Static task
static1
General
-
Target
Cheat.dll
-
Size
1.1MB
-
MD5
fec33007eab865bf05191a101b7da1dd
-
SHA1
e37c74afebd9b9cf897039bd560eea5b9cb733cf
-
SHA256
44e8ee46e7011352d99375d2bd57a6ffb21416fe66c4f0c91b39db30c3e7c5f9
-
SHA512
643fc96dc9b77451f32659bf760c17013ca3968fc09a42a8643ad1c5f6f6678d0888ac7d18a3496230923c83af3fff762d98a239b5cb196bc9d007a291207658
-
SSDEEP
24576:Mq76dDbNDjkZfw9OnKveqfELy4y6FpMhwvMy5rQPa2tL3tXk83pPDY9RPB:MK6JUfwIn2fELyj6Yh4APa2JtU85PDYL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Cheat.dll
Files
-
Cheat.dll.dll windows:6 windows x64 arch:x64
4c1ad53aed97e2be1dc6b09dd50f8774
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
TerminateProcess
GetCurrentThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
lstrlenA
VirtualQuery
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
lstrlenW
GetFileSize
GetCurrentProcess
GetProcAddress
CloseHandle
CreateFileA
GetModuleHandleA
WriteFile
GetTickCount64
ReadFile
VirtualFree
GetLastError
user32
CreateWindowExA
UnregisterClassA
SetWindowLongPtrA
DefWindowProcA
DestroyWindow
GetForegroundWindow
MapVirtualKeyA
RegisterClassExA
CallWindowProcA
GetKeyState
GetMessageExtraInfo
keybd_event
MessageBoxA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
msvcp140
?_Xlength_error@std@@YAXPEBD@Z
imm32
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
d3dcompiler_47
D3DCompile
d3d11
D3D11CreateDeviceAndSwapChain
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_type_info_destroy_list
memset
memcpy
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memmove
_CxxThrowException
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initterm_e
_initterm
_cexit
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
ftell
fclose
fseek
__stdio_common_vfprintf
__stdio_common_vsscanf
fwrite
fread
fflush
__stdio_common_vsprintf
_wfopen
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strncpy
strncmp
strcmp
tolower
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
sinf
sqrtf
cosf
fmodf
ceilf
acosf
Sections
.text Size: 343KB - Virtual size: 343KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: 738KB - Virtual size: 737KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ