BodycamExternal_[unknowncheats[.]me]_[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

BodycamExternal_[unknowncheats.me]_.exe
Size

212KB
MD5

bfee3edaa934b42765b9cd693a812e56
SHA1

3d44a7005e9fec025ada3efa76b409119b55cd71
SHA256

dfdd57230e773adaace3a5021eb40dfc0664fd535850e32e7218cc1952df829f
SHA512

b7be0dcc13d53eaa75844f3515cebabe0be4fdd1bb110613a9c03f8b9402abece9b3e87531c4c9ad469650dfa7ddf30ba03f678362e6406d3563455eec38a0ac
SSDEEP

6144:CNq3sb1nfU5cSHE1SINs1yStVqvOnQd8f:AcsbBWIRakScOnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BodycamExternal_[unknowncheats.me]_.exe

Files

BodycamExternal_[unknowncheats.me]_.exe
.exe windows:6 windows x64 arch:x64

0412def44d79b046d9c1043db0fb6891

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\admin\source\repos\BodycamExternal\x64\Release\BodycamExternal.pdb

Imports

d3d9

Direct3DCreate9Ex

dwmapi

DwmExtendFrameIntoClientArea

kernel32

OpenProcess
SetConsoleTitleW
WriteProcessMemory
ReadProcessMemory
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
CreateToolhelp32Snapshot
CloseHandle
Module32FirstW
WideCharToMultiByte
Module32NextW
AcquireSRWLockExclusive
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
ReleaseSRWLockExclusive
GetCurrentProcessId

user32

ScreenToClient
GetActiveWindow
UpdateWindow
SetCursor
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindowThreadProcessId
GetWindow
GetWindowRect
DestroyWindow
GetKeyState
SetWindowPos
ShowWindow
GetAsyncKeyState
DispatchMessageW
ClientToScreen
CreateWindowExA
RegisterClassExA
FindWindowA
GetDesktopWindow
PeekMessageW
GetClientRect
SetWindowLongW
LoadCursorW
LoadIconW
TranslateMessage
GetForegroundWindow
DefWindowProcA
SetLayeredWindowAttributes

msvcp140

?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__current_exception_context
__current_exception
strstr
memmove
memcpy
memchr
__std_terminate
__std_exception_copy
__C_specific_handler
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_beginthreadex
terminate
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_set_app_type
_exit
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fclose
ftell
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fseek
__acrt_iob_func
fflush

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

tanf
floorf
sinf
sqrt
sqrtf
fmodf
pow
cosf
__setusermatherr
ceilf
atan2
asin

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0412def44d79b046d9c1043db0fb6891

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

dwmapi

kernel32

user32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 220B

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 220B