Static task
static1
General
-
Target
BloodyCS2Free.rar
-
Size
1.3MB
-
MD5
7d9c24a838a7a8154d976bbc4e28bb98
-
SHA1
4915fb7b1b371843174e030abebb2cb13abe3dfa
-
SHA256
c613c1a0a8a57714aaed8fb31bff7cfa215c2f26237fac78fac3ec525d10c8ca
-
SHA512
3ec18580678abc69d551e0042585fb0601f5445b01374c154df67011033379e8bdea64189cb63bd6aff48f9e787e30bcd53bfa590d497dab6bb3a9d08a796f58
-
SSDEEP
24576:Q9AzmwiVc7255aChQpjOilvM6Z5FtmOpXo5N2CSa480mJ6XNanYd0v0wn94qQU6H:tsc7253qpjOskI5W0Y5ACfJ6XcnYd0vm
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/BloodyCS2/Extreme Injector v3.exe unpack001/BloodyCS2/bloody.dll
Files
-
BloodyCS2Free.rar.rar
-
BloodyCS2/Extreme Injector v3.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
BloodyCS2/READ ME BEFORE.txt
-
BloodyCS2/bloody.dll.dll windows:6 windows x64 arch:x64
39f6ac50f3c95077478b1178a5b585dd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
GetLastError
CloseHandle
AreFileApisANSI
GetTempPathW
GetFileAttributesW
IsDebuggerPresent
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
shell32
ShellExecuteW
msvcp140
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
urlmon
URLDownloadToFileW
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_copy
__C_specific_handler
memcpy
__std_type_info_destroy_list
__std_exception_destroy
_CxxThrowException
memset
memmove
api-ms-win-crt-heap-l1-1-0
free
_callnewh
malloc
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_cexit
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ