cheato[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cheato.exe
Size

994KB
MD5

3ab505ec761663f33e1ef365e14d26c0
SHA1

027c6f13eb17600858053d32257591641c02f903
SHA256

5505c757ab32280bfb81b989f1168ff96d1d1285958b972445bcdb005ec7d8fe
SHA512

b023a269f91049fae1bbabe7d2248223265b722611b48a0652fe50266bb0c0f27e3254f7bc66da69605ac4ca66bdb87cc543c0feaa0db66b6845f5cc2a81ddd5
SSDEEP

12288:1rWIPW7dhBWAPM5A1HPcs+kryPH0ZCdaQKHpojnLOawau+siHzkLD+qRmVvypT:1pW7vBWAU+IKHpojnTwP+siHzkLwV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cheato.exe

Files

cheato.exe
.exe windows:6 windows x64 arch:x64

3425195f8d76b162b7204894729eb40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\wavy\Desktop\Galaxy\plsswapfast\p2c\x64\Release\GG.pdb

Imports

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
VerSetConditionMask

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetConsoleWindow
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Process32First
Process32Next
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocaleInfoA
CreateThread
FormatMessageW
GetModuleHandleExW
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
TerminateProcess
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetStdHandle
WaitForMultipleObjects
CreateEventA
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CloseHandle
CreateFileA
OpenProcess
ExitProcess
Sleep
GetStartupInfoW
GetModuleHandleW
SetThreadExecutionState
EnterCriticalSection
CreateFileW
InitializeCriticalSectionEx

user32

ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
MonitorFromWindow
TranslateMessage
DispatchMessageA
PeekMessageA
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
IsWindowVisible
GetSystemMetrics
SetMenu
UpdateWindow
GetForegroundWindow
GetWindowTextA
GetWindowRect
GetCursorPos
GetWindowLongA
GetClientRect
ReleaseDC
SetWindowLongA
GetWindowLongPtrA
GetDC
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
SystemParametersInfoW
CreateIconIndirect
LoadImageW
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
AdjustWindowRectEx
SetWindowTextW
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
MsgWaitForMultipleObjects
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
SetWindowLongPtrA
SetWindowPlacement
GetWindowPlacement
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
LoadCursorA
PostMessageW
GetDesktopWindow
SendMessageW
GetMessageTime
EnumDisplayMonitors
GetMonitorInfoW
EnumWindows
GetClassNameA
EnumDisplayDevicesW
EnumDisplaySettingsExW
GetWindowThreadProcessId
EnumDisplaySettingsW
ChangeDisplaySettingsExW
OpenClipboard
DestroyIcon
MapVirtualKeyW
ToUnicode
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW
ReleaseCapture
SetCapture
GetKeyState
TrackMouseEvent
GetKeyboardLayout
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
WaitMessage

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps
DeleteDC
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateDIBSection
CreateBitmap
SetDeviceGammaRamp
GetDeviceGammaRamp
SwapBuffers
CreateDCW

msvcp140

?uncaught_exceptions@std@@YAHXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140

__std_terminate
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memcmp
memcpy
memmove
memset
__current_exception_context
__current_exception
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsnprintf_s
_set_fmode
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initterm
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_exit
__p___argc
_beginthreadex
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
system
_get_initial_narrow_environment
exit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

fmodf
atan2f
tanf
atan2
powf
acosf
asin
log
sinf
cosf
logf
pow
sqrtf
sqrt
fminf
ceilf
__setusermatherr

api-ms-win-crt-string-l1-1-0

strcspn
strcmp
strspn
strncpy
strncmp

api-ms-win-crt-convert-l1-1-0

atof
strtoul

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

Exports

Exports

interception_create_context
interception_destroy_context
interception_get_filter
interception_get_hardware_id
interception_get_precedence
interception_is_invalid
interception_is_keyboard
interception_is_mouse
interception_receive
interception_send
interception_set_filter
interception_set_precedence
interception_wait
interception_wait_with_timeout

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 303KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3425195f8d76b162b7204894729eb40b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

d3d11

d3dcompiler_43

kernel32

user32

gdi32

msvcp140

d3dx11_43

imm32

dwmapi

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Exports

Exports

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 303KB - Virtual size: 318KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 303KB - Virtual size: 318KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 1KB