creed_public (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

creed_public (1).exe
Size

13.5MB
MD5

292e2c8ac7d6fcaff6f8ac45d318dcae
SHA1

18961b485e0cb49f157dd9bc07b7119084256710
SHA256

9878b2156cc404a7a40792fe7f3c7c29ef9d14b4779c0f2ebf880f4444ba99ae
SHA512

9809640a0102da76b7339d4d8e4a7d327466f3429a303e81170b9defeef21f5a782e6d92c9ab79cde8b42acc56f9665113d76fa2be90a9094a2395f6d38342e5
SSDEEP

393216:SYCkh9Yi0CtmHVEb2XMCHWUjAjx5WsqWxTVadTSiu:ukh9Yi0Ct0Eb2XMb8XsqAo

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
creed_public (1).exe

Files

creed_public (1).exe
.exe windows:6 windows x64 arch:x64

9fec04c01a937878aa8757b8e7a92e51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\madz\Desktop\desk\!main folder\! Reseller\SLOTTED 1.6\Creed E-sports\usermode\build\base\Creed E-Sports Slotted.pdb

Imports

ntdll

VerSetConditionMask
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
LoadLibraryA
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
VirtualProtect
GetFileAttributesExW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapDestroy
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
ReadFile
GetFileSizeEx
CreateFileA
GetCurrentThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetConsoleWindow
SetConsoleTitleA
SetConsoleTextAttribute
lstrcmpiA
CreateThread
Sleep
DeviceIoControl
GetLastError
CloseHandle
Beep
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WakeAllConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
IsDebuggerPresent
CreateFileMappingW
CreateFileW
GetStdHandle
GetLocaleInfoA
GetCurrentThreadId

user32

GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
ClientToScreen
ScreenToClient
LoadCursorA
GetCursorPos
GetKeyState
GetKeyboardLayout
EmptyClipboard
DispatchMessageA
PeekMessageA
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
GetClipboardData
SetClipboardData
SetLayeredWindowAttributes
SetWindowPos
GetAsyncKeyState
SendInput
GetSystemMetrics
UpdateWindow
GetWindowRect
MessageBoxA
SetWindowLongA
GetDesktopWindow
FindWindowA
DefWindowProcA
GetWindow
LoadIconA
CloseClipboard
OpenClipboard
TranslateMessage

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcp140

??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

d3d9

Direct3DCreate9Ex

imm32

ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord211
ord60
ord45
ord50
ord46
ord217
ord22
ord26
ord27
ord32
ord33
ord41
ord35
ord79
ord30
ord200
ord301
ord143

crypt32

CertFindExtension
CertGetNameStringA
CryptDecodeObjectEx
CertAddCertificateContextToStore
PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptQueryObject

ws2_32

closesocket
recv
send
WSAGetLastError
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
memset
strstr
memchr
strchr
strrchr
__intrinsic_setjmp
__current_exception_context
__current_exception
__C_specific_handler
longjmp
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__sys_nerr
_errno
_invalid_parameter_noinfo_noreturn
_c_exit
_resetstkoflw
_invalid_parameter_noinfo
__p___argv
__p___argc
exit
_getpid
_exit
_initterm_e
abort
_initterm
_configure_narrow_argv
system
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_beginthreadex
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
strerror

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strcspn
strspn
isupper
_strdup
strpbrk
tolower
strncpy

api-ms-win-crt-math-l1-1-0

_dclass
asin
logf
atan2f
tanf
__setusermatherr
acosf
pow
powf
fmodf
sqrt
ceilf
sinf
cosf
log
atan2
_dsign
sqrtf

api-ms-win-crt-stdio-l1-1-0

fwrite
ftell
ungetc
setvbuf
fseek
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
fread
fflush
fclose
_wfopen
_set_fmode
_lseeki64
__stdio_common_vfprintf
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_open
feof
fputs
fopen
_close
__p__commode
_write
fgets
_popen
_pclose
_read

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode
realloc
_callnewh

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoll
atoi
strtoull
atof
strtod

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlink
_unlock_file
remove
_access
_lock_file
_fstat64

api-ms-win-crt-time-l1-1-0

_localtime64
_localtime64_s
_gmtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

advapi32

CopySid
GetUserNameA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
SetSecurityInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cstealer.pyc

Sharing

General

Malware Config

Signatures

Files

9fec04c01a937878aa8757b8e7a92e51

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

shell32

ole32

msvcp140

d3d9

imm32

dwmapi

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 389KB - Virtual size: 389KB

.data Size: 11.8MB - Virtual size: 11.8MB

.pdata Size: 57KB - Virtual size: 56KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 389KB - Virtual size: 389KB

.data
Size: 11.8MB - Virtual size: 11.8MB

.pdata
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 5KB