gurcu | Autorisoft[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Autorisoft.zip
Size

17.9MB
MD5

5b879f39e57139ab17300879afa61554
SHA1

a18eab8e257c611f72ea92833584fff0ffaea1f2
SHA256

645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65
SHA512

54814430828c204a8b606c000e2efc1fb2586f41c322ebae44d9eba4d297db473d37b520fac02c1bf88407a8a9138a3e7de502e27e32745cd4c96d54c9994ac0
SSDEEP

393216:ZE8wps0kxrkXICtuuL8qgk/H0uxE14p4RToEXkk6hFFh:m2BxoXI6gk/H0u/p4nXkke5

Score

10^/10

gurcu

Malware Config

Signatures

Gurcu family
gurcu

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/internal/main.dll

Files

Autorisoft.zip
.zip

Password: 123
Start.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a5:ac:af:b5:fd:ca:6f:8b:5d:66:d1:33:9a:5d:85
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-10-2021 00:00

Not After

12-10-2024 23:59

Subject

CN=Valve,O=Valve,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:4b:73:14:11:35:47:6f:7c:a8:c1:96:99:68:0d:0e:f4:5a:1c:ac:ff:2c:b5:b0:ad:de:e5:e3:8a:6a:d9:fb
Signer

Actual PE Digest

3a:4b:73:14:11:35:47:6f:7c:a8:c1:96:99:68:0d:0e:f4:5a:1c:ac:ff:2c:b5:b0:ad:de:e5:e3:8a:6a:d9:fb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gui.lua
internal/extensions/CMemoryBlock.lua
internal/extensions/CNativeReg.lua
internal/extensions/CScriptThread.lua
internal/extensions/CScriptThread_EventHandlers.lua
internal/extensions/CScriptThread_Timers.lua
internal/extensions/Vector.lua
internal/extensions/keycodes.lua
internal/extensions/vehicles.lua
internal/game/AI.lua
internal/game/Blip.lua
internal/game/Entity.lua
.js
internal/game/Object.lua
internal/game/Ped.lua
internal/game/Player.lua
internal/game/Vehicle.lua
internal/game/game.lua
internal/game/graphics.lua
internal/game/gui.lua
.js
internal/game/gui/simple_menu.lua
.js
internal/game/streaming.lua
internal/game/timer.lua
internal/game/ui.lua
internal/main.dll
.dll windows:6 windows x86 arch:x86

Password: 123

8372f9bdb7b60abe16299d67674db3d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SwitchToThread
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

ShellExecuteA

ole32

CoCreateInstance

shlwapi

SHDeleteKeyW

user32

wsprintfW
CharUpperBuffW

advapi32

RegCreateKeyW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B
�mm��c;�Osb�s�S"�`��?�[�́en~V�_�w\x��i��7{�T��Ī��L�)j��M�� O �?-9E�|�7�NW�� [��;p��U�l{��`�(�<4��(Z��2u��`H*��P$�c�5��p��ɥ��0ǠU֙�E�G��q\{�U,}��:��lGX��iٮ��|��3U6��a��A��?!�coFR&uึm�5'@û��tHlK�� 0N�`$��ڴ��aA)# 0A��5�D��]#�G�%��Wq��~�*h�14=uj&�K��p��m��#?��D�+��O~5�,��]��9�l��棏�uw��60Cnl�a�l&��"�B�Q�t��% �=��kU�(��_Rj0r5�r��CN.~-�"�l�i[pD��N3��H�a�/E�!�_�=,��oXjR'�H_�*�T-e��/0��'�� kVI9�f��z�ҽB��n3�BBd��W��эZ�an��n6��H��b�]z��=0��3��l�M�6��h��}��>9��i'$��b��2Z��12�<�ͤ�)hD��co&_�#�8F��A�ٷ�ǣ�$��j5ש�g�l&ݬ�;�v��P��_e��3��]�j��pw��{+��q6 ��\��Y��<[email protected]�}�4@�rZ��,�xQf��6��+��W[��U$"�N��O��=u�cur��j�s��TȨ/�� n��.D2��+��9�+�J�� <A�ᑨi뻓_ P2�;G�4IՖ�<)X&砘8��7c<��_G,��'n\V%�0�.+>#�C��wi۽�6��Q8,�E#ef6H&�?a�Nm�JHDW��|Ys�I�η-� �Q��pH�`�˃_�~��҃��m�x��ࢡe3��Ĭ��e�M��ܣfȤK�n��Xi0�L}��Aq��.�� ˳�٣K�>K��R��]�ᄖ0��Z�qe��< ��ٶ��O��]�x=�`ۃKN:Eq�([*�̜֏W�?��O�J��v��/��P2q�xH��*%��v#�\pf�"w5۶A��b��+�1��#A�ٕ(�D��}��[�i\�af�|�!��#"k� 斱�%�hr��ӸgR�ɣ��f��Kɪ�|��j� �}��1��I5pt�Q�� g�Z��gn�c|6G�e|��0o�� c7��~n�I��ƀrl�nȡ:9�nm�r�@e� �*[e�Y�r��[t�{�ϰ�6*Dj߳��x��g��|ym��W�J��sgh�o�@I��:��'�;_�J�(��L��f��uc5<��h��K��\/V�I=2�-��.��̜vSĺ��Y�i_\*C�Ȗ�� .&h�/�2��{��Uw�>�|�2;��%�O15��48,��j��Wb)Kr²a� �q-f��x�B��~(��E�'q?��(��PW�~vY|uٕ]��B�Z��6��2��6;D��6ޓ$r ��&��+k�K=Ͽ#�o�G��ӕ��g�Е�9��g��C��l#MR�A}��A��ѳ��1� ��v�=��,OF��v��A��,{��q��dz�sC�ʩ�P��$B4��%AR�9�� E/(!2DG��o9�\/�3��C�k��>��X�1��D�7m��N%c�p7!!�C��Q�Ʉ�K��q2��؛o�G�c�n�1"�m�Õ��w�W�v��L�;g��3�f�sf.X9�R�O��j��[��29��*�F��Ǔ%�<��_�q�ޘ�b~�."�<��n�t'��V�+�<+9��<>=t �5��Il{��:%#�t$$�}S�S�X��d%��;�[]i�-�k�w��6��gh��1h�' @�,��.��d�6M5�oJ��Ut��_2�z�j7Q��6�d�Q$��/��E]U�H�(�� O,�u��r�+�z��\��u��:�Y�m��B��K�Zp\��c��˃��P�4h��Mz@��!=0��M+E�I�vE�$�^O��Tc�s��:N?��(Z3F�'��Dmg�?��ڇ^F�Q�!�L��aoH�n@�a[�2:��<�ܨH��OAൎ��&�3��ƙ��N��c}�2��T��ޯ`R"��-ð�1��;�E�a��f��?n�`Z=�7�9׳AP�q9�b��b,$��e�6!�q:��]�D?�d��,|,��m��HtH;��qaY^��TϨ��NA9h�k��xW6��lq@�~��*�լ�9�u�f�20��^��@��_h�s��n��.��{�2W{SE|�� O��n�!p��D��u J[G?�K`��}a�D�K V:�ma�]�K�� ;g��F1sT��\;_�>�7y��$�W��gh}��S�}9dw)�t�@��1m��@ԍJ��ǐt��Gd]�,a ��K!��v 9kR<&�KEU�V1�h��m�?��-mž(��؋�jW?�e:}�n�*e�{kV��W�%�l�f��H�E5��s�+�*8"晩O�tz��gb��p�W�Z��Q7z:��?�@3KC�#�/�:a��YLg�8��z #wlj��i��MM�]��"�g��x��'"��Q�v�C��f*��ߌ_�� Kao��7��Z�7=�Q��34#�E�;i] �X��׺1ɼV|�O�(��?�N�Ȧz�e�H��g�Hy�P��G��q�9@5��`��e�+&�k�V$a� I��ME�Sf:�m*ͺ��/��$q{pZX4wt�<`Ȫ�D ��

Sections

.text
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.midnigh
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.midnigh
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
internal/main.lua
internal/main_thread.lua
internal/modules/addon.lua
internal/modules/console/console.lua
internal/modules/console/default_commands.lua
internal/modules/event.lua
internal/modules/scripthookv.lua
main.lua
main_functions.lua
native_call_layout.ini
natives.ini

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:a5:ac:af:b5:fd:ca:6f:8b:5d:66:d1:33:9a:5d:85Certificate

Extended Key Usages

Key Usages

3a:4b:73:14:11:35:47:6f:7c:a8:c1:96:99:68:0d:0e:f4:5a:1c:ac:ff:2c:b5:b0:ad:de:e5:e3:8a:6a:d9:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 290KB - Virtual size: 289KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 123

8372f9bdb7b60abe16299d67674db3d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

shlwapi

user32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 501KB

.rdata Size: - Virtual size: 129KB

.data Size: - Virtual size: 11.3MB

.midnigh Size: - Virtual size: 3.7MB

.midnigh Size: 17.7MB - Virtual size: 17.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:a5:ac:af:b5:fd:ca:6f:8b:5d:66:d1:33:9a:5d:85
Certificate

3a:4b:73:14:11:35:47:6f:7c:a8:c1:96:99:68:0d:0e:f4:5a:1c:ac:ff:2c:b5:b0:ad:de:e5:e3:8a:6a:d9:fb
Signer

.text
Size: 290KB - Virtual size: 289KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 501KB

.rdata
Size: - Virtual size: 129KB

.data
Size: - Virtual size: 11.3MB

.midnigh
Size: - Virtual size: 3.7MB

.midnigh
Size: 17.7MB - Virtual size: 17.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B