TDPremium[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

TDPremium.rar
Size

515KB
MD5

21e20f3df5ccb8efef475a04fbcbb3d9
SHA1

b61a5b5f26ed0c96e83faaeb71318c165aeff7a0
SHA256

17847c8902d6e332dd72bc15223c8a435829d1097a1e4687d4eee8eb872af3b4
SHA512

a1000082c80b06c9fee71ddd02362b74b11ff3bb40b8b3d90c9129a32a1dbc7838a4b9e3151653c1af671e1955e6d56592b514339c486da3db3a9497c0ec0b9c
SSDEEP

12288:MdVtfUJtzp7Z9RDEbUqx6IP9WMoy3QJYDvcsDrzV+:Md/UJdoBRP9WM0JOvcY3Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TDPremium.exe

Files

TDPremium.rar
.rar

Password: 123
TDPremium.exe
.exe windows:6 windows x64 arch:x64

Password: 123

6f181bbb9b68fced5b0aaae00cf24483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TD-Files\TD\FiveM\FiveM Premium 4\tyhlu\x64\Build\Tyhlu-external.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
Module32FirstW
SetFileInformationByHandle
FormatMessageA
GetModuleHandleW
GetModuleFileNameA
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetLastError
OpenProcess
GetStdHandle
SetConsoleTextAttribute
SetLastError
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateDirectoryA
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
GlobalLock
LocalFree
GlobalFree
GlobalAlloc
MultiByteToWideChar
Module32NextW
Beep
CloseHandle
WriteProcessMemory
Process32FirstW
GetCurrentThread
Process32NextW
CreateToolhelp32Snapshot
SetConsoleTitleA
ReadProcessMemory
Sleep
CreateFileW

user32

GetWindowThreadProcessId
EnumWindows
SetWindowLongA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
FindWindowW
FindWindowA
GetKeyState
RegisterClassExA
GetDesktopWindow
GetAsyncKeyState
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MoveWindow
SetWindowDisplayAffinity
PeekMessageW
DispatchMessageW
ShowWindow
SetWindowPos
DestroyWindow
GetWindowRect
GetWindow
GetWindowLongW
SetClipboardData
GetSystemMetrics
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
mouse_event
SendInput
SetWindowLongW

shell32

ShellExecuteW

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
_Thrd_join
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXMatrixTranspose
D3DXVec3Transform

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

normaliz

IdnToAscii

wldap32

ord301
ord200
ord30
ord143
ord217
ord33
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord46
ord32
ord35
ord79

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertGetCertificateChain

ws2_32

closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_CxxThrowException
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh
calloc
realloc

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_getpid
_invalid_parameter_noinfo_noreturn
system
terminate
abort
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
exit
_register_thread_local_exe_atexit_callback
_resetstkoflw
_c_exit
_invalid_parameter_noinfo
__p___argv
__sys_nerr
strerror
__p___argc
_exit
_errno
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_crt_atexit
_seh_filter_exe
_cexit
_initialize_narrow_environment

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fread_s
__stdio_common_vsscanf
_wfopen
__p__commode
_read
_write
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
_get_stream_buffer_pointers
_fseeki64
fread
fgets
fsetpos
ungetc
setvbuf
fgetpos
_pclose
__stdio_common_vsprintf
_popen
fwrite
_close
fopen
fputs
fgetc
feof
_open
fclose
__stdio_common_vsprintf_s
fflush
fopen_s
_lseeki64
fputc

api-ms-win-crt-math-l1-1-0

ceilf
cosf
fmodf
acosf
_hypotf
sinf
_dclass
__setusermatherr
roundf
_dsign
pow
sqrtf

api-ms-win-crt-string-l1-1-0

strcmp
tolower
strcspn
strncmp
strspn
isupper
strncpy
_wcsicmp
_strdup
strpbrk

api-ms-win-crt-convert-l1-1-0

atoi
strtod
atof
strtol
strtoul
strtoull
strtoll

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-filesystem-l1-1-0

_stat64
_mkdir
_lock_file
_fstat64
_unlock_file
_access
_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

advapi32

CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken

Sections

.text
Size: 862KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

6f181bbb9b68fced5b0aaae00cf24483

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp140

d3d9

d3dx9_43

dwmapi

imm32

normaliz

wldap32

crypt32

ws2_32

rpcrt4

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 862KB - Virtual size: 861KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 102KB - Virtual size: 110KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 862KB - Virtual size: 861KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 102KB - Virtual size: 110KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB