Ferrarihook loader_LYelu4tCU2255KL[.]rar

Resubmissions

30/06/2024, 21:50

240630-1p8dqszejj 3

30/06/2024, 21:42

240630-1kpqtswflg 4

Sharing

Copy URL Twitter E-mail

General

Target

Ferrarihook loader_LYelu4tCU2255KL.rar
Size

195KB
MD5

57c7eeb2fbd4b821e5125f4c06861938
SHA1

130fbef91a9d5fe9162e12bedd2fbe7d728eb17e
SHA256

5faafcbba868b2690d1f69b2be70a487456ba679b2a6ba24cfc49e557aafc01e
SHA512

4b386383c4f1e6b537f078bc050ff4a998b61f1418a0c2722f92ec9dfbd219feb6bd7ac2f308484be9d02d1936406f162e28704c7e42e3ef06651d9336c6d6e8
SSDEEP

6144:wpJIvYPTxFIJ+C38KuNaCo1SaTAMHTIJ8ofqsqo/dbP:wpO8eUC5jP1nMoyhj/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ferrarihook loader.exe

Files

Ferrarihook loader_LYelu4tCU2255KL.rar
.rar

Password: 123
Cheater.Ninja.url
.url
CheaterMAD.url
.url
Ferrarihook loader.exe
.exe windows:6 windows x64 arch:x64

Password: 123

bbe6feeb4dfc438ed27bdc6af6b6e957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\aapox\Downloads\Simple-Manual-Map-Injector-master\Ferrari Loader\x64\Release\Ferrarihook loader.pdb

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
SetConsoleTitleA
GetCurrentProcess
ReadProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsWow64Process
GetCurrentProcessId
VirtualAllocEx
GetProcAddress
VirtualProtectEx
CloseHandle
LoadLibraryA
GetLastError
Sleep
RtlAddFunctionTable
GetFileAttributesW
WriteProcessMemory
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

msvcp140

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
memcpy
__std_terminate
__std_exception_destroy
__std_exception_copy
memmove

api-ms-win-crt-stdio-l1-1-0

fread
fsetpos
_get_stream_buffer_pointers
__p__commode
__stdio_common_vfprintf
__acrt_iob_func
ungetc
setvbuf
fgetpos
fwrite
fputc
fgetc
__stdio_common_vfwprintf
fclose
fflush
_fseeki64
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
_get_initial_wide_environment
_initialize_wide_environment
__p___wargv
_cexit
_set_app_type
_register_thread_local_exe_atexit_callback
system
_seh_filter_exe
__p___argc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_configure_wide_argv
terminate
_invalid_parameter_noinfo_noreturn
_c_exit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ferrarihook loader.pdb

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

bbe6feeb4dfc438ed27bdc6af6b6e957

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 160B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 160B