Static task
static1
General
-
Target
ST_CS2_Internal_Loader.zip
-
Size
4.1MB
-
MD5
e6b0ef51a1a8b335499025973259d1c2
-
SHA1
c2ddb269e220d334ac6a304f1a6c12299e85e26c
-
SHA256
6834485fcfff3093166f7fcaf94ce1b265a2831cec31e14557b99d5e9f3c9feb
-
SHA512
5ea663ea23055a184bf2f4f0914941c222f21689f950452c48292a29ecd2ac48ffb4bd4e965dc499b866ea2130936891b59ad1443500b0b4e836fff6d54a5353
-
SSDEEP
98304:rw5BvZU41NfjnB/yb9/bVeYHc3t+A8QlxYCiYhTZ:3UrBatbVezUzQ3b
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/ST_CS2_Internal_Loader/CSGO2 Injector.exe unpack001/ST_CS2_Internal_Loader/cs2_staffbesting.dll
Files
-
ST_CS2_Internal_Loader.zip.zip
-
ST_CS2_Internal_Loader/CSGO2 Injector.exe.exe windows:6 windows x64 arch:x64
43240575d0694a2a543ce326ca3c1215
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
OpenProcess
CloseHandle
LoadLibraryW
GetProcAddress
VirtualAllocEx
ReadProcessMemory
GetModuleHandleW
WaitForSingleObject
VirtualFreeEx
SetConsoleTitleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
user32
FindWindowW
GetWindowThreadProcessId
MessageBoxW
comdlg32
GetOpenFileNameW
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
vcruntime140
__C_specific_handler
memset
__std_exception_destroy
_CxxThrowException
__current_exception
memcpy
__current_exception_context
__std_exception_copy
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
__p___argv
_c_exit
__p___argc
exit
_cexit
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
_exit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_errno
_get_initial_narrow_environment
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
malloc
_callnewh
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ST_CS2_Internal_Loader/cs2_staffbesting.dll.dll .ps1 windows:6 windows x64 arch:x64 polyglot
79c66a30e47eefd8540bd8607a32f598
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GlobalUnlock
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
LoadCursorA
imm32
ImmReleaseContext
d3dcompiler_47
D3DCompile
Sections
.text Size: - Virtual size: 382KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xorstr0 Size: - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xorstr1 Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xorstr2 Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 233B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ