Static task
static1
General
-
Target
Cheat.dll
-
Size
425KB
-
MD5
7c455cf1362c5726a75e99b6830c4337
-
SHA1
9db5a968d56d75f71c1ed27edb7cc28a277b37c5
-
SHA256
36bb8581e8510c53bef1baaac65fb88dc590dfea1b63a981a8f2080232d558d8
-
SHA512
d9d2939d288fcf0e3dc3551c0ee4669e4a8482a3c7e2393a3501853d0c4a3a8b07d741b4b074ff668fe852374895ccb04a457354b1753f56ce545249b4bd139e
-
SSDEEP
6144:q1jS/7OrSAi/TK6DnLzTaxwiL9kjknElJdeJM2vTvP2YfkezU+ncmPI8uHh:q1jpZYe5SQiJ1iTv+Yfvo+ncmK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Cheat.dll
Files
-
Cheat.dll.dll windows:6 windows x64 arch:x64
9875fa087113d3919fb743921c582e0e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenA
GetCurrentProcess
GetCurrentThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
CreateThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
GetFileSize
VirtualFree
VirtualQuery
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle
CreateFileA
GetLastError
lstrlenW
TerminateProcess
WriteFile
ReadFile
Beep
Sleep
GetTickCount64
VirtualProtect
GetModuleHandleA
user32
DefWindowProcA
CreateWindowExA
MessageBoxA
SetClipboardData
GetClipboardData
UnregisterClassA
SetWindowLongPtrA
RegisterClassExA
EmptyClipboard
CallWindowProcA
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
GetKeyState
GetMessageExtraInfo
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
LoadCursorW
SetCapture
DestroyWindow
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
imm32
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
d3dcompiler_47
D3DCompile
d3d11
D3D11CreateDeviceAndSwapChain
vcruntime140
_CxxThrowException
memset
memcpy
strstr
__std_exception_destroy
__std_terminate
__C_specific_handler
memchr
memcmp
memmove
__std_exception_copy
__std_type_info_destroy_list
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
__acrt_iob_func
fflush
fclose
fseek
_wfopen
fwrite
ftell
fread
__stdio_common_vsscanf
__stdio_common_vsprintf
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e
_initterm
_cexit
_configure_narrow_argv
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcmp
strncpy
strncmp
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
atan2f
ceilf
powf
sqrtf
fmodf
acosf
sinf
cosf
Sections
.text Size: 330KB - Virtual size: 330KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ