C:\Users\Administrator\Desktop\Enigma Selfleak\p2c\build\Enigma Public.pdb
Static task
static1
1 signatures
General
-
Target
External.zip
-
Size
307KB
-
MD5
6274934c1af11122d5617124fc8a9387
-
SHA1
b21e03aaa04c55ab5d555c9d3ddf8a5e772feaf7
-
SHA256
29ced897f456ff7da61ae9e083a0d4a58cd30ebf8d95d1aa9d2309bb854967ea
-
SHA512
e55e9548c834ccab4a575e63e6215112a39e52a842036f6184a62a837b68ce63bd3ddb362b41fd10c531895b1aafc2e84d4f112884957ddab3c303a4fb0741a7
-
SSDEEP
6144:6o5rLgVF7b63NB8VfuYwesEjsu5a6bz+F8FDpvqkh/xr0ckA:6oKG3UVfPjjrjP+etpykVxyA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Fortnite.exe unpack001/driver.sys unpack001/mappeer.exe
Files
-
External.zip.zip
-
Fortnite.exe.exe windows:6 windows x64 arch:x64
8531f3cb809283b197fe085d52d00c51
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3dcompiler_43
D3DCompile
kernel32
GlobalUnlock
CreateToolhelp32Snapshot
CloseHandle
VirtualAlloc
TerminateProcess
FindClose
GetModuleHandleA
OpenProcess
Sleep
Process32NextW
CreateFileA
LoadLibraryA
QueryPerformanceFrequency
Process32FirstW
WritePrivateProfileStringA
CreateThread
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetConsoleWindow
GetPrivateProfileIntA
QueryPerformanceCounter
GetPrivateProfileStringA
FlushFileBuffers
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
GetCurrentThreadId
GlobalLock
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
GlobalFree
GlobalAlloc
MultiByteToWideChar
LocalFree
user32
PeekMessageA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
EnumWindows
GetCursorPos
SetMenu
GetForegroundWindow
SetWindowDisplayAffinity
GetWindowLongA
GetWindowTextA
SetClipboardData
TranslateMessage
SetWindowLongA
SetWindowLongPtrA
GetAsyncKeyState
ShowWindow
GetClassNameA
GetSystemMetrics
ScreenToClient
SetWindowPos
mouse_event
GetClientRect
SendInput
SetCursorPos
UpdateWindow
GetWindowLongPtrA
ClientToScreen
DestroyWindow
GetDesktopWindow
GetWindowThreadProcessId
GetKeyState
DispatchMessageA
SetCursor
GetWindowRect
LoadCursorA
SetFocus
shell32
ShellExecuteW
d3d11
D3D11CreateDeviceAndSwapChain
msvcp140
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_join
_Mtx_unlock
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
ntdll
ZwSetValueKey
RtlCaptureContext
ZwQueryValueKey
ZwCreateKey
ZwOpenKey
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwClose
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memchr
memcmp
memcpy
memmove
__std_exception_destroy
__std_exception_copy
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
strstr
__std_terminate
api-ms-win-crt-stdio-l1-1-0
__p__commode
fclose
__stdio_common_vsprintf_s
fseek
ftell
__stdio_common_vfprintf
__acrt_iob_func
fwrite
_wfopen
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fflush
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcmp
_wcsicmp
wcscpy_s
strncpy
strncmp
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
free
_callnewh
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
system
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
sinf
sqrtf
acosf
asin
atan2
powf
tanf
ceilf
cosf
__setusermatherr
fmodf
Sections
.text Size: 398KB - Virtual size: 398KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
driver.sys.sys windows:10 windows x64 arch:x64
1e0880cb1fc7ed162fe94a0792b7bb1a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Windows.old\Users\sugar\Desktop\PEAuth\x64\Release\drvmoment.pdb
Imports
ntoskrnl.exe
IoGetCurrentProcess
ObfDereferenceObject
KeAttachProcess
KeDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
MmCopyVirtualMemory
PsGetProcessSectionBaseAddress
ZwProtectVirtualMemory
MmHighestUserAddress
RtlInitUnicodeString
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
IofCompleteRequest
ObReferenceObjectByHandle
ZwClose
ZwOpenKey
ZwQueryValueKey
ZwOpenProcess
RtlRandomEx
ObReferenceObjectByName
PsProcessType
IoDriverObjectType
RtlCompareUnicodeString
RtlGetVersion
MmUnmapIoSpace
MmMapIoSpaceEx
ZwSetValueKey
MmCopyMemory
PsGetProcessPeb
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 109B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 324B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 972B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mappeer.exe.exe windows:6 windows x64 arch:x64
858f21efbafc6a06bc58fbdd09bd60fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Administrator\Desktop\imxyviMapper-main\x64\Release\imxyviMapper.pdb
Imports
kernel32
FormatMessageA
CloseHandle
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
GetLocaleInfoEx
CreateFileW
GetFileAttributesW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
advapi32
RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
msvcp140
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?unsetf@ios_base@std@@QEAAXH@Z
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
ntdll
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
RtlInitAnsiString
dbghelp
ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
__current_exception_context
__current_exception
_CxxThrowException
memcpy
__std_exception_copy
__std_exception_destroy
memchr
memcmp
__C_specific_handler
memmove
api-ms-win-crt-stdio-l1-1-0
fgetpos
setvbuf
ungetc
fsetpos
fgetc
__p__commode
fread
fclose
fflush
fputc
_fseeki64
__acrt_iob_func
_get_stream_buffer_pointers
_set_fmode
__stdio_common_vfprintf
fwrite
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
__p___argv
__p___argc
abort
_beginthreadex
terminate
_initterm_e
perror
system
exit
_exit
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
free
_set_new_mode
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ