General

Malware Config

Signatures

Files

• SparkClicker.zip

  .zip
• AntiSkid.dll

  .dll windows:6 windows x64 arch:x64

  863d122ea5f5e1a39ca0999e32f8bbe8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  IMAGE_FILE_DLL

  Imports

  kernel32

  AddVectoredExceptionHandler

  CloseHandle

  CreateEventA

  CreateFileA

  CreateIoCompletionPort

  CreateThread

  CreateToolhelp32Snapshot

  CreateWaitableTimerExW

  DeleteCriticalSection

  DuplicateHandle

  EnterCriticalSection

  ExitProcess

  FlushInstructionCache

  FreeEnvironmentStringsW

  GetConsoleMode

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStringsW

  GetLastError

  GetModuleHandleW

  GetProcAddress

  GetProcessAffinityMask

  GetQueuedCompletionStatusEx

  GetStdHandle

  GetSystemDirectoryA

  GetSystemInfo

  GetThreadContext

  HeapAlloc

  HeapCreate

  HeapDestroy

  HeapFree

  HeapReAlloc

  InitializeCriticalSection

  IsDBCSLeadByteEx

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryW

  MultiByteToWideChar

  OpenThread

  PostQueuedCompletionStatus

  ResumeThread

  SetConsoleCtrlHandler

  SetErrorMode

  SetEvent

  SetProcessPriorityBoost

  SetThreadContext

  SetUnhandledExceptionFilter

  SetWaitableTimer

  Sleep

  SuspendThread

  SwitchToThread

  Thread32First

  Thread32Next

  TlsAlloc

  TlsGetValue

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  msvcrt

  ___lc_codepage_func

  ___mb_cur_max_func

  __iob_func

  _amsg_exit

  _beginthread

  _errno

  _initterm

  _lock

  _unlock

  abort

  calloc

  fputc

  free

  fwrite

  localeconv

  malloc

  memcpy

  memset

  realloc

  strerror

  strlen

  strncmp

  vfprintf

  wcslen

  Exports

  Exports

  OnProcessAttach

  _cgo_dummy_export

  Sections

  .text

  Size: 565KB - Virtual size: 564KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 80KB - Virtual size: 79KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 612KB - Virtual size: 612KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 358KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 107B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Spark Clicker.exe

  .exe windows:6 windows x64 arch:x64

  bdd588e1c9cbc5983c04b8f6e8866110

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  d3d9

  Direct3DCreate9

  kernel32

  SetConsoleTitleA

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetCursorPos

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  CryptCreateHash

  shell32

  ShellExecuteExA

  ole32

  CoUninitialize

  ntdll

  ZwReadVirtualMemory

  winmm

  PlaySoundA

  imm32

  ImmReleaseContext

  normaliz

  IdnToAscii

  ws2_32

  send

  wldap32

  ord143

  crypt32

  CertEnumCertificatesInStore

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  ���|{"�!e]�6~���!*�4с&���q���n�����Y+@t��-�q�r(������@#4�$��:L�&��0�Ǜl�z|(�{����|< �mG^�Su��+F�\/0���`��\iiz=����?u�]:�l�"!�Qdr�i�2�%�=��L]૔df)�gg��Z��H�)��U�A�!�HF�|����R i��r�O+⑭/v����%� ���"�h�Eץ�,�7<��|��`2'0�M4�~d@�4q݃�@�V�!a��)��� n�����@ ^l{�������3�[�.�����7U
  ���X��+��M�?KM��ʎ�9]����ᵈ��$ڲτ���9e�z;�+c�PRo�WV"� �����;un��]:f� Dq&r/��"
  ���:�����}a?V��[Ai� �%&͉d
  �W?�5B�a�?�sb=Fa�"$y��|��|�D0��E�[I�Т� fWV����'��A� g�؞��ۃa���P��H��?�yW����/�'{;It���bx��3\Xj���~�'ŝ�O�����jx�g�!l�(�b��fݾ��B
  �q�-��K�z/ s�ҩ�/�i�j�C�j�b��fS�<�� �#_�W���Ӥ/�}Oq1�$��ӈƙE����طT��wΥ��7W�c+����xQ'�Q�S�ۄosn'���$�8P�O����4��%]N6�HM��m�Nԫ@���o3�'ʋ�$��E�"����&���U��t�U�N_�4.���]�W�
  ��<ZRH�Q:�:�7��s�
  ���M=��� ��`�?ۖ�ך�����~��jga}�D� 7 '�W���k%Si�2pI�Iw����v2Gt��#泝����E��X ��b��g��(�K��֥W�u�d<.tys��A��nͤ.��B��[�з��R?È��a��%��W2�Z�fvY���R��.Ɋs�z���ִ'݋�A�=\��عO4���
  +�g5��Hx�i�Me�f���B�<���W�Q�Wn��,~�wu�?�& �?e�߱5ܸ�L*��T��Ag�Y��PQ���y��Ji��JZ}�EK=V��w3�.��Ff������y&t"&� b|�+9�k��JF�O���
  ����B�9t2MʈL7 ���ז�/�s)M ,���B�?���{{� ����סzi�PXs`�~�x�h� &ʽ(~�>��| `�/}2��������m�� ��� ��FE�[S|�B�^C�J(��>Iu��&҄S�*�!4Ƒ;3�{��-�2&H-��������Km��V�� <�KqO}|ary�.>sV;T�0�� �ME���Q����� ����˾�I:de,�9>s+K���Z'��ǰ��O�B��W{���p;x�5�"FżI8����4�Bw\�p9���Vp�y��'�v2��?f%��CBՕ�����F����v�z6o�/;O�N C.�H�͞���3�ə���# $��žァ�r�)𿂝 x��?�6q,(Ū�젅�ؑ���$����%;ֆ���F�w���z�7&����^ԯ���4ǁ�g�p4�� kK\��4�
  �]���|pOB���j5~��b%�.N?`� 1�<Z�1���U,n�S�#1~������L��ð+�S��T�Zj����p ;Ƶ���6��6���uAEg}c#G� o5��җG�U�u�m�18�ǻ_��7��LPl7�^�+Fe��?�s��r��T��6+�>�B���B-����Z(s���x��n²g�ӷ�Cz���zD�C`�h>�6�V�Ĺ,اߤ���U)��M"f�,��]`S����k o=F�7B�=A]��m�6�� 3��!d��$��������2��VjAo���Ƶu �#]?M G�3�_ۨ���I�y��w�^���]��u=TE�G�ǘg���o���LK9m������+Uϝ@/)� ���&�q��۸B~YtO��R3Q��މ�����w��B(��w���ƺ ɪ�e���G���e�) F��f ߃��1���- 6�T�f��~3�L�����g-)�F�4���� >\l+�ԥ��nbHr�gO ���k��.I� �/P��?�7�Z��!b.&-�Ru������ǖ&�����)^��- ���4{������_x3��bR��s{�"f5��!��dZ"��4j�O���6 4���S�τ����K�Ub\V%�utB�pٖ�QD�|�=� jڱ �,��N��*aO��G3,<́r����]� ��� ��d�[�;)xFP,��K�����b2��I�$2�}]S�q|�� �:������� a�~������{T'뗜k�������ޏ��i��|HM�p�(� ���<�B!��YH���7�t�"0���ck��k_ j�#�/���I�����49�X��ř�,��4u,}�PZvBV|�ͭ�J���!�������M�A��t ��yob 1&�+�,L`}3JzQҠi FU��D]���՟��,+V��+d(FȔ�թ��? � �3
  ^v�� XX,~ s��$��:{�{ž�O��|I6�y��V�o�<��5����,J^�tcҀ������;�O�Ȑ�n�8����|9�"t�i�N��Z���F(�*�T�Q1y��Ԫ�L`p�ێ��rkM�ܺ�X�͊K�?v���[�)!|հ+8��2l����� ��>�� ̣�6�n�N�5���Mz�khVQ�;��R�|9�I��ry������Gi���β ��w��7C�Bc��,D�c�c�Y����)��I�c�x�v�5ܢ>��_3�>�7�u2N`���O�;����Eҏ�WMd�<��[���|h���⼱��7��Ŷ%?c[:�K�#3�����#dT��;F�y��Q�� ��Q�C0�MM�4M<~�*� � ��r6sz�r‰�D��_��A��?`�q�õ������Zw+p��.��(c�ݿ,�=I�}?: �GlT�R�F���i�x����4�J��c���YͺR��D?m�G��”���W�G����h[D���y
  �΂����������';E9�DvN��7$sa

  Sections

  .text

  Size: - Virtual size: 946KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 400KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.1MB - Virtual size: 6.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• SparkCrack.exe

  .exe windows:6 windows x64 arch:x64

  f0ea7b7844bbc5bfa9bb32efdcea957c

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  WriteFile

  WriteConsoleW

  WaitForMultipleObjects

  WaitForSingleObject

  VirtualQuery

  VirtualFree

  VirtualAlloc

  TlsAlloc

  SwitchToThread

  SuspendThread

  SetWaitableTimer

  SetUnhandledExceptionFilter

  SetProcessPriorityBoost

  SetEvent

  SetErrorMode

  SetConsoleCtrlHandler

  ResumeThread

  PostQueuedCompletionStatus

  LoadLibraryA

  LoadLibraryW

  SetThreadContext

  GetThreadContext

  GetSystemInfo

  GetSystemDirectoryA

  GetStdHandle

  GetQueuedCompletionStatusEx

  GetProcessAffinityMask

  GetProcAddress

  GetEnvironmentStringsW

  GetConsoleMode

  FreeEnvironmentStringsW

  ExitProcess

  DuplicateHandle

  CreateWaitableTimerExW

  CreateThread

  CreateIoCompletionPort

  CreateFileA

  CreateEventA

  CloseHandle

  AddVectoredExceptionHandler

  Sections

  .text

  Size: 528KB - Virtual size: 527KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 605KB - Virtual size: 605KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 79KB - Virtual size: 434KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .symtab

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 656B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ