sample_product[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

sample_product.zip
Size

2.2MB
MD5

d4ebb308f7ac9b169ccc716fa6d1eaaa
SHA1

0d3791eb45638006b8b5fd68ffb8933ea76cd95b
SHA256

ce4a69843c43f251132977c41403a0f2d831a391e7b945ac645913442330d3f3
SHA512

6ec7ceb615af38ab48cfcdbc516e2a860416528a2aac4b0746a202c66f48c4f203c04549b617013a6991c79cbb0256dca5fcaba97bb36659951f8b4b2561e2af
SSDEEP

49152:vA637CH+PvN0qaM2BX72+A+1oF8PA535DAesYXEqSzSKrjztFFA2/obDD:vA6rK+PvNTaMS7C+GjDDXAxFYr

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample_product.exe
unpack001/sdk.dll

Files

sample_product.zip
.zip
sample_product.exe
.exe windows:6 windows x64 arch:x64

b84a8ed4508219c8da73ab71fce00b6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Shadow\source\repos\obama-gaming\devkit\release\sample_product.pdb

Imports

msvcrt

_aligned_free
_aligned_malloc
memmove
memset
printf
strcat_s
strcmp
vswprintf_s

sdk

?bp_attach@@YA_N_K@Z
?bp_create@@YA_N_K@Z
?bp_destroy@@YA_NXZ
?bp_detach@@YA_NXZ
?bp_get_peb@@YA_KXZ
?bp_read@@YA_NPEAX0_K@Z
?bp_register_thread@@YAXXZ
?bp_render_add_font@@YAXPEA_WHEPEAPEAX@Z
?bp_render_begin_clipping@@YAXHHHH@Z
?bp_render_begin_fonts@@YAXXZ
?bp_render_begin_frame@@YAXXZ
?bp_render_create@@YA_N_K@Z
?bp_render_destroy@@YA_NXZ
?bp_render_end_clipping@@YAXXZ
?bp_render_end_fonts@@YAXXZ
?bp_render_end_frame@@YAXXZ
?bp_render_get_cursor@@YAXPEAH0@Z
?bp_render_get_key@@YA_NH@Z
?bp_render_rect@@YQXMMMMI@Z
?bp_render_start@@YAXHHHH@Z
?bp_render_stop@@YAXXZ
?bp_render_text_raw@@YQXPEAXPEB_WMMEI@Z

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
GetEnvironmentVariableA
Process32First
Process32Next
SetEvent
Sleep
SwitchToThread
WaitForSingleObject
WriteFile

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sample_product.map
sample_product.pdb
sdk.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

?bp_attach@@YA_N_K@Z
?bp_create@@YA_N_K@Z
?bp_destroy@@YA_NXZ
?bp_detach@@YA_NXZ
?bp_find_module@@YA_NIPEAPEAXPEAI@Z
?bp_get_peb@@YA_KXZ
?bp_read@@YA_NPEAX0_K@Z
?bp_read_batch@@YA_NPEAX@Z
?bp_read_common@@YA_NPEAX0_K@Z
?bp_read_large@@YA_NPEAX0_K@Z
?bp_register_thread@@YAXXZ
?bp_render_add_font@@YAXPEA_WHEPEAPEAX@Z
?bp_render_begin_clipping@@YAXHHHH@Z
?bp_render_begin_fonts@@YAXXZ
?bp_render_begin_frame@@YAXXZ
?bp_render_box_corner@@YQXMMMMII@Z
?bp_render_box_full@@YQXMMMMII@Z
?bp_render_circle@@YQXMMMMI@Z
?bp_render_circle_filled@@YQXMMMI@Z
?bp_render_clear_input@@YAXXZ
?bp_render_click@@YAXXZ
?bp_render_create@@YA_N_K@Z
?bp_render_destroy@@YA_NXZ
?bp_render_end_clipping@@YAXXZ
?bp_render_end_fonts@@YAXXZ
?bp_render_end_frame@@YAXXZ
?bp_render_get_cursor@@YAXPEAH0@Z
?bp_render_get_key@@YA_NH@Z
?bp_render_line@@YQXMMMMMI@Z
?bp_render_move_mouse@@YAXHH@Z
?bp_render_rect@@YQXMMMMI@Z
?bp_render_rect_gradient_h@@YQXMMMMII@Z
?bp_render_rect_gradient_v@@YQXMMMMII@Z
?bp_render_set_game_window@@YAX_K@Z
?bp_render_start@@YAXHHHH@Z
?bp_render_stop@@YAXXZ
?bp_render_text@@YQXPEAXPEA_W_K22IMMEI@Z
?bp_render_text_raw@@YQXPEAXPEB_WMMEI@Z
?bp_render_text_width@@YQMPEAXPEA_W_K22I@Z
?bp_render_text_width_raw@@YQMPEAXPEB_W@Z
?bp_render_triangle@@YQXMMMMMMI@Z
?bp_scan_memory@@YA_N_K0PEBDEPEA_K@Z
?bp_update_cache@@YAXXZ
?bp_write@@YA_NPEAXPEBX_K@Z
?bp_write_batch@@YA_NPEAX@Z
?bp_write_common@@YA_NPEAXPEBX_K@Z
?bp_write_large@@YA_NPEAXPEBX_K@Z

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdk
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdk
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b84a8ed4508219c8da73ab71fce00b6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

sdk

kernel32

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 468B

.pdata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 48B

.init Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 56B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 8KB

.sdk Size: 16KB - Virtual size: 16KB

.sdk Size: 3.5MB - Virtual size: 3.5MB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 468B

.pdata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 48B

.init
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 56B

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 8KB

.sdk
Size: 16KB - Virtual size: 16KB

.sdk
Size: 3.5MB - Virtual size: 3.5MB