26-07-2024_5OynSAoQPS29OfR[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

26-07-2024_5OynSAoQPS29OfR.zip
Size

4.0MB
MD5

e27f815e80258387ab8d30b4510363dc
SHA1

24fff91d08cdeb0c5b310950064df76e9a862c2e
SHA256

1daf50b53a01f869d5705b8584a4aa166db4f728b56c6d29e2057d1186a550f8
SHA512

b4f481058092f1f85db3b839672d3811fe9f04224a3a1699eb437d380965ccd86a200e2de6a6fee04fc70d4d8f5c592493862823942b08ac35be26879a04f414
SSDEEP

98304:N3ywb5VxztXs1+iP/O0xthc3dxiBvj82aFoJtRT:NNfXv8xnGZfFeT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Family.dll
unpack001/RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Loader.exe

Files

26-07-2024_5OynSAoQPS29OfR.zip
.zip

Password: 123
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/All Hacks, Cheats, Injectors.url
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Family.dll
.dll windows:6 windows x64 arch:x64

Password: 123

f2a06667e4a4f04d24de3e7296b966d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
GetCurrentThread
VirtualQuery
GetModuleFileNameA
Sleep
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
FreeResource
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
DebugBreak
SetConsoleTextAttribute
FindFirstFileA
LoadLibraryA
FindNextFileA
FindClose
ExitProcess
K32EnumProcessModules
K32GetModuleBaseNameA
GetCurrentProcess
WriteProcessMemory
ReadProcessMemory
K32GetModuleInformation
FreeLibraryAndExitThread
CreateThread
FreeConsole
SetConsoleOutputCP
SetConsoleTitleA
GetStdHandle
AllocConsole
GetCurrentProcessId
AttachConsole
GetProcAddress
GetModuleHandleW
GetModuleHandleExA
CreateFiber
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
FreeLibrary
GetFileInformationByHandle
GetFileAttributesExW
GetTickCount64
FindFirstFileExW
DeleteFileW
CreateFileW
CreateDirectoryW
QueryPerformanceFrequency
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FormatMessageW
AreFileApisANSI
SetLastError
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
RtlCaptureContext
OutputDebugStringA
GetModuleFileNameW
RaiseException
RtlPcToFileHeader
SuspendThread
GetTickCount
IsDebuggerPresent
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResumeThread
GetVersionExA
RtlVirtualUnwind
LoadLibraryW
RtlLookupFunctionEntry
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetThreadContext
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
HeapCreate
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
VirtualProtect
SetThreadAffinityMask
GetProcessAffinityMask
HeapFree
Thread32Next
Thread32First
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
ChangeTimerQueueTimer
CreateTimerQueueTimer
HeapReAlloc
HeapAlloc
HeapDestroy
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
SetEvent
CreateTimerQueue
LoadLibraryExW
GetSystemInfo
VirtualAlloc
VirtualFree
OpenThread
SetThreadContext
FlushInstructionCache
RemoveDirectoryW

user32

GetKeyNameTextA
FindWindowA
GetForegroundWindow
keybd_event
OpenClipboard
GetClipboardData
CloseClipboard
SendInput
GetClientRect
SetWindowLongPtrW
CallWindowProcW
GetAsyncKeyState
MapVirtualKeyA
GetWindowRect
MessageBoxA

shell32

ShellExecuteA

winmm

timeGetTime

wininet

HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA

vcruntime140

__processing_throw
__current_exception
memcmp
memchr
__uncaught_exception
memset
memmove
memcpy
_CxxThrowException
strstr
__C_specific_handler
__AdjustPointer
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
__RTDynamicCast
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
terminate
_errno
_cexit
abort
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_seh_filter_dll
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

strncpy
strcspn
isupper
_wcsdup
_strdup
islower
strncpy_s
isspace
tolower
__strncnt
isalnum
strcmp

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vsprintf
_wfsopen
_fsopen
fseek
fflush
__acrt_iob_func
setvbuf
getchar
fgetc
ungetc
fclose
_getcwd
__stdio_common_vsnprintf_s
fread
_get_stream_buffer_pointers
_fseeki64
fwrite
fgetpos
__stdio_common_vsprintf_s
fsetpos

api-ms-win-crt-filesystem-l1-1-0

rename
_findclose
_lock_file
_unlock_file
_findnext64i32
_findfirst64i32
_stat64i32

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-convert-l1-1-0

strtod
atof
strtof
atoi

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
clock
_localtime64_s
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___lc_locale_name_func
_unlock_locales
_lock_locales
___mb_cur_max_func
__pctype_func
setlocale
localeconv

api-ms-win-crt-math-l1-1-0

modf
_finite
_isnan
frexp
_ldtest
_ldsign
_dsign
cos
cosf
sqrt
exp
sin
pow
sinf
sqrtf
_dtest
ldexp
powf

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

?createTexture@@YAHPEBD@Z
?drawTexture@@YAXHHHHMMMMMMMMMMMM@Z
?getGameVersion@@YA?AW4eGameVersion@@XZ
?getGlobalPtr@@YAPEA_KH@Z
?keyboardHandlerRegister@@YAXP6AXKGEHHHH@Z@Z
?keyboardHandlerUnregister@@YAXP6AXKGEHHHH@Z@Z
?nativeCall@@YAPEA_KXZ
?nativeInit@@YAX_K@Z
?nativePush64@@YAX_K@Z
?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?scriptRegisterAdditionalThread@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?scriptUnregister@@YAXP6AXXZ@Z
?scriptUnregister@@YAXPEAUHINSTANCE__@@@Z
?scriptWait@@YAXK@Z
?worldGetAllObjects@@YAHPEAHH@Z
?worldGetAllPeds@@YAHPEAHH@Z
?worldGetAllPickups@@YAHPEAHH@Z
?worldGetAllVehicles@@YAHPEAHH@Z

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Hotkeys.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/de_DE.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/en_GB.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/ru_RU.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/tr_TR.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/zh_CN.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Language/zh_TW.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Loader.exe
.exe windows:6 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Settings.json
RDR2 Family Menu 1.1.3/RDR2_Family_Menu_1_1_3/Virtual-Key_Codes.png
.png

Password: 123

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f2a06667e4a4f04d24de3e7296b966d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

winmm

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 42KB - Virtual size: 661KB

.pdata Size: 169KB - Virtual size: 168KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 99KB - Virtual size: 98KB

Password: 123

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 40KB

Size: 17KB - Virtual size: 20KB

. Size: 1KB - Virtual size: 4KB

Password: 123

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 42KB - Virtual size: 661KB

.pdata
Size: 169KB - Virtual size: 168KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 99KB - Virtual size: 98KB

.
Size: 1KB - Virtual size: 4KB