209a11e38ba15237b883287b9e7f19a0N

Sharing

Copy URL

Twitter E-mail

General

Target

209a11e38ba15237b883287b9e7f19a0N
Size

588KB
MD5

209a11e38ba15237b883287b9e7f19a0
SHA1

9f3b36825c281f55adbbf9b9ff6c30afeb1914d5
SHA256

bb00e0d749deaf95143725f2204cd7fd12d3c614beb72a165ed7ad6fcf3ad3b2
SHA512

5b9bc0721e148c2cc27b2686e83e8195d6b3d7f0eda467d9a66181ade4684bbd6215f3a53ebee76c1f3ff0c54870bd360090560b139d8e3eae8a8c3444ca3459
SSDEEP

12288:DdMSTcK/BDDtUY9ixjccDQtRInqdENhlmyJyDIJKql0On:rTB/BDDtU4IQtRIFxmyJyEJKql0g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
209a11e38ba15237b883287b9e7f19a0N

Files

209a11e38ba15237b883287b9e7f19a0N
.exe windows:6 windows x64 arch:x64

eee14a95d0c290f35358a8e0b719490c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\code\cpp\VScpp\x64\Release\XF_Map_Cheat.pdb

Imports

user32

MessageBoxW
MessageBeep
ShowWindow
GetAsyncKeyState

shell32

ShellExecuteW

kernel32

GetCurrentProcess
CreateWaitableTimerW
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
CreateMutexW
WaitForSingleObject
GetModuleHandleA
OpenProcess
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
Process32NextW
SetEvent
TerminateThread
Process32FirstW
CloseHandle
CreateThread
QueueUserAPC
SetLastError
LocalFree
DeleteCriticalSection
WideCharToMultiByte
GetConsoleWindow
SleepEx
FormatMessageA
CreateIoCompletionPort
SetWaitableTimer
EnterCriticalSection
CreateFileA
CreateFileW
DeleteFileW
WriteFile
DeviceIoControl
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
AcquireSRWLockExclusive
GetProcAddress
GetLocaleInfoEx
ReleaseSRWLockExclusive

advapi32

CryptAcquireContextA
RegCreateKeyW
RegCloseKey
OpenProcessToken
CryptEnumProvidersA
CryptGenRandom
CryptReleaseContext
GetTokenInformation
RegSetKeyValueW

msvcp140

_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Strcoll
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_detach
_Mtx_unlock
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?id@?$collate@D@std@@2V0locale@2@A
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?bad@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?toupper@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Strxfrm
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Locinfo@std@@QEAA@XZ

ws2_32

WSAGetLastError
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
recv
WSARecv
WSAAddressToStringW
connect
ntohs
socket
send
getsockname
getpeername
WSAStartup
getaddrinfo
WSASocketW
WSASetLastError
listen
shutdown
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
setsockopt
getnameinfo
WSACleanup

ntdll

RtlCaptureContext
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen
WinHttpCrackUrl
WinHttpCloseHandle

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
memset
memmove
memcpy
_purecall
memcmp
__C_specific_handler
__std_exception_destroy
__std_exception_copy
__std_type_info_compare
_CxxThrowException
__std_terminate
strchr
memchr

api-ms-win-crt-runtime-l1-1-0

__p___argv
_initterm_e
_initterm
_get_initial_narrow_environment
__p___argc
_register_thread_local_exe_atexit_callback
_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_c_exit
_exit
_crt_atexit
_configure_narrow_argv
terminate
_errno
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
exit

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_aligned_free
_callnewh
_set_new_mode
_aligned_malloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__p__commode
__acrt_iob_func
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

isdigit
tolower
_stricmp
_wcsicmp

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64_s

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
strtoull
strtoll

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eee14a95d0c290f35358a8e0b719490c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

shell32

kernel32

advapi32

msvcp140

ws2_32

ntdll

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 29KB - Virtual size: 31KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 29KB - Virtual size: 31KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB