poopyhack (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

poopyhack (1).zip
Size

1.7MB
MD5

8eb1502ee57ddc4405bbc6350861941c
SHA1

480015942b7a712b4d4cc7cbc50c77cf61b6647f
SHA256

e557433c1ea2cbb4797b760ab777285384ea33ee49d96155e0344adb4d812058
SHA512

76a9e79f8d32f60fcf6f53fdc05947f46a6958d32d13363e4e7d570b161dd9ee6e3a0da01385320fd32747d3103d89c8f560a8b749ef3f0f335406dbc8f2824d
SSDEEP

49152:VdCfOh3rIKAtEEpJmsIb+iChm5jQrCfzG6OPNF5Z:rCWh3VAtEMmnbLi4aaG3NV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/poop.dll

Files

poopyhack (1).zip
.zip
MemeSense/fonts/esp-icons.ttf
MemeSense/fonts/gui-icons.ttf
MemeSense/fonts/pixel7.ttf
MemeSense/fonts/verdana.ttf
MemeSense/localizations/cs2-english.bin
MemeSense/localizations/cs2-russian.bin
MemeSense/localizations/cs2-schinese.bin
MemeSense/resources/econ/leather_handwraps.png
.png
MemeSense/resources/econ/motorcycle_gloves.png
.png
MemeSense/resources/econ/slick_gloves.png
.png
MemeSense/resources/econ/specialist_gloves.png
.png
MemeSense/resources/econ/sporty_gloves.png
.png
MemeSense/resources/econ/studded_bloodhound_gloves.png
.png
MemeSense/resources/econ/studded_brokenfang_gloves.png
.png
MemeSense/resources/econ/studded_hydra_gloves.png
.png
poop.dll
.dll windows:6 windows x64 arch:x64

c00d8ebffd2d4775683ad9601006f9d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\cobra\memesense\x64\Release\D.pdb

Imports

kernel32

SizeofResource
SetConsoleTitleA
VirtualAlloc
FindResourceA
LockResource
CreateThread
LoadResource
AllocConsole
HeapCreate
GetCurrentProcess
GetCurrentThreadId
Sleep
GetCurrentProcessId
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
QueryPerformanceCounter

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memset
__std_exception_copy
__std_exception_destroy
__current_exception_context
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

freopen_s
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
_crt_atexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

c00d8ebffd2d4775683ad9601006f9d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 852B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 100B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 852B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 100B