BloonsATTDTrainer_[unknowncheats[.]me]_[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BloonsATTDTrainer_[unknowncheats.me]_.zip
Size

1.9MB
MD5

dd8b570394e56b707ee30fa3b21699e1
SHA1

0dd4516b40491e028c15098c0bbe50d86cedc817
SHA256

445f44cd41e1c66b066d68404dd541284628029c677dbcf9d1e5f728216b4758
SHA512

c039d0947ba2eaa3df419223f46796a147018e99607bea24b133ad342a35abcbfa518062f8516ae1ee9af606f7adc5d6a4729399f60ce46231fb96eda44b0fbf
SSDEEP

49152:iXUERLBxbIHt7RI6rfO5KOUCgTGLDxG7hcyfAD:8FxkHtNIeTjCgSLA7hcy2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BloonsATTDTrainer.exe

Files

BloonsATTDTrainer_[unknowncheats.me]_.zip
.zip
BloonsATTDTrainer.exe
.exe windows:6 windows x64 arch:x64

c83d7ed6e919a7fdfc5ddf41cb676d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Visual Studio\Projects\BloonsATTDTrainer\x64\Release\BloonsATTDTrainer.pdb

Imports

kernel32

Module32FirstW
Module32NextW
GetLocaleInfoA
MultiByteToWideChar
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
Process32FirstW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
Process32NextW
CreateToolhelp32Snapshot
WriteProcessMemory
GetModuleHandleW
ReadProcessMemory
FreeConsole
OpenProcess
GetCurrentProcessId

user32

SetCapture
ScreenToClient
GetMessageExtraInfo
LoadCursorW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCursorPos
GetCursorPos
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
UpdateWindow
GetKeyState

d3d9

Direct3DCreate9

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memmove
memcmp
memcpy
strstr
__std_exception_copy
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

getchar
__p__commode
_set_fmode
ftell
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fflush
__stdio_common_vfprintf
fseek
fclose
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_exit
terminate
_configure_narrow_argv
_initialize_narrow_environment
exit
_initterm_e
_initterm
_get_initial_narrow_environment
__p___argc
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strncmp
_wcsicmp
strncpy
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

acosf
sinf
__setusermatherr
ceilf
cosf
fmodf
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BloonsATTDTrainer.pdb
BloonsATTDTrainer\BloonsATTDTrainer\BloonsATTDTrainer.cpp
BloonsATTDTrainer\BloonsATTDTrainer\offsets.cpp
BloonsATTDTrainer\BloonsATTDTrainer\offsets.h
BloonsATTDTrainer\BloonsATTDTrainer\proc.cpp
BloonsATTDTrainer\BloonsATTDTrainer\proc.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.editorconfig
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.gitattributes
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\FUNDING.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\ISSUE_TEMPLATE\config.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\ISSUE_TEMPLATE\issue_template.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\pull_request_template.md
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\workflows\build.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\workflows\scheduled.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.github\workflows\static-analysis.yml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\.gitignore
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\LICENSE.txt
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\backends\imgui_impl_dx9.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\backends\imgui_impl_dx9.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\backends\imgui_impl_win32.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\backends\imgui_impl_win32.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imconfig.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui_demo.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui_draw.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui_internal.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui_tables.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imgui_widgets.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imstb_rectpack.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imstb_textedit.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\imstb_truetype.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\README.txt
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\cpp\README.txt
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\cpp\imgui_stdlib.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\cpp\imgui_stdlib.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\debuggers\README.txt
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\debuggers\imgui.gdb
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\debuggers\imgui.natstepfilter
.xml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\debuggers\imgui.natvis
.xml
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\Cousine-Regular.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\DroidSans.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\Karla-Regular.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\ProggyClean.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\ProggyTiny.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\Roboto-Medium.ttf
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\fonts\binary_to_compressed_c.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\freetype\README.md
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\freetype\imgui_freetype.cpp
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\freetype\imgui_freetype.h
BloonsATTDTrainer\BloonsATTDTrainer\vendor\ImGui\misc\single_file\imgui_single_file.h

Sharing

General

Malware Config

Signatures

Files

c83d7ed6e919a7fdfc5ddf41cb676d82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

d3d9

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 244KB - Virtual size: 244KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 568B

.text
Size: 244KB - Virtual size: 244KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 568B