09-07-2024_Fz395PHStsUphx7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

09-07-2024_Fz395PHStsUphx7.zip
Size

626KB
MD5

b9411927aaed604cf91ba8b9e8a05b5d
SHA1

ee26e36446689ee695fa95f0f785f4cd184ce329
SHA256

4e97ae93eeb2417495e8e35a59dee2efb68b415da2eeadcfd8c1c35befc4894e
SHA512

9ad66e5859894f69130437d760133e0916d64dbc2492d19599f133549410122748244e9ce446f980b964dfaec04888b451a27b63a36bd7a33d40c2758717552c
SSDEEP

12288:DQGe2tyoqlY03IxvE1wbMukE4vQ3BsPR2hI1xfXIdJziwsOD:YM1TEoM0VBWRjxfXIdJGwL

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SotCam_cheater.fun/SotCam 3.0.4.dll
unpack001/SotCam_cheater.fun/SotCamLoader.exe

Files

09-07-2024_Fz395PHStsUphx7.zip
.zip

Password: 123
SotCam_cheater.fun/SotCam 3.0.4.dll
.dll windows:6 windows x64 arch:x64

Password: 123

db6e102dfac477c6bab0e74bb9741417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\psp\Desktop\SotCam\SotCam\x64\Release\SotCam.pdb

Imports

msvcp140

?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_FExp
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Winerror_map@std@@YAHH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

user32

SetWindowLongPtrW
SetWindowLongPtrA
MessageBoxW
GetAsyncKeyState
CallWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SendInput

kernel32

TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
GetModuleFileNameW
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
WriteFile
ReadFile
CreateFileW
FreeConsole
AllocConsole
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
GetCurrentProcessId
Sleep
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
VirtualQuery
VirtualFree
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
GetProcAddress
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
K32GetModuleInformation
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
AreFileApisANSI
GetLastError
HeapCreate
GetThreadContext
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

vcruntime140

__current_exception_context
__std_type_info_destroy_list
__C_specific_handler
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception
memchr
memcmp
memcpy
memmove
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
system
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initterm_e
_beginthreadex
_cexit
terminate

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp
towlower
isdigit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc

api-ms-win-crt-math-l1-1-0

copysignf
ilogbf
scalbnf
truncf
pow
atan2f
cos
cosf
logf
powf
sin
sinf
sqrtf
tanf
log
_fdsign
acosf
fmodf
ldexp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fread
_wfopen
__stdio_common_vsprintf_s
freopen_s
fclose
fflush
__stdio_common_vsscanf
fwrite
ftell
fseek
__stdio_common_vsprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SotCam_cheater.fun/SotCamLoader.exe
.exe windows:6 windows x64 arch:x64

Password: 123

2f69e9ae88b384921ffe26c4c318b5b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Module32Next
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32Next
TerminateProcess
LoadLibraryW
VirtualAllocEx
LocalFree
CreateRemoteThread
VirtualFreeEx
GetSystemTimeAsFileTime
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
CloseHandle
WriteProcessMemory
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
FormatMessageA
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memchr
memset
__current_exception_context
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf
fflush

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
exit

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

strcmp

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

db6e102dfac477c6bab0e74bb9741417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_47

xinput1_4

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 578KB - Virtual size: 577KB

.rdata Size: 489KB - Virtual size: 488KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 464B

Password: 123

2f69e9ae88b384921ffe26c4c318b5b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 168B

.text
Size: 578KB - Virtual size: 577KB

.rdata
Size: 489KB - Virtual size: 488KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 168B