Hpp Hook v6 NOSTEAM[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Hpp Hook v6 NOSTEAM.rar
Size

549KB
MD5

464e568996b188c24d49adc1d420c144
SHA1

1148768640485a34b35ba00c843341d080339b86
SHA256

43581d3f0fadd3829c5dc244fe66b9216991b55b854343fdc5e2ff620d383041
SHA512

5fc3441901105007dfc5c4b4c14cb936fb6c6f9dc9b4dfd4b72930e51a28d03bb94cabadb90aad45683a9f0d0b215fbe39741d586271b9fb594df185d1d1b8b8
SSDEEP

12288:h0ipTXXJyCJxCW6JnxcIEHhqjzG/v2nzCbhJfnMY9Jn:hJbJyKx96bcIEnEebhJkOB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Hpp Hook v6 NOSTEAM/hpp.hl.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hpp Hook v6 NOSTEAM/hpp.dll
unpack001/Hpp Hook v6 NOSTEAM/hpp.hl.exe
unpack003/out.upx

Files

Hpp Hook v6 NOSTEAM.rar
.rar

Password: 123231
Hpp Hook v6 NOSTEAM/hpp.dll
.dll windows:6 windows x86 arch:x86

Password: 123231

663484a4ed30586e202a4b2643057c84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Agustin\Documents\GitHub\hpp-v6\Release\hpp.pdb

Imports

opengl32

glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glEnable
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glTexCoordPointer
glTexImage2D
glColorPointer
glDrawElements
glDisable
glPushMatrix
glShadeModel
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
glClear
glClearColor
glPopMatrix
glDepthFunc

kernel32

SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
OutputDebugStringW
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
SetStdHandle
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
IsBadCodePtr
GetProcessHeap
DeleteFileA
CreateDirectoryA
GetModuleHandleA
FindFirstFileA
SetLastError
FindNextFileA
FindClose
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
FreeLibraryAndExitThread
DisableThreadLibraryCalls
CreateThread
GetFullPathNameA
MoveFileA
GetLocalTime
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
ReadFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
CreateFileW
HeapSize
HeapAlloc
SetEndOfFile
WaitForSingleObjectEx
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount

user32

EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetClipboardData
ScreenToClient
GetKeyState
GetAsyncKeyState
CallWindowProcA
SetWindowLongA
EnumWindows
IsWindowVisible
GetWindow
GetWindowThreadProcessId
MessageBoxA
ShowCursor
SetClipboardData
GetCapture

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 865KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hpp Hook v6 NOSTEAM/hpp.hl.exe
.exe windows:5 windows x86 arch:x86

Password: 123231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hpp Hook v6 NOSTEAM/injmthd.ini

Sharing

General

Malware Config

Signatures

Files

Password: 123231

Password: 123231

663484a4ed30586e202a4b2643057c84

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

shell32

imm32

Sections

.text Size: 865KB - Virtual size: 865KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 30KB - Virtual size: 82KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 43KB - Virtual size: 42KB

Password: 123231

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 865KB - Virtual size: 865KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 30KB - Virtual size: 82KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 43KB - Virtual size: 42KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 2KB - Virtual size: 1KB