Buffout4-47359-1-28-6-1690000405[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Buffout4-47359-1-28-6-1690000405.zip
Size

1.2MB
MD5

ad95995ee896a029ce7fb55f0591e86c
SHA1

83264a6624f567f3a211aed760ee3ff7c0c4ada5
SHA256

321b7d197bd720e7f2733d539591d6f02172e061f1844b2c0467960b4c5467f9
SHA512

a91edc014986f9a14dcebd8a4b4d5626b92bfd835d7d237e3409531ad3a145f3f203c041e9ff5f575b16df1bd8af699d3169af0413dd8246fa2522873ce404a2
SSDEEP

24576:cuJ1UfFnShCiYcKH5oF3ZLA8IIGtfNxFx8f9rlVS+OjAgQyyx:YdnSdYR5oI8IIAT38f9rlA+BH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/F4SE/Plugins/Buffout4.dll

Files

Buffout4-47359-1-28-6-1690000405.zip
.zip
F4SE/Plugins/Buffout4.dll
.dll windows:6 windows x64 arch:x64

a341d60b7c114561e09821169f50158a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Repos\f4se\Buffout4\build\src\Release\Buffout4.pdb

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptGenRandom

dbghelp

UnDecorateSymbolName

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
sendto
accept
select
__WSAFDIsSet
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
recvfrom
getpeername
ioctlsocket
gethostname
bind

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext

crypt32

CryptStringToBinaryW
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

SysStringLen
VariantClear

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetVersion
VerSetConditionMask
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext
RtlUnwind

dxgi

CreateDXGIFactory

kernel32

GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
RaiseException
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
ExitProcess
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetDateFormatW
GetTimeFormatW
GetFileSizeEx
OpenEventA
ResetEvent
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
LCMapStringEx
DecodePointer
EncodePointer
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
GetTimeZoneInformation
FormatMessageA
FormatMessageW
WideCharToMultiByte
LocalFree
CreateEventA
SetEvent
CloseHandle
VirtualProtect
GetCurrentProcess
GetModuleFileNameW
K32EnumProcessModules
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
GetModuleHandleW
IsDebuggerPresent
GetCurrentProcessId
GetEnvironmentVariableA
GetEnvironmentVariableW
TerminateProcess
GetCurrentThreadId
TlsGetValue
TlsSetValue
VirtualFree
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetLastError
GetSystemInfo
VirtualAlloc
VirtualQuery
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
Sleep
MultiByteToWideChar
SetLastError
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileW
SleepConditionVariableSRW
WriteConsoleW
GlobalMemoryStatusEx
FlushFileBuffers
GetFileAttributesA
GetDynamicTimeZoneInformation
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
TlsAlloc
SwitchToThread
TlsFree
InitializeCriticalSection
lstrcmpA
LoadLibraryA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetFileInformationByHandleEx
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize
GetNativeSystemInfo
GetExitCodeThread
CloseThreadpoolWork
SetEndOfFile
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
TryAcquireSRWLockExclusive
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
CompareStringW

user32

MessageBoxW
MessageBoxA

shell32

SHGetKnownFolderPath
ShellExecuteW
ShellExecuteA

Exports

Exports

F4SEPlugin_Load
F4SEPlugin_Query

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F4SE/Plugins/Buffout4/config.toml
F4SE/Plugins/Buffout4/license.txt
F4SE/Plugins/Buffout4/third_party.txt

Sharing

General

Malware Config

Signatures

Files

a341d60b7c114561e09821169f50158a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

dbghelp

version

ws2_32

advapi32

crypt32

ole32

oleaut32

ntdll

dxgi

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 39KB - Virtual size: 388KB

.pdata Size: 62KB - Virtual size: 62KB

_RDATA Size: 1024B - Virtual size: 812B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 39KB - Virtual size: 388KB

.pdata
Size: 62KB - Virtual size: 62KB

_RDATA
Size: 1024B - Virtual size: 812B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 44KB