Unconfirmed 749473[.]crdownload

Resubmissions

11/08/2024, 20:17

240811-y2vbjawdmp 3

11/08/2024, 20:14

240811-y1c1vszfqd 3

Sharing

Copy URL Twitter E-mail

General

Target

Unconfirmed 749473.crdownload
Size

857KB
MD5

00a4a2e4ec9d099d6f68d2d0b9294bdb
SHA1

77fdfb902777d24661bf619b7d954eb3a3d5dc88
SHA256

be5013d64326b83832986140baf060801ccd293c260fb056e59785ecd06eae60
SHA512

01fd27c0bdd0e3c895f30fe4ed89658c784587c9d5b906eab177d7a6e32a37eb1909dceb7268dfbd9c1def309561e6fe04dee9ca9c0f2ed4e628bd662c603c3a
SSDEEP

24576:bQGstrBXebLuKF73Gp0XB16VPFRv8sYm1KqTE3:St1KF73q0X36VPFRv8sYmUqY3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PPHUD_update/application.exe

Files

Unconfirmed 749473.crdownload
.zip

Password: 123
PPHUD_update/Free Cheats for Online Games.url
PPHUD_update/PPHUD/legit admin sk.ini
PPHUD_update/PPHUD/legit admin.ini
PPHUD_update/PPHUD/legit.ini
PPHUD_update/PPHUD/legitVymi.ini
PPHUD_update/PPHUD/ragenl.ini
PPHUD_update/PPHUD/rageot.ini
PPHUD_update/PPHUD/ragesk.ini
PPHUD_update/PPHUD/ragesp.ini
PPHUD_update/PPHUD/toyota_hvh.ini
PPHUD_update/application.exe
.exe windows:6 windows x86 arch:x86

Password: 123

8868febef591b7d3da8a0b618de6e749

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
Sleep
K32GetModuleFileNameExA
LoadLibraryA
FillConsoleOutputAttribute
GetProcAddress
SetConsoleCursorPosition
GetExitCodeProcess
GetCurrentProcess
GetModuleHandleA
GetTickCount64
CloseHandle
CreateThread
SetConsoleTitleA
CheckRemoteDebuggerPresent
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
GetCurrentProcessId
WaitForSingleObject
SetEvent
CreateEventA
GetModuleFileNameA
SetLastError
GetConsoleScreenBufferInfo
IsDebuggerPresent
FillConsoleOutputCharacterA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

wininet

InternetCloseHandle
InternetOpenA
HttpOpenRequestA
InternetReadFile
HttpSendRequestA
InternetConnectA

winmm

midiStreamOut
midiOutPrepareHeader
midiOutUnprepareHeader
midiStreamRestart
midiOutShortMsg
midiStreamStop
midiStreamOpen
midiStreamProperty
midiOutReset
midiStreamClose

vcruntime140

memmove
memcpy
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
memset
memchr

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
fgetc
getchar
fwrite
fgetpos
setvbuf
ungetc
__p__commode
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fputc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_controlfp_s
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
terminate
_cexit

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

8868febef591b7d3da8a0b618de6e749

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

wininet

winmm

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 3KB