Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
0xcheat.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0xcheat.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
�xS!��.pyc
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
�xS!��.pyc
Resource
win10v2004-20240508-en
Target
0xcheat.exe
Size
8.2MB
MD5
e105137e99534bb200e1db67c430e57e
SHA1
b95539aafdd4e2bd1e8ef783ad65cb5a627c92c6
SHA256
e98e2d71d36b70545619496744b226aadb6f99f3721541d709018ee9fdb24011
SHA512
fac4662c466ee96985d0698f2116d1f39971aaa0010747e91e991aeff3900e78d1916cbb2dae92577f8c71fe82941041c3bc837395055f3496ea67d01e4acd8e
SSDEEP
196608:E3gI+o2n018urErvI9pWjgaAnajMs4F23fQC//OoLxhF:9I72n0yurEUWjJjiFoo4jLxhF
resource | yara_rule |
---|---|
static1/unpack001/�xS!��.pyc | blankgrabber |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
CloseHandle
CreateDirectoryW
CreateFileW
CreateProcessW
CreateSymbolicLinkW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableW
GetExitCodeProcess
GetFinalPathNameByHandleW
GetLastError
GetModuleFileNameW
GetProcAddress
GetStartupInfoW
GetTempPathW
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LocalFree
MultiByteToWideChar
SetConsoleCtrlHandler
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler
mbstowcs
strtoul
wcstombs
__p__environ
__p__wenviron
_wputenv_s
_findclose
_stat64
_wfindfirst64
_wfindnext64
_wfullpath
_wremove
_wrmdir
_wstat64
_set_new_mode
calloc
free
malloc
realloc
setlocale
__setusermatherr
memcmp
memcpy
strchr
wcschr
__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_getpid
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
perror
signal
strerror
__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
_fileno
_get_osfhandle
_wfopen
_wtempnam
clearerr
fclose
feof
ferror
fflush
fputs
fread
fseek
ftell
fwrite
_strdup
_stricmp
_wcsdup
_wcsdup
iswctype
memset
strcat
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strtok
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
__daylight
__timezone
__tzname
_tzset
GetWindowThreadProcessId
ShowWindow
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ