2f9850f9332a779e06f0532ceab67d4e03fd0b8b5fbe
SHA512

431b76a36fc7f3fe6f2bbe14d6743ee5becebd6e46c2599348ada45581d544b84d53596b80b94acfdc9a0760ffefcce9983b4eae9c5a4f1435133e4e312e7027
SSDEEP

6144:MT6/j9vJCpBZX/WhnktqRPGe+zOq1JQFnuPUuERESsrdFvogluH4bzhS8sCjEg0g:9FnuPUuETemOPVsL41nmFy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cyrix SCP_[unknowncheats.me]_.dll

Files

Cyrix SCP_[unknowncheats.me]_.dll
.dll windows:6 windows x64 arch:x64

Password: infected

0bdcc86634fe027dd586677e76b063eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Xprt\Downloads\Cyrix Cheats\Cyrix SCP SL Private- ChasePlays\x64\Release\Cyrix SCP.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
QueryPerformanceFrequency
DisableThreadLibraryCalls
CreateThread
Module32FirstW
Module32NextW
AllocConsole
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalUnlock
QueryPerformanceCounter
GlobalLock
GlobalFree
OpenThread

user32

SetWindowLongPtrW
CallWindowProcW
GetAsyncKeyState
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
IsChild
GetForegroundWindow
SetClipboardData

msvcp140

?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xlength_error@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

xinput1_3

ord4
ord2

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strstr
memset
memmove
memcpy
memcmp
memchr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_wassert
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strcmp
_wcsicmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
freopen_s
fclose
__acrt_iob_func
fflush
fread
_wfopen
fwrite
fseek
__stdio_common_vsscanf
ftell

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

fmodf
floorf
cosf
powf
sqrtf
ceilf
sinf

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0bdcc86634fe027dd586677e76b063eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

msvcp140_codecvt_ids

imm32

d3dcompiler_43

xinput1_3

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 274KB - Virtual size: 274KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 274KB - Virtual size: 274KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 252B