PALWORLD_TRAINER[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

PALWORLD_TRAINER.zip
Size

3.5MB
MD5

17d071d3cdf44df592d90c9aca72dc1d
SHA1

e3e5b84a1b992b88b00889a69181c1ccc39a950f
SHA256

3c20093f8163cf989cbfef56059d60cb4fab4c771ed8e975ffee437cb688937c
SHA512

b5429c73ba1f9cf10059820125958a731db085afac4c2359f33cb907f324203ce9279df5ad45e0b65c3e2e27dffe21f4fa059224a3201994fc31c7b09fe0d83e
SSDEEP

49152:Oia/gEYbgT33fjn1y7aC6K65YG/izhFOqzF0Ul8cY7Z1+bIMnyeJIyRtPfGw/ukJ:taXYbgjjn1yGBv5lgWN1+bIWRtPr/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PALWORLD TRAINER/Extreme Injector v3.exe
unpack001/PALWORLD TRAINER/palcrack-postnuclear-STEAM-v2.dll
unpack001/PALWORLD TRAINER/spoofer.exe

Files

PALWORLD_TRAINER.zip
.zip

Password: Vayzer
PALWORLD TRAINER/Extreme Injector v3.exe
.exe windows:4 windows x86 arch:x86

Password: Vayzer

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PALWORLD TRAINER/palcrack-postnuclear-STEAM-v2.dll
.dll windows:6 windows x64 arch:x64

Password: Vayzer

55cfc270284d9ad18f86f35450d2c41b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GlobalLock
GetModuleHandleW
GlobalFree
SetThreadContext
OpenThread
AllocConsole
GetStdHandle
GetConsoleWindow
SetConsoleTitleA
SetConsoleTextAttribute
FreeConsole
Beep
K32GetModuleFileNameExA
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateThread
DisableThreadLibraryCalls
GetLocaleInfoA
GlobalAlloc
GlobalUnlock
FlushInstructionCache
WideCharToMultiByte
FreeLibraryAndExitThread
GetCurrentProcessId
GetModuleHandleA

user32

GetClassNameA
GetWindowTextA
GetWindowRect
SetWindowLongPtrW
CallWindowProcW
ShowWindow
UnregisterClassW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetClientRect
ScreenToClient
GetCursorPos
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
SetCursorPos
ClientToScreen
GetForegroundWindow
GetKeyState
LoadCursorW
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
GetKeyboardLayout
SetCursor

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Thrd_yield
_Thrd_join
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
_Xtime_get_ticks
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__std_type_info_destroy_list
__current_exception_context
__current_exception
strchr
strstr
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
memchr
memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_wfopen
freopen_s
fclose
ftell
fseek
__stdio_common_vsscanf
fflush
__acrt_iob_func
fwrite
fread
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
tolower
strncpy
toupper
strcpy_s
_strdup

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoul
atof

api-ms-win-crt-math-l1-1-0

log
fmodf
floorf
cosf
ceilf
logf
pow
powf
sinf
sqrt
sqrtf
atan2f
acosf

Sections

.text
Size: 957KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PALWORLD TRAINER/spoofer.exe
.exe windows:4 windows x86 arch:x86

Password: Vayzer

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Paradise.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Vayzer

Password: Vayzer

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

Password: Vayzer

55cfc270284d9ad18f86f35450d2c41b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3d11

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 957KB - Virtual size: 956KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 25KB - Virtual size: 77KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1KB - Virtual size: 1KB

Password: Vayzer

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 443KB - Virtual size: 443KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 957KB - Virtual size: 956KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 25KB - Virtual size: 77KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 443KB - Virtual size: 443KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B