252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef

.zip

Win32/Backdoor.Win32.APT34.PoisonFrogC2.7z

.7z

Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/Agent/runner_.vbs

.vbs

Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/Read me.txt

Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/panel/ToggleSwitch.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/panel/newPanel-dbg.exe

.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/server/srvr.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/0000000000.bat

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/9999999999.bat

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/config.json

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/filesList

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/install_pachages.bat

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/installing mongo_nodejs

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/stop dnsmasq

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/routes/index.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/agents.ejs

.html .js

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/login.ejs

.html

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/notfound.ejs

.html

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/panel.ejs

.html .js

Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/result.ejs

.html .js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/Files/Login_v1.zip

.zip

Login_v1/css/main.css

Login_v1/css/util.css

Login_v1/fonts/font-awesome-4.7.0/HELP-US-OUT.txt

Login_v1/fonts/font-awesome-4.7.0/css/font-awesome.css

Login_v1/fonts/font-awesome-4.7.0/css/font-awesome.min.css

Login_v1/fonts/font-awesome-4.7.0/fonts/FontAwesome.otf

Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.eot

Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.svg

.xml

Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.ttf

Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.woff

Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2

Login_v1/fonts/font-awesome-4.7.0/less/animated.less

Login_v1/fonts/font-awesome-4.7.0/less/bordered-pulled.less

Login_v1/fonts/font-awesome-4.7.0/less/core.less

Login_v1/fonts/font-awesome-4.7.0/less/fixed-width.less

Login_v1/fonts/font-awesome-4.7.0/less/font-awesome.less

Login_v1/fonts/font-awesome-4.7.0/less/icons.less

Login_v1/fonts/font-awesome-4.7.0/less/larger.less

Login_v1/fonts/font-awesome-4.7.0/less/list.less

Login_v1/fonts/font-awesome-4.7.0/less/mixins.less

Login_v1/fonts/font-awesome-4.7.0/less/path.less

Login_v1/fonts/font-awesome-4.7.0/less/rotated-flipped.less

Login_v1/fonts/font-awesome-4.7.0/less/screen-reader.less

Login_v1/fonts/font-awesome-4.7.0/less/stacked.less

Login_v1/fonts/font-awesome-4.7.0/less/variables.less

Login_v1/fonts/font-awesome-4.7.0/scss/_animated.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_bordered-pulled.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_core.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_fixed-width.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_icons.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_larger.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_list.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_mixins.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_path.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_rotated-flipped.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_screen-reader.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_stacked.scss

Login_v1/fonts/font-awesome-4.7.0/scss/_variables.scss

Login_v1/fonts/font-awesome-4.7.0/scss/font-awesome.scss

Login_v1/fonts/montserrat/Montserrat-Black.ttf

Login_v1/fonts/montserrat/Montserrat-BlackItalic.ttf

Login_v1/fonts/montserrat/Montserrat-Bold.ttf

Login_v1/fonts/montserrat/Montserrat-BoldItalic.ttf

Login_v1/fonts/montserrat/Montserrat-ExtraBold.ttf

Login_v1/fonts/montserrat/Montserrat-ExtraBoldItalic.ttf

Login_v1/fonts/montserrat/Montserrat-ExtraLight.ttf

Login_v1/fonts/montserrat/Montserrat-ExtraLightItalic.ttf

Login_v1/fonts/montserrat/Montserrat-Italic.ttf

Login_v1/fonts/montserrat/Montserrat-Light.ttf

Login_v1/fonts/montserrat/Montserrat-LightItalic.ttf

Login_v1/fonts/montserrat/Montserrat-Medium.ttf

Login_v1/fonts/montserrat/Montserrat-MediumItalic.ttf

Login_v1/fonts/montserrat/Montserrat-Regular.ttf

Login_v1/fonts/montserrat/Montserrat-SemiBold.ttf

Login_v1/fonts/montserrat/Montserrat-SemiBoldItalic.ttf

Login_v1/fonts/montserrat/Montserrat-Thin.ttf

Login_v1/fonts/montserrat/Montserrat-ThinItalic.ttf

Login_v1/fonts/montserrat/OFL.txt

Login_v1/fonts/poppins/Poppins-Black.ttf

Login_v1/fonts/poppins/Poppins-BlackItalic.ttf

Login_v1/fonts/poppins/Poppins-Bold.ttf

Login_v1/fonts/poppins/Poppins-BoldItalic.ttf

Login_v1/fonts/poppins/Poppins-ExtraBold.ttf

Login_v1/fonts/poppins/Poppins-ExtraBoldItalic.ttf

Login_v1/fonts/poppins/Poppins-ExtraLight.ttf

Login_v1/fonts/poppins/Poppins-ExtraLightItalic.ttf

Login_v1/fonts/poppins/Poppins-Italic.ttf

Login_v1/fonts/poppins/Poppins-Light.ttf

Login_v1/fonts/poppins/Poppins-LightItalic.ttf

Login_v1/fonts/poppins/Poppins-Medium.ttf

Login_v1/fonts/poppins/Poppins-MediumItalic.ttf

Login_v1/fonts/poppins/Poppins-Regular.ttf

Login_v1/fonts/poppins/Poppins-SemiBold.ttf

Login_v1/fonts/poppins/Poppins-SemiBoldItalic.ttf

Login_v1/fonts/poppins/Poppins-Thin.ttf

Login_v1/fonts/poppins/Poppins-ThinItalic.ttf

Login_v1/images/icons/favicon.ico

Login_v1/images/img-01.png

.png

Login_v1/index.html

.html

Login_v1/js/main.js

.js

Login_v1/vendor/animate/animate.css

Login_v1/vendor/bootstrap/css/bootstrap-grid.css

Login_v1/vendor/bootstrap/css/bootstrap-grid.css.map

Login_v1/vendor/bootstrap/css/bootstrap-grid.min.css

Login_v1/vendor/bootstrap/css/bootstrap-grid.min.css.map

Login_v1/vendor/bootstrap/css/bootstrap-reboot.css

Login_v1/vendor/bootstrap/css/bootstrap-reboot.css.map

Login_v1/vendor/bootstrap/css/bootstrap-reboot.min.css

Login_v1/vendor/bootstrap/css/bootstrap-reboot.min.css.map

Login_v1/vendor/bootstrap/css/bootstrap.css

Login_v1/vendor/bootstrap/css/bootstrap.css.map

Login_v1/vendor/bootstrap/css/bootstrap.min.css

Login_v1/vendor/bootstrap/css/bootstrap.min.css.map

Login_v1/vendor/bootstrap/js/bootstrap.js

.js

Login_v1/vendor/bootstrap/js/bootstrap.min.js

.js

Login_v1/vendor/bootstrap/js/popper.js

.js

Login_v1/vendor/bootstrap/js/popper.min.js

.js

Login_v1/vendor/bootstrap/js/tooltip.js

.js

Login_v1/vendor/css-hamburgers/hamburgers.css

Login_v1/vendor/css-hamburgers/hamburgers.min.css

Login_v1/vendor/jquery/jquery-3.2.1.min.js

.js

Login_v1/vendor/select2/select2.css

Login_v1/vendor/select2/select2.js

.js

Login_v1/vendor/select2/select2.min.css

Login_v1/vendor/select2/select2.min.js

.js

Login_v1/vendor/tilt/tilt.jquery.min.js

.js

__MACOSX/._Login_v1

__MACOSX/Login_v1/._css

__MACOSX/Login_v1/._fonts

__MACOSX/Login_v1/._images

__MACOSX/Login_v1/._index.html

__MACOSX/Login_v1/._js

__MACOSX/Login_v1/._vendor

__MACOSX/Login_v1/css/._main.css

__MACOSX/Login_v1/css/._util.css

__MACOSX/Login_v1/fonts/._font-awesome-4.7.0

__MACOSX/Login_v1/fonts/._montserrat

__MACOSX/Login_v1/fonts/._poppins

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/._HELP-US-OUT.txt

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/._css

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/._fonts

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/._less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/._scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/css/._font-awesome.css

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/css/._font-awesome.min.css

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._FontAwesome.otf

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.eot

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.svg

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.ttf

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.woff

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.woff2

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._animated.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._bordered-pulled.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._core.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._fixed-width.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._font-awesome.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._icons.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._larger.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._list.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._mixins.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._path.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._rotated-flipped.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._screen-reader.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._stacked.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._variables.less

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__animated.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__bordered-pulled.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__core.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__fixed-width.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__icons.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__larger.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__list.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__mixins.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__path.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__rotated-flipped.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__screen-reader.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__stacked.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__variables.scss

__MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/._font-awesome.scss

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Black.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-BlackItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Bold.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-BoldItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraBold.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraBoldItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraLight.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraLightItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Italic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Light.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-LightItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Medium.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-MediumItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Regular.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-SemiBold.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-SemiBoldItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-Thin.ttf

__MACOSX/Login_v1/fonts/montserrat/._Montserrat-ThinItalic.ttf

__MACOSX/Login_v1/fonts/montserrat/._OFL.txt

__MACOSX/Login_v1/fonts/poppins/._Poppins-Black.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-BlackItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Bold.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-BoldItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraBold.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraBoldItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraLight.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraLightItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Italic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Light.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-LightItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Medium.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-MediumItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Regular.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-SemiBold.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-SemiBoldItalic.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-Thin.ttf

__MACOSX/Login_v1/fonts/poppins/._Poppins-ThinItalic.ttf

__MACOSX/Login_v1/images/._icons

__MACOSX/Login_v1/images/._img-01.png

__MACOSX/Login_v1/images/icons/._favicon.ico

__MACOSX/Login_v1/js/._main.js

__MACOSX/Login_v1/vendor/._animate

__MACOSX/Login_v1/vendor/._bootstrap

__MACOSX/Login_v1/vendor/._css-hamburgers

__MACOSX/Login_v1/vendor/._jquery

__MACOSX/Login_v1/vendor/._select2

__MACOSX/Login_v1/vendor/._tilt

__MACOSX/Login_v1/vendor/animate/._animate.css

__MACOSX/Login_v1/vendor/bootstrap/._css

__MACOSX/Login_v1/vendor/bootstrap/._js

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.css.map

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.min.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.min.css.map

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.css.map

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.min.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.min.css.map

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.css.map

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.min.css

__MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.min.css.map

__MACOSX/Login_v1/vendor/bootstrap/js/._bootstrap.js

__MACOSX/Login_v1/vendor/bootstrap/js/._bootstrap.min.js

__MACOSX/Login_v1/vendor/bootstrap/js/._popper.js

__MACOSX/Login_v1/vendor/bootstrap/js/._popper.min.js

__MACOSX/Login_v1/vendor/bootstrap/js/._tooltip.js

__MACOSX/Login_v1/vendor/css-hamburgers/._hamburgers.css

__MACOSX/Login_v1/vendor/css-hamburgers/._hamburgers.min.css

__MACOSX/Login_v1/vendor/jquery/._jquery-3.2.1.min.js

__MACOSX/Login_v1/vendor/select2/._select2.css

__MACOSX/Login_v1/vendor/select2/._select2.js

__MACOSX/Login_v1/vendor/select2/._select2.min.css

__MACOSX/Login_v1/vendor/select2/._select2.min.js

__MACOSX/Login_v1/vendor/tilt/._tilt.jquery.min.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/ApplicationInsights.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Controllers/HomeController.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/FoxPanel.csproj

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/FoxPanel.csproj.user

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Global.asax

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Global.asax.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Models/DataBaseModels.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/About.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/Contact.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/Index.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Shared/Error.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Shared/_Layout.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Web.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/_ViewStart.cshtml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.Debug.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.Release.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/favicon-32x32.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/obj/Debug/FoxPanel.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/packages.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/ExpiredPasswordTech/MyMaster.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword..txt

.asp .js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/MyMaster.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/HighShellPass.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx

.ps1

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/LoginPages/source.aspx

.asp .js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx.designer.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/EclipseTheme.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/Front/Front.aspx

.html

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/HighShellPass.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/HyperShell.aspx

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simple.aspx

.asp .js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simple.aspx.Password.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simpleDownload.aspx

.asp .js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p2.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p21.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p22.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p23.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p3.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p4.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p5.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p6.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special2/HighShellLocal/HighShellLocal.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special3/HighShellLocal.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special4/HighShellLocal.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal/HighShellLocal/HighShellLocal.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/checkbox.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/shels/Shell exchange/path-2013.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/aVDN6Qw_700b.jpg

.jpg

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (1).png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (2).png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/s-l300.jpg

.jpg

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Doc/license.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Doc/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Src/Newtonsoft.Json.Tests/PoisonText.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/copying.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/license.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/license.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/MyDownloader/src/MyDownloader.IEPlugin/READ-ME.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/MyDownloader/src/MyDownloader.IEPlugin/VideoSitesURLPatterns.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Doc/license.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Doc/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Src/Newtonsoft.Json.Tests/PoisonText.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/copying.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/license.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HighShellPass.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ExpiredPasswordTech/MyMaster.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/aVDN6Qw_700b.jpg

.jpg

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/hyper.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (1).png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/s-l300.jpg

.jpg

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ShellLocal/StableVersions/ShellLocal-v8.8.5.rar

.rar

ShellLocal-v8.8.5/HighShellLocal/HighShellLocal.aspx

.js

ShellLocal-v8.8.5/HighShellLocal/css/img/box-zipper.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/download-cloud.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/exclamation-diamond.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/heart-break.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/heart-empty.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/heart.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/img/minus-button.png

.png

ShellLocal-v8.8.5/HighShellLocal/css/main.css

ShellLocal-v8.8.5/HighShellLocal/files/7za.exe

.exe windows x86

97afb108b72a3d7397a41aa475152d5a

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy

SysAllocStringLen

SysAllocString

SysFreeString

SysStringLen

VariantClear

user32

CharPrevExA

CharUpperW

advapi32

SetFileSecurityW

OpenProcessToken

LookupPrivilegeValueW

AdjustTokenPrivileges

GetFileSecurityW

msvcrt

_controlfp

__set_app_type

__p__fmode

__p__commode

_adjust_fdiv

__setusermatherr

_initterm

__getmainargs

__p___initenv

exit

_XcptFilter

_exit

_onexit

__dllonexit

??1type_info@@UAE@XZ

?terminate@@YAXXZ

_except_handler3

_beginthreadex

realloc

strlen

memset

wcscmp

wcsstr

strcmp

memmove

fputs

fputc

fflush

fgetc

fclose

_iob

free

_CxxThrowException

malloc

memcmp

_purecall

memcpy

__CxxFrameHandler

_isatty

_fileno

kernel32

ResetEvent

CreateSemaphoreW

CreateEventW

WaitForSingleObject

ReleaseSemaphore

InitializeCriticalSection

VirtualFree

SetEvent

MoveFileW

VirtualAlloc

QueryPerformanceCounter

LocalFileTimeToFileTime

SetConsoleMode

GetConsoleMode

GetVersionExW

SetFileApisToOEM

GetCommandLineW

GetConsoleScreenBufferInfo

SetConsoleCtrlHandler

DeleteCriticalSection

IsProcessorFeaturePresent

GetProcessTimes

OpenEventW

OpenFileMappingW

MapViewOfFile

UnmapViewOfFile

SetProcessAffinityMask

WaitForMultipleObjects

EnterCriticalSection

LeaveCriticalSection

GetStdHandle

GetSystemTimeAsFileTime

FileTimeToDosDateTime

DosDateTimeToFileTime

GlobalMemoryStatus

GetSystemInfo

GetProcessAffinityMask

FileTimeToLocalFileTime

FileTimeToSystemTime

CompareFileTime

GetCurrentProcess

GetDiskFreeSpaceW

GetFileInformationByHandle

SetEndOfFile

WriteFile

ReadFile

DeviceIoControl

SetFilePointer

GetFileSize

GetLastError

MultiByteToWideChar

WideCharToMultiByte

FreeLibrary

LoadLibraryW

GetModuleFileNameW

LocalFree

FormatMessageW

CloseHandle

SetFileTime

CreateFileW

SetFileAttributesW

RemoveDirectoryW

GetLogicalDriveStringsW

GetProcAddress

GetModuleHandleW

CreateDirectoryW

DeleteFileW

SetLastError

SetCurrentDirectoryW

GetCurrentDirectoryW

GetTempPathW

GetCurrentProcessId

GetTickCount

GetCurrentThreadId

FindClose

FindFirstFileW

FindNextFileW

GetModuleHandleA

GetFileAttributesW

InterlockedIncrement

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

ShellLocal-v8.8.5/HighShellLocal/files/nbt.exe

.exe windows x86

2fa43c5392ec7923ababced078c2f98d

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup

gethostbyaddr

gethostbyname

recvfrom

sendto

ntohl

select

__WSAFDIsSet

socket

htonl

htons

bind

WSAGetLastError

ntohs

inet_addr

WSACleanup

kernel32

GetLastError

Sleep

msvcrt

_controlfp

_except_handler3

__set_app_type

__p__fmode

__p__commode

__setusermatherr

_initterm

__getmainargs

__p___initenv

_XcptFilter

_exit

strpbrk

_adjust_fdiv

fflush

fputc

fputs

_iob

strchr

fprintf

memset

printf

fopen

atoi

exit

puts

strcmp

strerror

_errno

_strdup

_assert

putc

vfprintf

calloc

malloc

_pctype

_isctype

__mb_cur_max

sprintf

strncmp

strcpy

strncpy

memcpy

strlen

ctime

time

strtok

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

ShellLocal-v8.8.5/HighShellLocal/files/rx.exe

.exe windows x86

45bfa2772c134e94dcaf81cf69a61683

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29-11-2013 00:00

Not After

27-02-2017 23:59

Subject

CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54
Signer

Actual PE Digest

e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

24-01-2014 17:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup

WSACleanup

wtsapi32

WTSEnumerateSessionsW

WTSQuerySessionInformationW

WTSFreeMemory

userenv

UnloadUserProfile

DestroyEnvironmentBlock

CreateEnvironmentBlock

LoadUserProfileW

psapi

EnumProcesses

GetModuleBaseNameW

mpr

WNetAddConnection2W

WNetCancelConnection2W

kernel32

GetStartupInfoA

GetCommandLineW

Sleep

CopyFileW

FormatMessageW

GetLastError

DeleteFileW

MoveFileExW

CloseHandle

OpenProcess

TerminateProcess

GetModuleHandleW

GetProcAddress

lstrlenW

WaitForSingleObject

InitializeCriticalSection

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

ReleaseMutex

HeapAlloc

HeapFree

GetProcessHeap

FindFirstFileW

FindClose

SetFilePointer

ExitProcess

WriteFile

ReadFile

CreateFileW

FlushFileBuffers

CreateDirectoryW

GetModuleFileNameW

RemoveDirectoryW

ExpandEnvironmentStringsW

CreateProcessW

GetCurrentProcess

GetCurrentThread

GetExitCodeProcess

GetStdHandle

PeekNamedPipe

ConnectNamedPipe

CreateNamedPipeW

WaitNamedPipeW

GetSystemDirectoryW

GetCurrentProcessId

FreeLibrary

LoadLibraryW

lstrcmpiW

HeapReAlloc

WideCharToMultiByte

CreateThread

GetVersionExW

GetFileType

SetHandleCount

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetSystemTimeAsFileTime

GetConsoleCP

GetConsoleMode

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

HeapSize

RaiseException

HeapCreate

VirtualFree

VirtualAlloc

GetModuleFileNameA

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

LCMapStringW

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetTickCount

InitializeCriticalSectionAndSpinCount

LoadLibraryA

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

SetStdHandle

RtlUnwind

GetLocaleInfoA

GetStringTypeA

GetStringTypeW

GetModuleHandleA

CreateFileA

MultiByteToWideChar

user32

OpenDesktopW

GetUserObjectSecurity

GetProcessWindowStation

SetUserObjectSecurity

OpenWindowStationW

CloseWindowStation

SetProcessWindowStation

WaitForInputIdle

GetSystemMetrics

CloseDesktop

advapi32

StartServiceW

OpenServiceW

OpenSCManagerW

DeleteService

CloseServiceHandle

CreateServiceW

RegSetValueExW

RegEnumKeyExW

RegEnumValueW

RegDeleteValueW

RegConnectRegistryW

RegDeleteKeyW

RegQueryInfoKeyW

RegCreateKeyExW

AdjustTokenPrivileges

AllocateLocallyUniqueId

DuplicateTokenEx

LookupAccountSidW

LookupPrivilegeValueW

SetTokenInformation

CreateProcessAsUserW

OpenThreadToken

OpenProcessToken

GetSecurityDescriptorDacl

GetLengthSid

AddAce

AddAccessAllowedAce

InitializeAcl

GetAce

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

EqualSid

CopySid

GetAclInformation

GetTokenInformation

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

SetServiceStatus

RegisterServiceCtrlHandlerExW

StartServiceCtrlDispatcherW

RevertToSelf

ImpersonateLoggedOnUser

LogonUserW

QueryServiceStatus

ControlService

ChangeServiceConfig2W

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

ShellLocal-v8.8.5/HighShellLocal/js/components/downloadbox.css

ShellLocal-v8.8.5/HighShellLocal/js/components/downloadbox.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/components/networkdownlaoder.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/components/spycheck.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/components/targetcomuter.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/explorer.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.min.map

ShellLocal-v8.8.5/HighShellLocal/js/main.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/ad.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/ad.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/api.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/api.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/breadcrumb.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/breadcrumb.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/button.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/button.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/card.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/card.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/colorize.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/colorize.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/comment.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/comment.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/container.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/container.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/divider.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/divider.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/feed.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/feed.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/flag.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/flag.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/grid.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/grid.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/header.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/header.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/icon.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/icon.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/image.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/image.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/input.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/input.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/item.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/item.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/label.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/label.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/list.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/list.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/loader.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/loader.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/menu.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/menu.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/message.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/message.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rail.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rail.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reset.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reset.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reveal.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reveal.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/segment.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/segment.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/state.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/state.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/statistic.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/statistic.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/step.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/step.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/table.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/table.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visibility.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visibility.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visit.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visit.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/semantic.min.css

ShellLocal-v8.8.5/HighShellLocal/js/semantic/semantic.min.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.eot

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.otf

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.svg

.xml

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.ttf

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.woff

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.woff2

ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/images/flags.png

.png

ShellLocal-v8.8.5/HighShellLocal/js/send.js

.js

ShellLocal-v8.8.5/HighShellLocal/js/utility.js

.js

ShellLocal-v8.8.5/HighShellPass.txt

ShellLocal-v8.8.5/HighShellServer.aspx

.js

ShellLocal-v8.8.5/bin/Newtonsoft.Json.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/EntityFramework.6.1.3/tools/about/EntityFramework.help.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/Microsoft.AspNet.FriendlyUrls.1.0.2/readme.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/Microsoft.AspNet.Providers.Core.2.0.0/ReadMe.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/HighShellLocal.aspx

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/css/main.css

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/7za.exe

.exe windows x86

97afb108b72a3d7397a41aa475152d5a

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy

SysAllocStringLen

SysAllocString

SysFreeString

SysStringLen

VariantClear

user32

CharPrevExA

CharUpperW

advapi32

SetFileSecurityW

OpenProcessToken

LookupPrivilegeValueW

AdjustTokenPrivileges

GetFileSecurityW

msvcrt

_controlfp

__set_app_type

__p__fmode

__p__commode

_adjust_fdiv

__setusermatherr

_initterm

__getmainargs

__p___initenv

exit

_XcptFilter

_exit

_onexit

__dllonexit

??1type_info@@UAE@XZ

?terminate@@YAXXZ

_except_handler3

_beginthreadex

realloc

strlen

memset

wcscmp

wcsstr

strcmp

memmove

fputs

fputc

fflush

fgetc

fclose

_iob

free

_CxxThrowException

malloc

memcmp

_purecall

memcpy

__CxxFrameHandler

_isatty

_fileno

kernel32

ResetEvent

CreateSemaphoreW

CreateEventW

WaitForSingleObject

ReleaseSemaphore

InitializeCriticalSection

VirtualFree

SetEvent

MoveFileW

VirtualAlloc

QueryPerformanceCounter

LocalFileTimeToFileTime

SetConsoleMode

GetConsoleMode

GetVersionExW

SetFileApisToOEM

GetCommandLineW

GetConsoleScreenBufferInfo

SetConsoleCtrlHandler

DeleteCriticalSection

IsProcessorFeaturePresent

GetProcessTimes

OpenEventW

OpenFileMappingW

MapViewOfFile

UnmapViewOfFile

SetProcessAffinityMask

WaitForMultipleObjects

EnterCriticalSection

LeaveCriticalSection

GetStdHandle

GetSystemTimeAsFileTime

FileTimeToDosDateTime

DosDateTimeToFileTime

GlobalMemoryStatus

GetSystemInfo

GetProcessAffinityMask

FileTimeToLocalFileTime

FileTimeToSystemTime

CompareFileTime

GetCurrentProcess

GetDiskFreeSpaceW

GetFileInformationByHandle

SetEndOfFile

WriteFile

ReadFile

DeviceIoControl

SetFilePointer

GetFileSize

GetLastError

MultiByteToWideChar

WideCharToMultiByte

FreeLibrary

LoadLibraryW

GetModuleFileNameW

LocalFree

FormatMessageW

CloseHandle

SetFileTime

CreateFileW

SetFileAttributesW

RemoveDirectoryW

GetLogicalDriveStringsW

GetProcAddress

GetModuleHandleW

CreateDirectoryW

DeleteFileW

SetLastError

SetCurrentDirectoryW

GetCurrentDirectoryW

GetTempPathW

GetCurrentProcessId

GetTickCount

GetCurrentThreadId

FindClose

FindFirstFileW

FindNextFileW

GetModuleHandleA

GetFileAttributesW

InterlockedIncrement

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/hb.exe

.exe windows x64

34f84c68ff9c239f16b68436b534da34

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

vssapi

?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z

kernel32

IsDebuggerPresent

UnhandledExceptionFilter

MultiByteToWideChar

WideCharToMultiByte

CreateDirectoryW

GetLastError

GetFileAttributesExW

SystemTimeToTzSpecificLocalTime

GetDateFormatW

GetTimeFormatW

FormatMessageW

LocalFree

CreateFileW

GetFileSizeEx

CloseHandle

GetStdHandle

DuplicateHandle

GetCurrentProcess

ReadConsoleW

WriteFile

GetFullPathNameW

CopyFileW

SystemTimeToFileTime

GetFileTime

CompareFileTime

RemoveDirectoryW

DeleteFileW

GetFileAttributesW

SetFileAttributesW

DebugBreak

GetSystemTime

GetVolumePathNameW

SetConsoleCtrlHandler

FindFirstFileW

FindNextFileW

FindClose

SizeofResource

LockResource

LoadResource

FindResourceW

FindResourceExW

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

TerminateProcess

Sleep

DeleteCriticalSection

InitializeCriticalSection

LeaveCriticalSection

EnterCriticalSection

RaiseException

GetProcessHeap

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

HeapDestroy

SetUnhandledExceptionFilter

ole32

CoInitialize

CoCreateInstance

CoInitializeSecurity

oleaut32

VariantClear

SysFreeString

SysAllocString

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ

msvcr90

_CxxThrowException

malloc

free

wcsncmp

_wcsnicmp

??_V@YAXPEAX@Z

memset

??1exception@std@@UEAA@XZ

??0exception@std@@QEAA@AEBV01@@Z

?what@exception@std@@UEBAPEBDXZ

??0exception@std@@QEAA@AEBQEBD@Z

??0exception@std@@QEAA@XZ

iswdigit

wcstol

_vscwprintf

vswprintf_s

calloc

_purecall

__C_specific_handler

_amsg_exit

__wgetmainargs

_XcptFilter

_exit

_cexit

_wcslwr_s

__winitenv

_initterm

_initterm_e

_configthreadlocale

__setusermatherr

_commode

_fmode

_encode_pointer

__set_app_type

_unlock

__dllonexit

_lock

_onexit

_decode_pointer

__crt_debugger_hook

?terminate@@YAXXZ

?_type_info_dtor_internal_method@type_info@@QEAAXXZ

wcslen

memmove_s

_wcsicmp

wcscmp

_wtoi

??2@YAPEAX_K@Z

strlen

??3@YAXPEAX@Z

wcsstr

wcschr

wcscspn

exit

memcpy_s

__CxxFrameHandler3

wcsspn

_invalid_parameter_noinfo

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/nbt.exe

.exe windows x86

2fa43c5392ec7923ababced078c2f98d

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup

gethostbyaddr

gethostbyname

recvfrom

sendto

ntohl

select

__WSAFDIsSet

socket

htonl

htons

bind

WSAGetLastError

ntohs

inet_addr

WSACleanup

kernel32

GetLastError

Sleep

msvcrt

_controlfp

_except_handler3

__set_app_type

__p__fmode

__p__commode

__setusermatherr

_initterm

__getmainargs

__p___initenv

_XcptFilter

_exit

strpbrk

_adjust_fdiv

fflush

fputc

fputs

_iob

strchr

fprintf

memset

printf

fopen

atoi

exit

puts

strcmp

strerror

_errno

_strdup

_assert

putc

vfprintf

calloc

malloc

_pctype

_isctype

__mb_cur_max

sprintf

strncmp

strcpy

strncpy

memcpy

strlen

ctime

time

strtok

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/rx.exe

.exe windows x86

45bfa2772c134e94dcaf81cf69a61683

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29-11-2013 00:00

Not After

27-02-2017 23:59

Subject

CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54
Signer

Actual PE Digest

e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

24-01-2014 17:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup

WSACleanup

wtsapi32

WTSEnumerateSessionsW

WTSQuerySessionInformationW

WTSFreeMemory

userenv

UnloadUserProfile

DestroyEnvironmentBlock

CreateEnvironmentBlock

LoadUserProfileW

psapi

EnumProcesses

GetModuleBaseNameW

mpr

WNetAddConnection2W

WNetCancelConnection2W

kernel32

GetStartupInfoA

GetCommandLineW

Sleep

CopyFileW

FormatMessageW

GetLastError

DeleteFileW

MoveFileExW

CloseHandle

OpenProcess

TerminateProcess

GetModuleHandleW

GetProcAddress

lstrlenW

WaitForSingleObject

InitializeCriticalSection

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

ReleaseMutex

HeapAlloc

HeapFree

GetProcessHeap

FindFirstFileW

FindClose

SetFilePointer

ExitProcess

WriteFile

ReadFile

CreateFileW

FlushFileBuffers

CreateDirectoryW

GetModuleFileNameW

RemoveDirectoryW

ExpandEnvironmentStringsW

CreateProcessW

GetCurrentProcess

GetCurrentThread

GetExitCodeProcess

GetStdHandle

PeekNamedPipe

ConnectNamedPipe

CreateNamedPipeW

WaitNamedPipeW

GetSystemDirectoryW

GetCurrentProcessId

FreeLibrary

LoadLibraryW

lstrcmpiW

HeapReAlloc

WideCharToMultiByte

CreateThread

GetVersionExW

GetFileType

SetHandleCount

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetSystemTimeAsFileTime

GetConsoleCP

GetConsoleMode

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

HeapSize

RaiseException

HeapCreate

VirtualFree

VirtualAlloc

GetModuleFileNameA

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

LCMapStringW

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

GetTickCount

InitializeCriticalSectionAndSpinCount

LoadLibraryA

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

SetStdHandle

RtlUnwind

GetLocaleInfoA

GetStringTypeA

GetStringTypeW

GetModuleHandleA

CreateFileA

MultiByteToWideChar

user32

OpenDesktopW

GetUserObjectSecurity

GetProcessWindowStation

SetUserObjectSecurity

OpenWindowStationW

CloseWindowStation

SetProcessWindowStation

WaitForInputIdle

GetSystemMetrics

CloseDesktop

advapi32

StartServiceW

OpenServiceW

OpenSCManagerW

DeleteService

CloseServiceHandle

CreateServiceW

RegSetValueExW

RegEnumKeyExW

RegEnumValueW

RegDeleteValueW

RegConnectRegistryW

RegDeleteKeyW

RegQueryInfoKeyW

RegCreateKeyExW

AdjustTokenPrivileges

AllocateLocallyUniqueId

DuplicateTokenEx

LookupAccountSidW

LookupPrivilegeValueW

SetTokenInformation

CreateProcessAsUserW

OpenThreadToken

OpenProcessToken

GetSecurityDescriptorDacl

GetLengthSid

AddAce

AddAccessAllowedAce

InitializeAcl

GetAce

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

EqualSid

CopySid

GetAclInformation

GetTokenInformation

RegCloseKey

RegOpenKeyExW

RegQueryValueExW

SetServiceStatus

RegisterServiceCtrlHandlerExW

StartServiceCtrlDispatcherW

RevertToSelf

ImpersonateLoggedOnUser

LogonUserW

QueryServiceStatus

ControlService

ChangeServiceConfig2W

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/main.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/send.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/utility.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManLib.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo.h

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo.tlb

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo_i.c

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/download.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/IDManLib.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.dll.config

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.pdb

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Newtonsoft.Json.dll

.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/css/main.css

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/css/util.css

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/font-awesome-4.7.0/HELP-US-OUT.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Black.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-BlackItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Bold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-BoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraBold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraBoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraLight.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraLightItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Italic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Light.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-LightItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Medium.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-MediumItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Regular.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-SemiBold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-SemiBoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Thin.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ThinItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/OFL.txt

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Black.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-BlackItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Bold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-BoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraBold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraBoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraLight.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraLightItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Italic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Light.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-LightItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Medium.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-MediumItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Regular.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-SemiBold.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-SemiBoldItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Thin.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ThinItalic.ttf

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/android-chrome-144x144.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/apple-touch-icon.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/browserconfig.xml

.xml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon-16x16.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon-32x32.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon.ico

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/mstile-150x150.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/safari-pinned-tab.svg

.xml

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/site.webmanifest

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/foxicon.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/icons/favicon.ico

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/img-01.png

.png

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Download.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/LoginLog.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Main.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/UserLogin.cs

Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Utility.cs

.js

Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/config.json

Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/dnsd.js

.js

Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/dnsd.py

Backdoor.Win32.APT34.PoisonFrogC2/webmask/guide.txt

.js

Backdoor.Win32.APT34.PoisonFrogC2/webmask/install.sh

.sh linux

Win32/Win32.Annabelle.J.7z

.7z

Win32.Annabelle.J/Annabelle-tear.jpg

Win32.Annabelle.J/JigsawxD.sln

Win32.Annabelle.J/JigsawxD.v11.suo

Win32.Annabelle.J/JigsawxD/App.config

.xml

Win32.Annabelle.J/JigsawxD/ApplicationEvents.vb

Win32.Annabelle.J/JigsawxD/Form1.Designer.vb

Win32.Annabelle.J/JigsawxD/Form1.resx

.vbs

Win32.Annabelle.J/JigsawxD/Form1.vb

.vbs

Win32.Annabelle.J/JigsawxD/Form2.Designer.vb

Win32.Annabelle.J/JigsawxD/Form2.resx

.vbs

Win32.Annabelle.J/JigsawxD/Form2.vb

.vbs

Win32.Annabelle.J/JigsawxD/Form3.Designer.vb

Win32.Annabelle.J/JigsawxD/Form3.resx

.vbs

Win32.Annabelle.J/JigsawxD/Form3.vb

.vbs

Win32.Annabelle.J/JigsawxD/Form4.Designer.vb

Win32.Annabelle.J/JigsawxD/Form4.resx

.vbs

Win32.Annabelle.J/JigsawxD/Form4.vb

Win32.Annabelle.J/JigsawxD/GlobalSuppressions.vb

Win32.Annabelle.J/JigsawxD/JigsawxD.vbproj

Win32.Annabelle.J/JigsawxD/JigsawxD.vbproj.user

Win32.Annabelle.J/JigsawxD/My Project/Application.Designer.vb

Win32.Annabelle.J/JigsawxD/My Project/Application.myapp

Win32.Annabelle.J/JigsawxD/My Project/AssemblyInfo.vb

Win32.Annabelle.J/JigsawxD/My Project/Resources.Designer.vb

Win32.Annabelle.J/JigsawxD/My Project/Resources.resx

.vbs

Win32.Annabelle.J/JigsawxD/My Project/Settings.Designer.vb

Win32.Annabelle.J/JigsawxD/My Project/Settings.settings

Win32.Annabelle.J/JigsawxD/My Project/app.manifest

Win32.Annabelle.J/JigsawxD/Resources/MBRiCoreX.exe

.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_BYTES_REVERSED_LO

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

DATA
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Win32.Annabelle.J/JigsawxD/Resources/annabelle.7z

.7z

annabelle.wav

Win32.Annabelle.J/JigsawxD/Resources/child.7z

.7z

child.wav

Win32.Annabelle.J/JigsawxD/Resources/childsound.7z

.7z

childsound.wav

Win32.Annabelle.J/JigsawxD/annabelle_folder_icon_by_nickohetenbern-da497yo.ico

Win32.Annabelle.J/LICENSE

Win32.Annabelle.J/README.md

Win32.Annabelle.J/jigsaw1-1.ico

Win32/Win32.BloodyStealer.rar

.rar

Win32.BloodyStealer/-Module-.cs

Win32.BloodyStealer/741fd376-58f5-42d1-99b8-479964e5844c

.gz

Win32.BloodyStealer/997a1167-7bb0-44ff-b365-068a78fb7e77

.gz

Win32.BloodyStealer/AES.cs

Win32.BloodyStealer/AddOrUpdateAction.cs

Win32.BloodyStealer/AddProgressEventArgs.cs

Win32.BloodyStealer/Adler.cs

Win32.BloodyStealer/AeadParameters.cs

Win32.BloodyStealer/AesFastEngine.cs

Win32.BloodyStealer/AesGcm256.cs

Win32.BloodyStealer/Application.csproj

Win32.BloodyStealer/Application.sln

Win32.BloodyStealer/Archive.cs

Win32.BloodyStealer/Arrays.cs

Win32.BloodyStealer/Asn1Object.cs

Win32.BloodyStealer/Asn1Type.cs

Win32.BloodyStealer/AssemblyInfo.cs

Win32.BloodyStealer/AttributesCriterion.cs

Win32.BloodyStealer/BadCrcException.cs

Win32.BloodyStealer/BadPasswordException.cs

Win32.BloodyStealer/BadProcesses.cs

Win32.BloodyStealer/BadReadException.cs

Win32.BloodyStealer/BadStateException.cs

Win32.BloodyStealer/Bethesda.cs

Win32.BloodyStealer/BlockState.cs

Win32.BloodyStealer/CRC32.cs

Win32.BloodyStealer/ChromiumBrowserObject.cs

Win32.BloodyStealer/Chromium_Edited.cs

Win32.BloodyStealer/CloseDelegate.cs

Win32.BloodyStealer/ComHelper.cs

Win32.BloodyStealer/ComparisonOperator.cs

Win32.BloodyStealer/CompoundCriterion.cs

Win32.BloodyStealer/CompressionLevel.cs

Win32.BloodyStealer/CompressionMethod.cs

Win32.BloodyStealer/CompressionMode.cs

Win32.BloodyStealer/CompressionStrategy.cs

Win32.BloodyStealer/Core.cs

Win32.BloodyStealer/CountingStream.cs

Win32.BloodyStealer/CrcCalculatorStream.cs

Win32.BloodyStealer/CryptoException.cs

Win32.BloodyStealer/CryptoMode.cs

Win32.BloodyStealer/DataLengthException.cs

Win32.BloodyStealer/DeflateFlavor.cs

Win32.BloodyStealer/DeflateManager.cs

Win32.BloodyStealer/DeflateStream.cs

Win32.BloodyStealer/EncryptionAlgorithm.cs

Win32.BloodyStealer/EnumUtil.cs

Win32.BloodyStealer/EpicGames.cs

Win32.BloodyStealer/ExitDelegate.cs

Win32.BloodyStealer/ExtractExistingFileAction.cs

Win32.BloodyStealer/ExtractProgressEventArgs.cs

Win32.BloodyStealer/FileObject.cs

Win32.BloodyStealer/FileSelector.cs

Win32.BloodyStealer/Files.cs

Win32.BloodyStealer/FirefoxBrowserObject.cs

Win32.BloodyStealer/Firefox_Edited.cs

Win32.BloodyStealer/FlushType.cs

Win32.BloodyStealer/GOG.cs

Win32.BloodyStealer/GZipStream.cs

Win32.BloodyStealer/GcmBlockCipher.cs

Win32.BloodyStealer/GcmUtilities.cs

Win32.BloodyStealer/Geo.cs

Win32.BloodyStealer/Helper.cs

Win32.BloodyStealer/IAeadBlockCipher.cs

Win32.BloodyStealer/IBlockCipher.cs

Win32.BloodyStealer/ICipherParameters.cs

Win32.BloodyStealer/IGcmMultiplier.cs

Win32.BloodyStealer/InfTree.cs

Win32.BloodyStealer/InflateBlocks.cs

Win32.BloodyStealer/InflateCodes.cs

Win32.BloodyStealer/InflateManager.cs

Win32.BloodyStealer/InitializeDelegate.cs

Win32.BloodyStealer/InternalConstants.cs

Win32.BloodyStealer/InternalInflateConstants.cs

Win32.BloodyStealer/InvalidCipherTextException.cs

Win32.BloodyStealer/JavaScriptReader.cs

Win32.BloodyStealer/JsonArray.cs

Win32.BloodyStealer/JsonExt.cs

Win32.BloodyStealer/JsonObject.cs

Win32.BloodyStealer/JsonPrimitive.cs

Win32.BloodyStealer/JsonType.cs

Win32.BloodyStealer/JsonValue.cs

Win32.BloodyStealer/KeyParameter.cs

Win32.BloodyStealer/LogicalConjunction.cs

Win32.BloodyStealer/Methods.cs

Win32.BloodyStealer/NameCriterion.cs

Win32.BloodyStealer/NativeMethods.cs

Win32.BloodyStealer/NotRealPc.cs

Win32.BloodyStealer/Offline.cs

Win32.BloodyStealer/OffsetStream.cs

Win32.BloodyStealer/OpenDelegate.cs

Win32.BloodyStealer/Origin.cs

Win32.BloodyStealer/Other.cs

Win32.BloodyStealer/Pack.cs

Win32.BloodyStealer/ParallelDeflateOutputStream.cs

Win32.BloodyStealer/ParametersWithIV.cs

Win32.BloodyStealer/Paths.cs

Win32.BloodyStealer/Program.cs

Win32.BloodyStealer/ReadProgressEventArgs.cs

Win32.BloodyStealer/SaveProgressEventArgs.cs

Win32.BloodyStealer/SelectionCriterion.cs

Win32.BloodyStealer/SelfExtractorFlavor.cs

Win32.BloodyStealer/SelfExtractorSaveOptions.cs

Win32.BloodyStealer/Sender.cs

Win32.BloodyStealer/SetCompressionCallback.cs

Win32.BloodyStealer/Settings.cs

Win32.BloodyStealer/SfxGenerationException.cs

Win32.BloodyStealer/SharedUtilities.cs

Win32.BloodyStealer/SharedUtils.cs

Win32.BloodyStealer/SizeCriterion.cs

Win32.BloodyStealer/Sqlite.cs

Win32.BloodyStealer/StaticTree.cs

Win32.BloodyStealer/Steam.cs

Win32.BloodyStealer/System.cs

Win32.BloodyStealer/Telegram.cs

Win32.BloodyStealer/TimeCriterion.cs

Win32.BloodyStealer/Tree.cs

Win32.BloodyStealer/TypeCriterion.cs

Win32.BloodyStealer/VimeWorld.cs

Win32.BloodyStealer/WhichTime.cs

Win32.BloodyStealer/WinZipAesCipherStream.cs

Win32.BloodyStealer/WinZipAesCrypto.cs

Win32.BloodyStealer/WorkItem.cs

Win32.BloodyStealer/WriteDelegate.cs

Win32.BloodyStealer/Zip64Option.cs

Win32.BloodyStealer/ZipCipherStream.cs

Win32.BloodyStealer/ZipConstants.cs

Win32.BloodyStealer/ZipContainer.cs

Win32.BloodyStealer/ZipCrypto.cs

Win32.BloodyStealer/ZipEntry.cs

Win32.BloodyStealer/ZipEntrySource.cs

Win32.BloodyStealer/ZipEntryTimestamp.cs

Win32.BloodyStealer/ZipErrorAction.cs

Win32.BloodyStealer/ZipErrorEventArgs.cs

Win32.BloodyStealer/ZipException.cs

Win32.BloodyStealer/ZipFile.cs

Win32.BloodyStealer/ZipInputStream.cs

Win32.BloodyStealer/ZipOutput.cs

Win32.BloodyStealer/ZipOutputStream.cs

Win32.BloodyStealer/ZipProgressEventArgs.cs

Win32.BloodyStealer/ZipProgressEventType.cs

Win32.BloodyStealer/ZipSegmentedStream.cs

.vbs

Win32.BloodyStealer/ZlibBaseStream.cs

Win32.BloodyStealer/ZlibCodec.cs

Win32.BloodyStealer/ZlibConstants.cs

Win32.BloodyStealer/ZlibException.cs

Win32.BloodyStealer/ZlibStream.cs

Win32.BloodyStealer/ZlibStreamFlavor.cs

Win32.BloodyStealer/app.manifest

Win32.BloodyStealer/c00001d.cs

Win32.BloodyStealer/c00004c.cs

Win32.BloodyStealer/c00008e.cs

Win32.BloodyStealer/c0000b4.cs

Win32.BloodyStealer/c0000c0.cs

Win32.BloodyStealer/c0000c1.cs

Win32.BloodyStealer/c0000c3.cs

Win32.BloodyStealer/c0000c6.cs

.ps1

Win32.BloodyStealer/delegate0100.cs

Win32.BloodyStealer/delegate0101.cs

Win32.BloodyStealer/delegate0102.cs

Win32.BloodyStealer/delegate0103.cs

Win32.BloodyStealer/delegate0104.cs

Win32.BloodyStealer/delegate0105.cs

Win32.BloodyStealer/delegate0106.cs

Win32.BloodyStealer/delegate0107.cs

Win32.BloodyStealer/delegate0108.cs

Win32.BloodyStealer/delegate0109.cs

Win32.BloodyStealer/delegate010a.cs

Win32.BloodyStealer/delegate010b.cs

Win32.BloodyStealer/delegate010c.cs

Win32.BloodyStealer/delegate010d.cs

Win32.BloodyStealer/delegate010e.cs

Win32.BloodyStealer/delegate010f.cs

Win32.BloodyStealer/delegate0110.cs

Win32.BloodyStealer/delegate0111.cs

Win32.BloodyStealer/delegate0112.cs

Win32.BloodyStealer/delegate0113.cs

Win32.BloodyStealer/delegate0114.cs

Win32.BloodyStealer/delegate0115.cs

Win32.BloodyStealer/delegate0116.cs

Win32.BloodyStealer/delegate0117.cs

Win32.BloodyStealer/delegate0118.cs

Win32.BloodyStealer/delegate0119.cs

Win32.BloodyStealer/delegate011a.cs

Win32.BloodyStealer/delegate011b.cs

Win32.BloodyStealer/delegate011c.cs

Win32.BloodyStealer/delegate011d.cs

Win32.BloodyStealer/delegate011e.cs

Win32.BloodyStealer/delegate011f.cs

Win32.BloodyStealer/delegate0120.cs

Win32.BloodyStealer/delegate0121.cs

Win32.BloodyStealer/delegate0122.cs

Win32.BloodyStealer/delegate0123.cs

Win32.BloodyStealer/delegate0124.cs

Win32.BloodyStealer/delegate0125.cs

Win32.BloodyStealer/delegate0126.cs

Win32.BloodyStealer/delegate0127.cs

Win32.BloodyStealer/delegate0128.cs

Win32.BloodyStealer/delegate0129.cs

Win32.BloodyStealer/delegate012a.cs

Win32.BloodyStealer/delegate012b.cs

Win32.BloodyStealer/delegate012c.cs

Win32.BloodyStealer/delegate012d.cs

Win32.BloodyStealer/delegate012e.cs

Win32.BloodyStealer/delegate012f.cs

Win32.BloodyStealer/delegate0130.cs

Win32.BloodyStealer/delegate0131.cs

Win32.BloodyStealer/delegate0132.cs

Win32.BloodyStealer/delegate0133.cs

Win32.BloodyStealer/delegate0134.cs

Win32.BloodyStealer/delegate0135.cs

Win32.BloodyStealer/delegate0136.cs

Win32.BloodyStealer/delegate0137.cs

Win32.BloodyStealer/delegate0138.cs

Win32.BloodyStealer/delegate0139.cs

Win32.BloodyStealer/delegate013a.cs

Win32.BloodyStealer/delegate013b.cs

Win32.BloodyStealer/delegate013c.cs

Win32.BloodyStealer/delegate013d.cs

Win32.BloodyStealer/delegate013e.cs

Win32.BloodyStealer/delegate013f.cs

Win32.BloodyStealer/delegate0140.cs

Win32.BloodyStealer/delegate0141.cs

Win32.BloodyStealer/delegate0142.cs

Win32.BloodyStealer/delegate0143.cs

Win32.BloodyStealer/delegate0144.cs

Win32.BloodyStealer/delegate0145.cs

Win32.BloodyStealer/delegate0146.cs

Win32.BloodyStealer/delegate0147.cs

Win32.BloodyStealer/delegate0148.cs

Win32.BloodyStealer/delegate0149.cs

Win32.BloodyStealer/delegate014a.cs

Win32.BloodyStealer/delegate014b.cs

Win32.BloodyStealer/delegate014c.cs

Win32.BloodyStealer/delegate014d.cs

Win32.BloodyStealer/delegate014e.cs

Win32.BloodyStealer/delegate014f.cs

Win32.BloodyStealer/delegate0150.cs

Win32.BloodyStealer/delegate0151.cs

Win32.BloodyStealer/delegate0152.cs

Win32.BloodyStealer/delegate0153.cs

Win32.BloodyStealer/delegate0154.cs

Win32.BloodyStealer/delegate0155.cs

Win32.BloodyStealer/delegate0156.cs

Win32.BloodyStealer/delegate0157.cs

Win32.BloodyStealer/delegate0158.cs

Win32.BloodyStealer/delegate0159.cs

Win32.BloodyStealer/delegate015a.cs

Win32.BloodyStealer/delegate015b.cs

Win32.BloodyStealer/delegate015c.cs

Win32.BloodyStealer/delegate015d.cs

Win32.BloodyStealer/delegate015e.cs

Win32.BloodyStealer/delegate015f.cs

Win32.BloodyStealer/delegate0160.cs

Win32.BloodyStealer/delegate0161.cs

Win32.BloodyStealer/delegate0162.cs

Win32.BloodyStealer/delegate0163.cs

Win32.BloodyStealer/delegate0164.cs

Win32.BloodyStealer/delegate0165.cs

Win32.BloodyStealer/delegate0166.cs

Win32.BloodyStealer/delegate0167.cs

Win32.BloodyStealer/delegate0168.cs

Win32.BloodyStealer/delegate0169.cs

Win32.BloodyStealer/delegate016a.cs

Win32.BloodyStealer/delegate016b.cs

Win32.BloodyStealer/delegate016c.cs

Win32.BloodyStealer/delegate016d.cs

Win32.BloodyStealer/delegate016e.cs

Win32.BloodyStealer/delegate016f.cs

Win32.BloodyStealer/delegate0170.cs

Win32.BloodyStealer/delegate0171.cs

Win32.BloodyStealer/delegate0172.cs

Win32.BloodyStealer/delegate0173.cs

Win32.BloodyStealer/delegate0174.cs

Win32.BloodyStealer/delegate0175.cs

Win32.BloodyStealer/delegate0176.cs

Win32.BloodyStealer/delegate0177.cs

Win32.BloodyStealer/delegate0178.cs

Win32.BloodyStealer/delegate0179.cs

Win32.BloodyStealer/delegate017a.cs

Win32.BloodyStealer/delegate017b.cs

Win32.BloodyStealer/delegate017c.cs

Win32.BloodyStealer/delegate017d.cs

Win32.BloodyStealer/delegate017e.cs

Win32.BloodyStealer/delegate017f.cs

Win32.BloodyStealer/delegate0c7.cs

Win32.BloodyStealer/delegate0c8.cs

Win32.BloodyStealer/delegate0c9.cs

Win32.BloodyStealer/delegate0ca.cs

Win32.BloodyStealer/delegate0cb.cs

Win32.BloodyStealer/delegate0cc.cs

Win32.BloodyStealer/delegate0cd.cs

Win32.BloodyStealer/delegate0ce.cs

Win32.BloodyStealer/delegate0cf.cs

Win32.BloodyStealer/delegate0d0.cs

Win32.BloodyStealer/delegate0d1.cs

Win32.BloodyStealer/delegate0d2.cs

Win32.BloodyStealer/delegate0d3.cs

Win32.BloodyStealer/delegate0d4.cs

Win32.BloodyStealer/delegate0d5.cs

Win32.BloodyStealer/delegate0d6.cs

Win32.BloodyStealer/delegate0d7.cs

Win32.BloodyStealer/delegate0d8.cs

Win32.BloodyStealer/delegate0d9.cs

Win32.BloodyStealer/delegate0da.cs

Win32.BloodyStealer/delegate0db.cs

Win32.BloodyStealer/delegate0dc.cs

Win32.BloodyStealer/delegate0dd.cs

Win32.BloodyStealer/delegate0de.cs

Win32.BloodyStealer/delegate0df.cs

Win32.BloodyStealer/delegate0e0.cs

Win32.BloodyStealer/delegate0e1.cs

Win32.BloodyStealer/delegate0e2.cs

Win32.BloodyStealer/delegate0e3.cs

Win32.BloodyStealer/delegate0e4.cs

Win32.BloodyStealer/delegate0e5.cs

Win32.BloodyStealer/delegate0e6.cs

Win32.BloodyStealer/delegate0e7.cs

Win32.BloodyStealer/delegate0e8.cs

Win32.BloodyStealer/delegate0e9.cs

Win32.BloodyStealer/delegate0ea.cs

Win32.BloodyStealer/delegate0eb.cs

Win32.BloodyStealer/delegate0ec.cs

Win32.BloodyStealer/delegate0ed.cs

Win32.BloodyStealer/delegate0ee.cs

Win32.BloodyStealer/delegate0ef.cs

Win32.BloodyStealer/delegate0f0.cs

Win32.BloodyStealer/delegate0f1.cs

Win32.BloodyStealer/delegate0f2.cs

Win32.BloodyStealer/delegate0f3.cs

Win32.BloodyStealer/delegate0f4.cs

Win32.BloodyStealer/delegate0f5.cs

Win32.BloodyStealer/delegate0f6.cs

Win32.BloodyStealer/delegate0f7.cs

Win32.BloodyStealer/delegate0f8.cs

Win32.BloodyStealer/delegate0f9.cs

Win32.BloodyStealer/delegate0fa.cs

Win32.BloodyStealer/delegate0fb.cs

Win32.BloodyStealer/delegate0fc.cs

Win32.BloodyStealer/delegate0fd.cs

Win32.BloodyStealer/delegate0fe.cs

Win32.BloodyStealer/delegate0ff.cs

Win32.BloodyStealer/uTorrent.cs

Win32.BloodyStealer/{FEA94A50-E5C8-4edd-BE62-F738BC8C043E}

Win32/Win32.Buhtrap.7z

.7z

Win32/Win32.Exonet.a.rar

.rar

Win32/Win32.Gozi.rar

.rar

Win32/Win32.HiddenVNCBot.2021.zip

.zip

Win32/Win32.Ransomware.Paradise.a.zip

.zip

Win32/Win32.Stealer.PredatorTheThief.zip

.zip

Win32/Win32.Stealer.SoranoStealer.zip

.zip

Win32/Win32.Zeus.a.b.7z

.7z

Win32/Win32.Zeus.b.7z

.7z

Win32/Win32.m0yv.7z

.7z

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 104KB - Virtual size: 103KB

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

97afb108b72a3d7397a41aa475152d5a

Code Sign

Headers

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 590KB - Virtual size: 589KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 1KB - Virtual size: 28KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 832B

2fa43c5392ec7923ababced078c2f98d

Code Sign

Headers

File Characteristics

Imports

wsock32

kernel32

msvcrt

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

45bfa2772c134e94dcaf81cf69a61683

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

.text
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 104KB - Virtual size: 103KB

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 590KB - Virtual size: 589KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 28KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 832B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54
Signer

24-01-2014 17:08
Valid: false

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 636KB - Virtual size: 635KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 590KB - Virtual size: 589KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 28KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 832B

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 700B