General
-
Target
Neverlose.zip
-
Size
80.5MB
-
MD5
eb06ee30a526bbd06b279377b9015690
-
SHA1
0477c890ed884b44ca859de1dc1fa0164b5da4f5
-
SHA256
b89e013e23131a66d168122479126b8d97ba0051e91649f147f3dd37e2013fd2
-
SHA512
b4778b6e7e835de05a6b1617a6f2158e7621abf85bf034e129f45b437beff060f5ce5eaeb29bec4aee82d641a2cea9655c0c70d8e7a7d77d3c512d26a1658583
-
SSDEEP
1572864:9TxkvnVaOZjorpD+W3prNKD2kl1PmO4Pc4ykD0aS2pIZEYHIIR:aV2dDx3JNsjjOOOvfyEYHTR
Malware Config
Signatures
-
Detect Pysilon 1 IoCs
resource yara_rule static1/unpack002/source_prepared.pyc pysilon -
Pysilon family
-
resource yara_rule static1/unpack001/CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose_crack.dll vmprotect -
Detects Pyinstaller 1 IoCs
resource yara_rule static1/unpack001/CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose.exe pyinstaller -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose.exe unpack001/CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose_crack.dll unpack001/CS İNTERNAL/CS_İNTERNAL_CHEAT/cs2_cheat.dll
Files
-
Neverlose.zip.zip
-
CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose.exe.exe windows:5 windows x64 arch:x64
2ac23c52e7647c5bbea38e98bb68c652
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
CreateWindowExW
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW
comctl32
ord380
kernel32
GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
GetCurrentDirectoryW
GetOEMCP
GetCPInfo
GetModuleHandleW
MulDiv
GetLastError
FormatMessageW
GetModuleFileNameW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
GetEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
LocalFree
SetConsoleCtrlHandler
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
ExpandEnvironmentStringsW
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
advapi32
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
gdi32
SelectObject
DeleteObject
CreateFontIndirectW
Sections
.text Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
discord_token_grabber.pyc
-
get_cookies.pyc
-
misc.pyc
-
passwords_grabber.pyc
-
source_prepared.pyc
-
CS İNTERNAL/CS_İNTERNAL_CHEAT/Neverlose_crack.dll.dll windows:6 windows x86 arch:x86
a224a5debd9bac0cd86ca6f57b4d1aee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalLock
GlobalUnlock
GetCurrentProcess
GetStdHandle
GetModuleHandleA
K32GetModuleInformation
SetStdHandle
GetCurrentProcessId
FreeLibraryAndExitThread
Sleep
CreateThread
SetUnhandledExceptionFilter
VirtualProtect
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GlobalFree
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
GetExitCodeProcess
WaitForSingleObject
DeleteFileW
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
WriteFile
GlobalAlloc
GetCurrentDirectoryA
GetSystemTimePreciseAsFileTime
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleFileNameW
SystemTimeToFileTime
QueryPerformanceFrequency
GetCommandLineA
FileTimeToSystemTime
SetLastError
FlushInstructionCache
FreeLibrary
GetProcAddress
GetLastError
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
LocalFree
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
GetTempPathW
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
ReadFile
ExitProcess
GetModuleHandleExW
DuplicateHandle
CreateProcessW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
SetClipboardData
GetDesktopWindow
GetClipboardData
SetWindowLongA
CallWindowProcA
PostQuitMessage
MapVirtualKeyA
FindWindowA
MessageBoxA
ScreenToClient
GetCursorPos
GetCapture
SetCapture
ReleaseCapture
SetRect
GetKeyState
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
RemoveFontMemResourceEx
AddFontMemResourceEx
advapi32
GetUserNameA
d3dx9_43
D3DXCreateFontA
D3DXCreateSprite
D3DXCreateTextureFromFileInMemoryEx
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 475KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
CS İNTERNAL/CS_İNTERNAL_CHEAT/cs2_cheat.dll.dll .ps1 windows:6 windows x64 arch:x64 polyglot
79c66a30e47eefd8540bd8607a32f598
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GlobalUnlock
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
LoadCursorA
imm32
ImmReleaseContext
d3dcompiler_47
D3DCompile
Sections
.text Size: - Virtual size: 382KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xorstr0 Size: - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xorstr1 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xorstr2 Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 233B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
CS İNTERNAL/CS_İNTERNAL_CHEAT/workspace/IY_FE.iy
-
CS İNTERNAL/CS_İNTERNAL_CHEAT/workspace/UISettings.ttwizz