Aura (123)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Aura (123).rar
Size

373KB
MD5

07548c2a5847ad0029f1e7562940e00b
SHA1

ecb87973af3fc481595169bd577a08bd22ef2f32
SHA256

73fc5919066a87f1310c3449d02dcce2249cdccede4a51f899cd7d43944d8159
SHA512

fc527e8c3f3a41ecbbd29a7babe9db2e8d065310213d93b1d36561c69c9dc1045983ebe5c4a5bce2cfbe8c95f16658d3e291e46d5bc491ea2ed67599b5803a36
SSDEEP

6144:YmnllS0FJv76N/MbPTfiYC7VNxYxAwJHbcVSlhFu2gpvzdzpBJI52BpiztRbhAFc:YUlFJv7WkbbiYtxAwygebdzXDB0ztRbr

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Aura/Aura.exe
unpack001/Aura/data/discord_game_sdk.dll
unpack001/Aura/plugins/DiscordRPPlugin.dll

Files

Aura (123).rar
.rar

Password: 123
Aura/Aura.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.'E`<
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Aura/data/discord_game_sdk.dll
.dll windows:6 windows x64 arch:x64

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DiscordCreate
DiscordVersion
rust_eh_personality

Sections

.text
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Aura/plugins/DiscordRPPlugin.dll
.dll windows:6 windows x64 arch:x64

Password: 123

bc32238a4ff40762011e5bed50fce976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\BPReview\2023.10.01\DiscordRPCPlugin\plugins\DiscordRPPlugin.pdb

Imports

pluginsdk

?GetbOverTime@ServerWrapper@@QEAAKXZ
?setValue@CVarWrapper@@QEAAXH@Z
?getBoolValue@CVarWrapper@@QEAA_NXZ
??BCVarWrapper@@QEAA_NXZ
?getCvar@CVarManagerWrapper@@QEAA?AVCVarWrapper@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Execute@GameWrapper@@QEAAXV?$function@$$A6AXPEAVGameWrapper@@@Z@std@@@Z
?executeCommand@CVarManagerWrapper@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?addOnValueChanged@CVarWrapper@@QEAAXV?$function@$$A6AXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VCVarWrapper@@@Z@std@@@Z
?bindTo@CVarWrapper@@QEAAXV?$shared_ptr@_N@std@@@Z
??1CVarWrapper@@QEAA@XZ
?registerCvar@CVarManagerWrapper@@QEAA?AVCVarWrapper@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00_N1M1M1@Z
?SetTimeout@GameWrapper@@QEAAXV?$function@$$A6AXPEAVGameWrapper@@@Z@std@@M@Z
??0ServerWrapper@@QEAA@_K@Z
?IsInGame@GameWrapper@@QEAA_NXZ
?IsInCustomTraining@GameWrapper@@QEAA_NXZ
?GetGameEventAsServer@GameWrapper@@QEAA?AVServerWrapper@@XZ
?IsInFreeplay@GameWrapper@@QEAA_NXZ
?GetOnlineGame@GameWrapper@@QEAA?AVServerWrapper@@XZ
?IsSpectator@PriWrapper@@QEAA_NXZ
?GetPRI@PlayerControllerWrapper@@QEAA?AVPriWrapper@@XZ
??1PlayerControllerWrapper@@QEAA@XZ
?GetPlayerController@GameWrapper@@QEAA?AVPlayerControllerWrapper@@XZ
?IsInOnlineGame@GameWrapper@@QEAA_NXZ
??1ReplayServerWrapper@@QEAA@XZ
?GetGameEventAsReplay@GameWrapper@@QEAA?AVReplayServerWrapper@@XZ
?IsInReplay@GameWrapper@@QEAA_NXZ
?GetTotalRounds@TrainingEditorWrapper@@QEAAHXZ
?GetTM_Name@TrainingEditorSaveDataWrapper@@QEAA?AVUnrealStringWrapper@@XZ
?GetActiveRoundNumber@GameEditorWrapper@@QEAAHXZ
??1TrainingEditorSaveDataWrapper@@QEAA@XZ
?GetTrainingData@GameEditorSaveDataWrapper@@QEAA?AVTrainingEditorSaveDataWrapper@@XZ
??BTrainingEditorSaveDataWrapper@@QEBA_NXZ
??1GameEditorSaveDataWrapper@@QEAA@XZ
?GetTrainingData@TrainingEditorWrapper@@QEAA?AVGameEditorSaveDataWrapper@@XZ
??BSaveDataWrapper@@QEBA_NXZ
??1UnrealStringWrapper@@QEAA@XZ
?GetTrainingFileName@TrainingEditorWrapper@@QEAA?AVUnrealStringWrapper@@XZ
?ToString@UnrealStringWrapper@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1TrainingEditorWrapper@@QEAA@XZ
??0TrainingEditorWrapper@@QEAA@_K@Z
??0ServerWrapper@@QEAA@AEBV0@@Z
?GetbMatchEnded@ServerWrapper@@QEAAKXZ
?GetPlayerMMR@MMRWrapper@@QEAAMVUniqueIDWrapper@@H@Z
??0UniqueIDWrapper@@QEAA@AEBV0@@Z
?GetPlayerRank@MMRWrapper@@QEAA?AUSkillRank@@VUniqueIDWrapper@@H@Z
??1MMRWrapper@@QEAA@XZ
?GetMMRWrapper@GameWrapper@@QEAA?AVMMRWrapper@@XZ
??1UniqueIDWrapper@@QEAA@XZ
?GetUniqueID@GameWrapper@@QEAA?AVUniqueIDWrapper@@XZ
?GetTeamNum@PlayerReplicationInfoWrapper@@QEAAEXZ
??1PriWrapper@@QEAA@XZ
?GetPRI@VehicleWrapper@@QEAA?AVPriWrapper@@XZ
??1CarWrapper@@QEAA@XZ
?GetLocalCar@GameWrapper@@QEAA?AVCarWrapper@@XZ
?GetScore@TeamInfoWrapper@@QEAAHXZ
??1TeamWrapper@@QEAA@XZ
?Get@?$ArrayWrapper@VTeamWrapper@@@@QEAA?AVTeamWrapper@@H@Z
??BActorWrapper@@QEAA_NXZ
??1?$ArrayWrapper@VTeamWrapper@@@@QEAA@XZ
?GetTeams@TeamGameEventWrapper@@QEAA?AV?$ArrayWrapper@VTeamWrapper@@@@XZ
?IsNull@?$ArrayWrapper@VTeamWrapper@@@@QEAA_NXZ
?GetPlaylistId@GameSettingPlaylistWrapper@@QEAAHXZ
?GetMaxTeamSize@TeamGameEventWrapper@@QEAAHXZ
??BGameSettingPlaylistWrapper@@QEBA_NXZ
??1GameSettingPlaylistWrapper@@QEAA@XZ
?GetPlaylist@GameEventWrapper@@QEAA?AVGameSettingPlaylistWrapper@@XZ
?GetCurrentMap@GameWrapper@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetSecondsRemaining@ServerWrapper@@QEAAHXZ
?GetbUnlimitedTime@ServerWrapper@@QEAAKXZ
??1ServerWrapper@@QEAA@XZ

kernel32

WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
LCMapStringW
GetFileSizeEx
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
GetStringTypeW
InitializeSListHead
GetStartupInfoW
GetEnvironmentStringsW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
QueryPerformanceCounter
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
lstrlenW
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
CloseHandle
GetLastError
PeekNamedPipe
WaitNamedPipeW
GetCurrentProcessId
RtlLookupFunctionEntry
RtlCaptureContext
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetModuleHandleW
SetStdHandle
HeapSize
HeapReAlloc
WriteConsoleW
FreeEnvironmentStringsW
IsDebuggerPresent
GetProcessHeap
RtlUnwindEx
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteA

Exports

Exports

??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@$$QEAV012@@Z
??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@AEBV012@@Z
??0BakkesModPlugin@Plugin@BakkesMod@@QEAA@XZ
??1BakkesModPlugin@Plugin@BakkesMod@@QEAA@XZ
??4BakkesModPlugin@Plugin@BakkesMod@@QEAAAEAV012@$$QEAV012@@Z
??4BakkesModPlugin@Plugin@BakkesMod@@QEAAAEAV012@AEBV012@@Z
??_7BakkesModPlugin@Plugin@BakkesMod@@6B@
?__autoclassinit2@BakkesModPlugin@Plugin@BakkesMod@@QEAAX_K@Z
?onLoad@BakkesModPlugin@Plugin@BakkesMod@@UEAAXXZ
?onUnload@BakkesModPlugin@Plugin@BakkesMod@@UEAAXXZ
deleteMe
exports
getPlugin

Sections

.text
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.'E`< Size: 186KB - Virtual size: 185KB

.text Size: 40KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: 123

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 512B - Virtual size: 3B

.rdata Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

Password: 123

bc32238a4ff40762011e5bed50fce976

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pluginsdk

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 246KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 11KB - Virtual size: 231KB

.pdata Size: 12KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.'E`<
Size: 186KB - Virtual size: 185KB

.text
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 512B - Virtual size: 3B

.rdata
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 246KB - Virtual size: 246KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 11KB - Virtual size: 231KB

.pdata
Size: 12KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB