GameCheat-o-Tron[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GameCheat-o-Tron.exe
Size

3.8MB
MD5

07dac87da2613a2e074f9e0ebed1e81a
SHA1

f5db2b19ce162421b13317872ffdf96adde8740b
SHA256

acf6f3129f1d64b9fe8c4d4f91c4d93afddb64e871f88c4f0dd43ae1fb2478cb
SHA512

eb74eb25ca2f4d3a4225499a7258147ffcf001ad2509c76acf33205ceb259a40ce3b607b99b4880830e364e7d1f4e893655116a2f4fa35ae6c6ddc6fb3180aac
SSDEEP

49152:taPm4ApSWX2Bg8C5RxTPDAfVMjvBjer6aA07ESxVE4+6Zd6oWNjxy+D6CTA/Z7:4WXqY5zSxVpdo1TDp0x7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GameCheat-o-Tron.exe

Files

GameCheat-o-Tron.exe
.exe windows:6 windows x64 arch:x64

bb4cfb74a8b63bc4e7ac6ec3bdf15299

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareStringOrdinal
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
DeleteProcThreadAttributeList
DuplicateHandle
FormatMessageW
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WriteConsoleW
WriteFileEx
lstrlenW

user32

AddClipboardFormatListener
CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EnumDisplaySettingsA
GetClientRect
GetClipboardData
GetCursorPos
GetDesktopWindow
GetWindowRect
InvalidateRect
LoadCursorA
LoadImageA
MessageBoxA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassExA
RemoveClipboardFormatListener
ScreenToClient
SetClipboardData
SetCursor
SetLayeredWindowAttributes
SetWindowPos
ShowWindow
TranslateMessage
UnregisterClassA
UpdateWindow

shell32

ShellExecuteA

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0facet@locale@std@@IEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?copyfmt@ios_base@std@@QEAAAEAV12@AEBV12@@Z
?fail@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exceptions@std@@YAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Strcoll
_Strxfrm
_Thrd_detach
_Thrd_id
_Thrd_join

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

ncrypt

NCryptCreatePersistedKey
NCryptDecrypt
NCryptDeleteKey
NCryptExportKey
NCryptFinalizeKey
NCryptFreeObject
NCryptOpenKey
NCryptOpenStorageProvider

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASocketW
WSAStartup
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockopt
ioctlsocket
recv
send
socket

advapi32

GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CryptStringToBinaryA

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__intrinsic_setjmp
__std_exception_copy
__std_exception_destroy
__std_terminate
_purecall
longjmp
memchr
memcmp
memcpy
memmove
memset
strrchr
strstr

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
__stdio_common_vsprintf_s
_fseeki64
_get_stream_buffer_pointers
_set_fmode
fclose
feof
ferror
fflush
fgetc
fgetpos
fopen_s
fputc
fread
fseek
fsetpos
fwrite
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdtest
acosf
cosf
exp2f
ldexp
log2f
pow
powf
sinf

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcat
strcmp
strcpy
strlen
strncmp
strncpy

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.
Size: 1.2MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb4cfb74a8b63bc4e7ac6ec3bdf15299

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3d11

d3dcompiler_43

secur32

ncrypt

ws2_32

advapi32

crypt32

bcryptprimitives

api-ms-win-core-synch-l1-2-0

ntdll

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 467KB - Virtual size: 466KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 44KB - Virtual size: 43KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 385B

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: - Virtual size: 7KB

. Size: 1.2MB - Virtual size: 5.7MB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 467KB - Virtual size: 466KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 44KB - Virtual size: 43KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 385B

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: - Virtual size: 7KB

.
Size: 1.2MB - Virtual size: 5.7MB