renafreev1[.]1-main (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

renafreev1.1-main (1).zip
Size

67KB
MD5

69a6bf4122d940f8b05cb7401c9f0c7d
SHA1

399940c02a85de545f484a93c1d4b0a282bf1279
SHA256

18f11e077beae130eec433c497740f176a0b937eb2cbfd033d8158c71c24cff5
SHA512

7663603e83a9c29a591749a3b5c9b3254ff53f2ce555a7ef9cc89c1394b2721c8ab2f10420e8a2fc65b24c63134fedf07d950c0d73ee7f6a875dcd185c8c32bf
SSDEEP

1536:lOgqdyuc/O3OVL2ZrjBrIPxTXTYAzrqjijCHNzl4JIlIrNzWgowSQ:lONwv8rNQxb8MqjieHNyJIlIcwSQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/renafreev1.1-main/RenaRACdisabler.exe
unpack001/renafreev1.1-main/RenaV1.1.dll

Files

renafreev1.1-main (1).zip
.zip
renafreev1.1-main/README.md
renafreev1.1-main/RenaRACdisabler.exe
.exe windows:6 windows x64 arch:x64

4cae379359c046b984704df21c4aa53a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\VallexPrime1907\Desktop\MinHookDisabler-master\x64\Debug\MinHook disabler.pdb

Imports

dbghelp

ImageNtHeader

kernel32

GetProcAddress
FreeLibrary
DebugActiveProcess
DebugActiveProcessStop
CloseHandle
OpenProcess
VirtualAllocEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
K32EnumProcessModulesEx
K32GetModuleBaseNameA
K32GetModuleFileNameExA
K32GetModuleInformation
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetCurrentThreadId

user32

FindWindowA
GetWindowThreadProcessId

msvcp140d

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

vcruntime140d

__std_type_info_destroy_list
__C_specific_handler_noexcept
__C_specific_handler
memchr
__current_exception_context
__std_exception_destroy
__std_exception_copy
memmove
memcpy
memcmp
__current_exception
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_CxxThrowException
__vcrt_LoadLibraryExW

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
strcpy_s
strcat_s
__stdio_common_vsprintf_s
__setusermatherr
_wmakepath_s
_wsplitpath_s
wcscpy_s
_configure_narrow_argv
_callnewh
_CrtDbgReportW
_malloc_dbg
_free_dbg
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_CrtDbgReport
strcmp
_invalid_parameter
_set_app_type
_seh_filter_exe
terminate
malloc

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 871B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
renafreev1.1-main/RenaV1.1.dll
.dll windows:6 windows x64 arch:x64

cbac0dd670b6d6b66f9726068e50d01c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\osman\OneDrive\Masaüstü\RenaV1.1 - Kopya\x64\Debug\RenaV1.1.pdb

Imports

kernel32

Sleep
GetCurrentThreadId
IsDebuggerPresent
RaiseException
TryAcquireSRWLockShared
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
AllocConsole
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
ReleaseSRWLockExclusive

user32

GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
ShowWindow
SetLayeredWindowAttributes
GetAsyncKeyState
GetDC
InvalidateRect

gdi32

SetTextColor
SelectObject
GetStockObject
DeleteObject
CreateFontW
TextOutW

jvm

JNI_GetCreatedJavaVMs

msvcp140d

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Lockit@std@@QEAA@H@Z

vcruntime140_1d

__CxxFrameHandler4

vcruntime140d

memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
__C_specific_handler_noexcept
__std_type_info_destroy_list
__current_exception
__current_exception_context
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy

ucrtbased

_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__stdio_common_vsprintf_s
strcat_s
strcpy_s
_free_dbg
_initterm_e
wcscpy_s
_CrtDbgReportW
malloc
_callnewh
sqrt
pow
_CrtDbgReport
_invalid_parameter
sin
cos
freopen_s
__acrt_iob_func
strlen
_beginthreadex
terminate
_wsplitpath_s
_wmakepath_s
_initterm
_cexit

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cae379359c046b984704df21c4aa53a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

user32

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 12KB - Virtual size: 12KB

.idata Size: 11KB - Virtual size: 11KB

.msvcjmc Size: 1024B - Virtual size: 871B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

cbac0dd670b6d6b66f9726068e50d01c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

jvm

msvcp140d

vcruntime140_1d

vcruntime140d

ucrtbased

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 312B

.textbss
Size: - Virtual size: 64KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 12KB - Virtual size: 12KB

.idata
Size: 11KB - Virtual size: 11KB

.msvcjmc
Size: 1024B - Virtual size: 871B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 312B