Static task
static1
General
-
Target
PassatHook-main.zip
-
Size
71.5MB
-
MD5
6fecac327c8019205224bbf2c84246fd
-
SHA1
7183d30af293c6696054f99279bd172e305f2e8f
-
SHA256
63f650718af639b13ff731ce632c7bd03a055b3edd452aafe1b6907e58cad0e5
-
SHA512
e4395fc0b18be77505a58dcaa3a544de2594d38dea575b472e425c8c2dbd27c94346118d61c1a81c550e9d8fbc9bbe67a5b831d10dcc596ef4af71cfd31179d5
-
SSDEEP
1572864:900u0WgqYwVa08OjRRlQlugzqNzNEl/BDWjN:X7WNv8sv2sol/J8
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/PassatHook-main/CS2/PassatHook.exe unpack001/PassatHook-main/CS2/VPK map parser/vphys_parser.exe unpack001/PassatHook-main/CSGO V2/PassatHook.dll
Files
-
PassatHook-main.zip.zip
-
PassatHook-main/CS2/PassatHook.exe.exe windows:6 windows x64 arch:x64
357a058c235a3e272ea43004f9ac79c5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FreeConsole
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
FindWindowA
gdi32
GetDeviceCaps
shell32
ShellExecuteA
msvcp140
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
winmm
PlaySoundA
imm32
ImmGetContext
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_purecall
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-stdio-l1-1-0
fgetc
api-ms-win-crt-filesystem-l1-1-0
_stat64i32
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-math-l1-1-0
logf
api-ms-win-crt-time-l1-1-0
_ctime64_s
api-ms-win-crt-string-l1-1-0
strncmp
api-ms-win-crt-utility-l1-1-0
rand
advapi32
RegCreateKeyExW
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 510KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 4.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.te^ Size: - Virtual size: 7.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.q.q Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.FOF Size: 15.2MB - Virtual size: 15.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PassatHook-main/CS2/README.md
-
PassatHook-main/CS2/VPK map parser/Maps.7z.7z
-
ancient.tri
-
anubis.tri
-
baggage.tri
-
dust2.tri
-
inferno.tri
-
italy.tri
-
mirage.tri
-
nuke.tri
-
office.tri
-
overpass.tri
-
shoots.tri
-
vertigo.tri
-
PassatHook-main/CS2/VPK map parser/README.md
-
PassatHook-main/CS2/VPK map parser/vphys_parser.exe.exe windows:6 windows x64 arch:x64
98112bf0dbfe933454340f25b5c15042
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcp140
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
api-ms-win-crt-stdio-l1-1-0
setvbuf
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-runtime-l1-1-0
__p___argc
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-convert-l1-1-0
atoi
api-ms-win-crt-string-l1-1-0
isspace
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
kernel32
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
Sections
.text Size: - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.#bz Size: - Virtual size: 7.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.wyT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.]c_ Size: 12.0MB - Virtual size: 12.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PassatHook-main/CS2/showcase.png.png
-
PassatHook-main/CSGO V2/PassatHook.dll.dll windows:6 windows x86 arch:x86
595d5878ae517951ae8625f1a9267ad8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
shell32
SHGetKnownFolderPath
ShellExecuteW
ole32
CoTaskMemFree
user32
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CallWindowProcW
MessageBoxA
SetWindowLongW
ShowWindow
FindWindowW
FlashWindowEx
GetDC
GetCursorPos
kernel32
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStdHandle
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
ReadFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WriteFile
FreeLibraryAndExitThread
GetModuleHandleA
GetLastError
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
K32GetModuleInformation
GetTimeZoneInformation
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetModuleHandleExW
IsValidCodePage
GetACP
GetCommandLineA
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
ReleaseSRWLockExclusive
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
gdi32
CreateFontA
SelectObject
CreateCompatibleDC
EnumFontFamiliesExW
CreateFontW
DeleteDC
GetFontData
DeleteObject
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 975KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PassatHook-main/CSGO V2/readme.md
-
PassatHook-main/CSGO V2/screenshot.png.png
-
PassatHook-main/README.md