salour_[unknowncheats[.]me]_[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

salour_[unknowncheats.me]_.exe
Size

274KB
MD5

31651d2bd8c56d7028a69a1a577976fd
SHA1

da188577d9f9d5f8db2ee2bdbc4efbe774e928a4
SHA256

3c82528c730c42ecba92fcb410d51d4e2c7123bcea1a8d144059b716582cdaaa
SHA512

8c0e95c26a57ae3252d606e4baeb35f2939d165dda50a43f7307ce9486120e9b8696a8da2b660410b94a88e156f62c9f96a6d10e2aa6449584caa1f898b6f2c4
SSDEEP

6144:TPWhMCS20fFyPszZjqC7fcR5E2yk7cQkv02khWBonfYns+VjjdCEnR2:KAI/yntsudCEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
salour_[unknowncheats.me]_.exe

Files

salour_[unknowncheats.me]_.exe
.exe windows:6 windows x64 arch:x64

c7bd81db403b89e5f73560f7f29ad888

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Documents\dayz2\z3n1th_v69420\x64\Release\salour.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
ReadProcessMemory
GetConsoleWindow
Process32First
Module32Next
Module32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GlobalFree
GetLocaleInfoA
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep
UnhandledExceptionFilter
GlobalAlloc
MultiByteToWideChar
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GetModuleHandleW
GlobalLock
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
RtlCaptureContext
RtlVirtualUnwind

user32

ShowWindow
GetSystemMetrics
DestroyWindow
GetWindowRect
DispatchMessageA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
GetAsyncKeyState
GetKeyState
GetMessageExtraInfo
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetWindowLongA
DefWindowProcA
CreateWindowExA
SetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetLayeredWindowAttributes
UpdateWindow

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

_Query_perf_frequency
_Query_perf_counter

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__current_exception
__C_specific_handler
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
memcmp
__current_exception_context
memmove
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fwrite
__stdio_common_vfprintf
fseek
fclose
fflush
__acrt_iob_func
ftell
_wfopen
_set_fmode
__p__commode
__stdio_common_vsprintf_s
fread
__stdio_common_vsscanf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

__p___argv
_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initterm
terminate
_get_initial_narrow_environment
_set_app_type
_configure_narrow_argv
_seh_filter_exe
_cexit
__p___argc
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_initialize_narrow_environment

api-ms-win-crt-math-l1-1-0

acosf
pow
sinf
sqrt
cosf
__setusermatherr
fmodf
ceilf
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7bd81db403b89e5f73560f7f29ad888

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

imm32

d3dcompiler_47

dwmapi

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 524B

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 524B