01-06-2024_YKK69exTwLdFPLp[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

01-06-2024_YKK69exTwLdFPLp.rar
Size

29KB
MD5

f5d75f0a47bb91ee4671a5a06b725bd1
SHA1

509697e1cd8a414d29357c3f60d59e23129aaf79
SHA256

f8d5089388f4a0d26f4e3db0c7159bb35ee53a1bc7884c8e856467c9bc8d5193
SHA512

931b1a07be91e659c285e8d108508ea30ff4a57e46187119d4130011ed63b73a57e0ab16da54c5bbb1e575901100ce7d5d237b9b87ad4e7ecf537c2fd614ae8e
SSDEEP

768:09zHrnWv0hEBwLzm8X4erAZOpmBAl7meg6:09zHrg0eozB4zZmmBAl7meg6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/DirtyBypassInjector.exe
unpack001/01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/TFGhost.exe

Files

01-06-2024_YKK69exTwLdFPLp.rar
.rar
01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/CHEATER.FUN.url
01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/DirtyBypassInjector.exe
.exe windows:6 windows x86 arch:x86

cef21ba936b55b36bb0c38e087af470a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jeffs\source\repos\DirtyBypassInjector\Release\DirtyBypassInjector.pdb

Imports

kernel32

WriteProcessMemory
GetLastError
LoadLibraryA
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ

vcruntime140

memset
__CxxFrameHandler3
__std_terminate
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
_cexit
_crt_atexit
_controlfp_s
terminate
_initterm
__p___argv
_get_initial_narrow_environment
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
__p___argc
_set_app_type
_exit
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
01-06-2024_YKK69exTwLdFPLp/TFGhost v3.1_CHEATER.FUN/TFGhost/TFGhost.exe
.exe windows:6 windows x64 arch:x64

cf293edc3c572e605dcfd9aea0cbf54b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\jeffs\source\repos\TFGhost\x64\Release\TFGhost.pdb

Imports

kernel32

WriteProcessMemory
RtlAddFunctionTable
Sleep
GetLastError
LoadLibraryA
CloseHandle
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
ReadFile
TerminateProcess
CreateNamedPipeW
DisconnectNamedPipe
OpenProcess
ConnectNamedPipe
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
RtlLookupFunctionEntry
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
_set_fmode
fgetpos
setvbuf
_get_stream_buffer_pointers
_fseeki64
fread
fgetc
fclose
fflush
fwrite
fsetpos
__stdio_common_vfprintf
ungetc
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_seh_filter_exe
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
system
_c_exit
_register_thread_local_exe_atexit_callback
exit
_configure_narrow_argv
_cexit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cef21ba936b55b36bb0c38e087af470a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 912B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 572B

cf293edc3c572e605dcfd9aea0cbf54b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 148B

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 912B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 148B