MacroGamer_v275_Source[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MacroGamer_v275_Source.zip
Size

142KB
MD5

da89d18de41449fab464d6399aa60d7f
SHA1

8056ad22af11affdc1e9911394900c04d8378a1f
SHA256

9e3031df74a81bddff8fd973d137a2505c87cee07b0a112cb84709d44f098968
SHA512

3fa8202cb495fce447e96c19b0a076e656b3ad65cdd8e110fb1af370f76be982858e35149b9ede8e462ef6d588631167a7890dad5802034e03f405e14e3ccee9
SSDEEP

3072:ltW65EkLxMhk8mfCVi6hV6g1+nC+fkVqoRgmcU79zMi61PBUvn59/N+K8HBf:ltOcxI5VnV6g1L+fkbRH3WiTx98Kg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kh.dll

Files

MacroGamer_v275_Source.zip
.zip
MacroGamer.au3
.ps1
MacrosDisabled.wav
MacrosEnabled.wav
RecordingStarted.wav
RecordingStopped.wav
gmerico.ico
help.chm
.chm
kh.dll
.dll windows:4 windows x86 arch:x86

cd4a32f84689085e668b4967ba4e8399

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetVersionExA

user32

CallNextHookEx
PostMessageA
GetKeyState

Exports

Exports

CBTProc
KeyProc
MouseProc
SetValuesCBT
SetValuesKey
SetValuesMouse

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mgconfig.dat
profile.mgp
scancodes.dat