replay_editor[.]rar

Resubmissions

27/07/2024, 01:14

240727-bl2pcaxcnl 3

27/07/2024, 01:11

240727-bj5m8axarn 4

Sharing

Copy URL Twitter E-mail

General

Target

replay_editor.rar
Size

463KB
MD5

05fc7f06f4aaadf167fb6679bf59115c
SHA1

0679388979049fb34a4ac6afccf45ddc36f1a3ab
SHA256

36f760a7b19f898a6ac1ebebfbab92cb86e8e122dea76d9690e4d1f7f09d014f
SHA512

b3742425466f53ff4dd66a9f2a10aa554b00ea5a9c6c57fd863905b2776e9392dae5362d622383d600bd68b184546e37dc9c04894c32645d95af47b45e561476
SSDEEP

12288:zU9YNaPk2o4HeshvxkTLF5QwkvL2gx4HFqN:zU9Y1z7sUh5eCgxI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/re osu/bass.dll
unpack001/re osu/bass_fx.dll
unpack001/re osu/rp.exe

Files

replay_editor.rar
.rar

Password: 1488
re osu/bass.dll
.dll windows:4 windows x86 arch:x86

Password: 1488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 116KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
re osu/bass_fx.dll
.dll windows:4 windows x86 arch:x86

Password: 1488

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_FX_BPM_BeatCallbackReset
BASS_FX_BPM_BeatCallbackSet
BASS_FX_BPM_BeatDecodeGet
BASS_FX_BPM_BeatFree
BASS_FX_BPM_BeatGetParameters
BASS_FX_BPM_BeatSetParameters
BASS_FX_BPM_CallbackReset
BASS_FX_BPM_CallbackSet
BASS_FX_BPM_DecodeGet
BASS_FX_BPM_Free
BASS_FX_BPM_Translate
BASS_FX_GetVersion
BASS_FX_ReverseCreate
BASS_FX_ReverseGetSource
BASS_FX_TempoCreate
BASS_FX_TempoGetRateRatio
BASS_FX_TempoGetSource

Sections

Size: 30KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

petite
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
re osu/imgui.ini
re osu/rp.exe
.exe windows:6 windows x86 arch:x86

Password: 1488

1bdf020b59bd965510d8ad7e6710ad61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\cppReplayEditor\out\Release\replayEditor.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

bass

BASS_Init
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelSetPosition
BASS_StreamCreateFile
BASS_ChannelSetAttribute
BASS_ChannelIsActive
BASS_ChannelSeconds2Bytes
BASS_PluginLoad
BASS_ChannelGetPosition
BASS_ChannelBytes2Seconds
BASS_ChannelGetAttribute
BASS_ChannelGetLength

bass_fx

BASS_FX_TempoCreate

kernel32

LocalFree
FormatMessageA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetLastError
SetCurrentDirectoryW
CloseHandle
ResetEvent
CreateSemaphoreW
GetCurrentProcess
TerminateProcess
GetModuleHandleW
InitializeSListHead
GetCurrentDirectoryW
AreFileApisANSI
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetEvent

user32

EmptyClipboard
DispatchMessageA
DestroyWindow
ShowWindow
MessageBoxA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
IsChild
CloseClipboard
OpenClipboard
SetClipboardData
GetCursorPos
SetCursorPos
ReleaseCapture
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
GetClipboardData

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameA

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

msvcp140

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ

vcruntime140

__current_exception
_CxxThrowException
__std_terminate
memset
memmove
_except_handler4_common
__current_exception_context
memcpy
__CxxFrameHandler3
strstr
__std_exception_copy
__std_exception_destroy
memchr

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
ftell
fseek
_get_stream_buffer_pointers
__p__commode
_fseeki64
fsetpos
ungetc
fwrite
setvbuf
fgetpos
_set_fmode
__stdio_common_vfprintf
fgetc
__stdio_common_vsprintf_s
_wfopen
fputc
fclose
__stdio_common_vsprintf
__stdio_common_vsscanf
fread

api-ms-win-crt-string-l1-1-0

isspace
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtol
strtod
strtoll
strtof
atof

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_errno
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_controlfp_s
_set_app_type
terminate
_configure_narrow_argv
_seh_filter_exe
_cexit
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_crt_atexit
_register_onexit_function
_beginthreadex

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
ceil
floor
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
round
log2
__setusermatherr
_CIfmod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 1488

Password: 1488

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 116KB - Virtual size: 320KB

.rsrc Size: 1024B - Virtual size: 4KB

Size: - Virtual size: 8KB

petite Size: 3KB - Virtual size: 3KB

Password: 1488

Headers

File Characteristics

Exports

Exports

Sections

Size: 30KB - Virtual size: 60KB

.rsrc Size: 600B - Virtual size: 4KB

Size: - Virtual size: 4KB

petite Size: 1KB - Virtual size: 1KB

Password: 1488

1bdf020b59bd965510d8ad7e6710ad61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

bass

bass_fx

kernel32

user32

comdlg32

advapi32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 370KB - Virtual size: 369KB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 26KB - Virtual size: 38KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 4KB

petite
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 600B - Virtual size: 4KB

petite
Size: 1KB - Virtual size: 1KB

.text
Size: 370KB - Virtual size: 369KB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 26KB - Virtual size: 38KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB