ZaraSpoofy[.]exe

Resubmissions

08/07/2024, 17:21

240708-vw35psscpc 7

08/07/2024, 17:17

240708-vtrznazbmn 8

Sharing

Copy URL

Twitter E-mail

General

Target

ZaraSpoofy.exe
Size

3.4MB
MD5

a9acd4c89e62ccd9ca9ef6b22f7a260a
SHA1

22ae5fd16ccb7448089f18b0e4374b9109e2f747
SHA256

4f8b5c2b95c76f54dcd1f655747eaaa1134b71a64a6ec8b48bb1ad062f8a0cae
SHA512

aec48ed716902264a30a717faa0d025322b1cee4f06d3cd55ded7a58cfeceb2f98b2c1fd97d3ef18b3ae478b269b7ddcdc186ce75ce611dc421672a8a63453fe
SSDEEP

49152:7GM/GY8TYKLo2XnS08Sl2MtF0WXqAH4Snj2:qMML3dF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZaraSpoofy.exe

Files

ZaraSpoofy.exe
.exe windows:6 windows x64 arch:x64

64c752f261bab5b7860aa5aa2da5d47b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\OneDrive\Desktop\Spoofy.gg\Spoofer\x64\Release\Spoofy.gg Perm-Unban.pdb

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

ws2_32

bind
WSAGetLastError
send
recv
connect
getsockname
closesocket
getpeername
getsockopt
htons
ntohl
gethostname
ntohs
setsockopt
sendto
socket
WSASetLastError
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl

wldap32

ord35
ord79
ord217
ord30
ord200
ord301
ord32
ord211
ord60
ord45
ord50
ord41
ord143
ord22
ord33
ord46
ord27
ord26

advapi32

CryptGenRandom
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegEnumKeyExW
CryptCreateHash
CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

normaliz

IdnToAscii

kernel32

GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
GetLocaleInfoEx
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
OutputDebugStringW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
QueryPerformanceCounter
RtlCaptureContext
SetConsoleTextAttribute
GetStdHandle
WriteFile
CreateFileW
Sleep
CloseHandle
GetConsoleWindow
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateThread
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
FreeLibrary
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW

user32

DispatchMessageW
PeekMessageW
EnumWindows
TranslateMessage
PostQuitMessage
UpdateWindow
GetWindowTextW
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
CreateWindowExW
ScreenToClient
MessageBoxW
SetWindowTextW
RegisterClassExW
MessageBoxA
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
GetForegroundWindow
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
WindowFromPoint
UnregisterClassW

gdi32

GetDeviceCaps

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

xinput1_3

ord2
ord4

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setf@ios_base@std@@QEAAHHH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_function_call@std@@YAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

iphlpapi

GetAdaptersInfo

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
__current_exception
__current_exception_context
__C_specific_handler
memcpy
memcmp
memset
_CxxThrowException
__std_exception_destroy
strchr
strstr
__std_terminate
__std_exception_copy
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

fputc
_close
ftell
_wfopen
__acrt_iob_func
_pclose
feof
_open
fputs
fflush
fopen
fclose
_write
__p__commode
_lseeki64
_set_fmode
fgetc
fseek
__stdio_common_vsscanf
fread
_read
__stdio_common_vfprintf
fwrite
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
_popen
setvbuf
fgetpos
fgets
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

tolower
toupper
isupper
strncpy
strpbrk
strcmp
_strdup
strcspn
strspn
strncmp

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
malloc
_set_new_mode
calloc

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtoul
strtol
atoi
strtod

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_errno
_seh_filter_exe
_set_app_type
system
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__sys_nerr
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_getpid
_invalid_parameter_noinfo
_resetstkoflw
_invalid_parameter_noinfo_noreturn
terminate
strerror
exit
_beginthreadex
abort

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_lock_file
_stat64
_unlock_file
_unlink

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
strftime
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

fmodf
_dclass
sinf
cosf
ceilf
acosf
_hypotf
floorf
__setusermatherr
sqrtf

Sections

.text
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

64c752f261bab5b7860aa5aa2da5d47b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

d3d9

ws2_32

wldap32

advapi32

crypt32

normaliz

kernel32

user32

gdi32

shell32

ole32

xinput1_3

imm32

msvcp140

iphlpapi

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 952KB - Virtual size: 951KB

.rdata Size: 408KB - Virtual size: 407KB

.data Size: 2.1MB - Virtual size: 2.1MB

.pdata Size: 38KB - Virtual size: 37KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 952KB - Virtual size: 951KB

.rdata
Size: 408KB - Virtual size: 407KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.pdata
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 1KB