Static task
static1
General
-
Target
PassatHook-main.zip
-
Size
71.9MB
-
MD5
cd0db951b20b491d3a14c67b7c050cf1
-
SHA1
efcc0139ec49dd874a621e31c3557e0f150f4b65
-
SHA256
ed9d441ab485c6c445e10eb4dbbdc8e38b30d19ba7d87065394465b0ba4473c5
-
SHA512
15c23b202cc31988a6e1f466037c2fbfc81b118589e611bbdd00248c9476c9c71ac0df0585f6dcd15f778e911d69cbfc60531cf2a34d3a78f00195c01fca2442
-
SSDEEP
1572864:5iCC1e2HZqYwVa08OjRRlQlugzq/zNEl/BUWTP:5W1eVv8sv2s+l/6W
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/PassatHook-main/CS2/PassatHook.exe unpack001/PassatHook-main/CS2/VPK map parser/vphys_parser.exe unpack001/PassatHook-main/CSGO V2/PassatHook.dll
Files
-
PassatHook-main.zip.zip
-
PassatHook-main/CS2/PassatHook.exe.exe windows:6 windows x64 arch:x64
dc7dd91fcd9756baba709f54fb1ade5f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CreateDirectoryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetKeyState
gdi32
GetDeviceCaps
shell32
ShellExecuteA
msvcp140
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
winmm
PlaySoundA
imm32
ImmGetContext
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-stdio-l1-1-0
fflush
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
log
api-ms-win-crt-time-l1-1-0
_ctime64_s
api-ms-win-crt-string-l1-1-0
tolower
api-ms-win-crt-utility-l1-1-0
rand
advapi32
RegCreateKeyExW
Sections
.text Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 500KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.my] Size: - Virtual size: 8.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.SRU Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.[s| Size: 15.8MB - Virtual size: 15.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PassatHook-main/CS2/README.md
-
PassatHook-main/CS2/VPK map parser/Maps.7z.7z
-
ancient.tri
-
anubis.tri
-
baggage.tri
-
dust2.tri
-
inferno.tri
-
italy.tri
-
mirage.tri
-
nuke.tri
-
office.tri
-
overpass.tri
-
shoots.tri
-
vertigo.tri
-
PassatHook-main/CS2/VPK map parser/README.md
-
PassatHook-main/CS2/VPK map parser/vphys_parser.exe.exe windows:6 windows x64 arch:x64
98112bf0dbfe933454340f25b5c15042
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcp140
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
api-ms-win-crt-stdio-l1-1-0
setvbuf
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-runtime-l1-1-0
__p___argc
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-string-l1-1-0
isspace
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
kernel32
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
Sections
.text Size: - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.#bz Size: - Virtual size: 7.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.wyT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.]c_ Size: 12.0MB - Virtual size: 12.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PassatHook-main/CS2/showcase.png.png
-
PassatHook-main/CSGO V2/PassatHook.dll.dll windows:6 windows x86 arch:x86
595d5878ae517951ae8625f1a9267ad8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
shell32
SHGetKnownFolderPath
ShellExecuteW
ole32
CoTaskMemFree
user32
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CallWindowProcW
MessageBoxA
SetWindowLongW
ShowWindow
FindWindowW
FlashWindowEx
GetDC
GetCursorPos
kernel32
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStdHandle
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
ReadFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WriteFile
FreeLibraryAndExitThread
GetModuleHandleA
GetLastError
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
K32GetModuleInformation
GetTimeZoneInformation
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetModuleHandleExW
IsValidCodePage
GetACP
GetCommandLineA
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
ReleaseSRWLockExclusive
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
gdi32
CreateFontA
SelectObject
CreateCompatibleDC
EnumFontFamiliesExW
CreateFontW
DeleteDC
GetFontData
DeleteObject
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 975KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PassatHook-main/CSGO V2/readme.md
-
PassatHook-main/CSGO V2/screenshot.png.png
-
PassatHook-main/README.md