Raid0[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Raid0.zip
Size

3.1MB
MD5

f8cc1a7e4916c3063f8c9bb895da43ce
SHA1

814f442ce0be8f8bf16aa3945c48d5d545cfe0ef
SHA256

f1031afa5a6d8e8dfa09cd19b4d6083532e8858bd939dfd2c26530b7716601bc
SHA512

017d7f4515bfc187c3bf352be460051362f267c1c0594a5ea5c59f0e42dc1328334560382e532723d495c6194b0edb08f061626e4744ccd6a0e78858967b4b34
SSDEEP

98304:78srzDERLS7Uvy27eH8srzDnbR5LI1vy27p7:5rX0LIUvFS9rXnXLI1vFl7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/raid0 (autoclicker deviation fixed, latest).dll
unpack002/raid0 (original client).dll

Files

Raid0.zip
.zip
Raid0.rar
.rar
raid0 (autoclicker deviation fixed, latest).dll
.dll windows:6 windows x64 arch:x64

653e1e8c5ea09168601e0db9e5fb806b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\chann\Documents\dev\raid0\out\Release\internal.pdb

Imports

winmm

PlaySoundA

jvm

gHotSpotVMLongConstants
gHotSpotVMTypes
gHotSpotVMStructs
gHotSpotVMIntConstants
JNI_GetCreatedJavaVMs

ws2_32

WSACleanup
setsockopt
getnameinfo
freeaddrinfo
recv
inet_pton
getsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
WSAGetLastError
inet_ntop
htons
connect
WSAIoctl
recvfrom
sendto
htonl
__WSAFDIsSet
ioctlsocket
ntohs
gethostname
accept
bind
closesocket
select
shutdown
listen
WSASocketW
getaddrinfo
WSAStartup
getpeername
getsockname
send
socket

opengl32

glPopMatrix
glViewport
glBindTexture
glGenTextures
glEnable
glMatrixMode
glBlendFunc
glTexParameteri
glDeleteTextures
glTexImage2D
glDisable
glPushMatrix
glPixelStorei
glGetIntegerv
glDepthMask
glEnd
glLineWidth
glBegin
glColor4f
glLoadMatrixf
glVertex3f

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
InterlockedFlushSList
GetTickCount64
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetLocaleInfoA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
SetStdHandle
CloseHandle
HeapAlloc
HeapDestroy
GetDateFormatW
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
FreeLibraryAndExitThread
DisableThreadLibraryCalls
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExW
GetModuleFileNameW
GetThreadTimes
GetCurrentThread
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetCPInfo
CompareStringEx
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetThreadContext
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
RtlUnwind
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
HeapReAlloc
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
RtlPcToFileHeader
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetSystemDirectoryW
LoadLibraryW
SleepEx
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW

user32

GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ScreenToClient
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetAsyncKeyState
GetMessageExtraInfo
GetKeyState
ReleaseCapture
SetWindowLongPtrA
GetWindowDisplayAffinity
ClipCursor
GetClipCursor
WindowFromDC
CallWindowProcW
MessageBoxA
ShowWindow
SendMessageW
LoadCursorA

gdi32

GetObjectType

advapi32

RegOpenKeyExA
RegCreateKeyExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

bcrypt

BCryptGenRandom

crypt32

CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertGetNameStringW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
raid0 (original client).dll
.dll windows:6 windows x64 arch:x64

653e1e8c5ea09168601e0db9e5fb806b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\chann\Documents\dev\raid0\out\Release\internal.pdb

Imports

winmm

PlaySoundA

jvm

gHotSpotVMLongConstants
gHotSpotVMTypes
gHotSpotVMStructs
gHotSpotVMIntConstants
JNI_GetCreatedJavaVMs

ws2_32

WSACleanup
setsockopt
getnameinfo
freeaddrinfo
recv
inet_pton
getsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
WSAGetLastError
inet_ntop
htons
connect
WSAIoctl
recvfrom
sendto
htonl
__WSAFDIsSet
ioctlsocket
ntohs
gethostname
accept
bind
closesocket
select
shutdown
listen
WSASocketW
getaddrinfo
WSAStartup
getpeername
getsockname
send
socket

opengl32

glPopMatrix
glViewport
glBindTexture
glGenTextures
glEnable
glMatrixMode
glBlendFunc
glTexParameteri
glDeleteTextures
glTexImage2D
glDisable
glPushMatrix
glPixelStorei
glGetIntegerv
glDepthMask
glEnd
glLineWidth
glBegin
glColor4f
glLoadMatrixf
glVertex3f

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitThread
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
InterlockedFlushSList
GetTickCount64
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetLocaleInfoA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
SetStdHandle
CloseHandle
HeapAlloc
HeapDestroy
GetDateFormatW
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
UnmapViewOfFile
CreateFileA
CreateFileMappingA
GetFileSize
MapViewOfFile
FreeLibraryAndExitThread
DisableThreadLibraryCalls
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExW
GetModuleFileNameW
GetThreadTimes
GetCurrentThread
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetCPInfo
CompareStringEx
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetThreadContext
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
RtlUnwind
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
HeapReAlloc
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
RtlPcToFileHeader
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetSystemDirectoryW
LoadLibraryW
SleepEx
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW

user32

GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ScreenToClient
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetAsyncKeyState
GetMessageExtraInfo
GetKeyState
ReleaseCapture
SetWindowLongPtrA
GetWindowDisplayAffinity
ClipCursor
GetClipCursor
WindowFromDC
CallWindowProcW
MessageBoxA
ShowWindow
SendMessageW
LoadCursorA

gdi32

GetObjectType

advapi32

RegOpenKeyExA
RegCreateKeyExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

bcrypt

BCryptGenRandom

crypt32

CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertGetNameStringW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

653e1e8c5ea09168601e0db9e5fb806b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

jvm

ws2_32

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

bcrypt

crypt32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 1.0MB - Virtual size: 1.1MB

.pdata Size: 81KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

653e1e8c5ea09168601e0db9e5fb806b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

jvm

ws2_32

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

bcrypt

crypt32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 1.0MB - Virtual size: 1.1MB

.pdata Size: 81KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 1.0MB - Virtual size: 1.1MB

.pdata
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 1.0MB - Virtual size: 1.1MB

.pdata
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 8KB