Lavender FiveM Premium Cheetos[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Lavender FiveM Premium Cheetos.exe
Size

2.2MB
MD5

07901024b52f9c30aa0cc9a682acdc13
SHA1

16557ed2ab579d6616f3aa81e93bc878b0cd0577
SHA256

6b341fc98cc4a86a20526a7398622a6a81bc670c0fb4cb450d51c5925b5a1d5a
SHA512

a2a54f98e2fb929c05cca7ccba400b47a32af266abe348e2370adc37b074f0af910d1c90b66885cb5dab581531c67d5f3047680ea3fe3171b356e7a086c81ea8
SSDEEP

49152:UeWGgkQ2joPMybnLEttYDRlUg6OBXugq1NTxoPCdIA1sITLl3oKJ6mEO2l0P:8ScWttYDYg6ZXxo0P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lavender FiveM Premium Cheetos.exe

Files

Lavender FiveM Premium Cheetos.exe
.exe windows:6 windows x64 arch:x64

e7a76a53c2e30d05c9244f42141b0946

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

NtLoadDriver
RtlInitAnsiString
NtUnloadDriver
RtlAnsiStringToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpReadData
WinHttpOpenRequest

kernel32

CloseHandle
OpenProcess
ReadProcessMemory
VirtualFree
GetCurrentProcess
VirtualAlloc
GetFileAttributesExA
SetLastError
GetCurrentDirectoryA
GetLastError
LocalFree
GetCurrentProcessId
CreateDirectoryA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
DeviceIoControl
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateFileW
Sleep
GetSystemTime
GetModuleHandleW
WriteProcessMemory
HeapFree
GetCurrentThreadId
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
GetFullPathNameW
CreateFileA
AreFileApisANSI
GetTempPathW
GetLocaleInfoA
GetFileInformationByHandleEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetFileAttributesExW
InitializeSListHead
GetFileAttributesW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileW
SetFileInformationByHandle
FindFirstFileExW
FindNextFileW
GetModuleFileNameA
GetStartupInfoW

user32

DefWindowProcW
CreateWindowExW
TranslateMessage
MoveWindow
SetWindowLongW
SetForegroundWindow
MapWindowPoints
MessageBoxA
GetMessageExtraInfo
GetDC
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
GetKeyState
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetAsyncKeyState
GetSystemMetrics
DispatchMessageW
PeekMessageW

gdi32

GetPixel

advapi32

RegCreateKeyA
RegQueryInfoKeyW
GetUserNameA
RegQueryValueExW
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
GetTokenInformation

shell32

ShellExecuteA

ole32

StringFromGUID2

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??Bios_base@std@@QEBA_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??7ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Random_device@std@@YAIXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_counter
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

d3dx9_43

D3DXVec3Transform

dbghelp

SymCleanup
SymInitialize
SymFromName
SymUnloadModule64
SymGetTypeInfo
SymLoadModuleEx
SymSetOptions
SymGetTypeFromName

urlmon

URLDownloadToFileA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
__std_terminate
__std_exception_destroy
__std_exception_copy
strstr
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
memset
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

toupper
strncmp
strncpy
strcmp
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
terminate
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
system

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

fgetc
__p__commode
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_wfopen
__stdio_common_vfprintf
fclose
fseek
__acrt_iob_func
fflush
fputc
ftell
fwrite
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
__stdio_common_vsprintf
setvbuf
fgetpos

api-ms-win-crt-convert-l1-1-0

wcstombs_s
_itoa_s
strtod
strtoll
atof
atoi
strtoull

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_dclass
sqrtf
__setusermatherr
sinf
atan2f
ceilf
cosf
powf
acosf
pow
fmodf

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a76a53c2e30d05c9244f42141b0946

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

d3d11

d3dx11_43

ntdll

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

d3dx9_43

dbghelp

urlmon

imm32

d3dcompiler_43

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 634KB - Virtual size: 633KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 23KB - Virtual size: 22KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 634KB - Virtual size: 633KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB