MatSploit[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

MatSploit.rar
Size

8.8MB
MD5

6d9593c0b6e8cf81b323bb5453736f17
SHA1

74b23a9cf26009b311e1f1b853f9284c5c426f27
SHA256

4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60
SHA512

adb0c2bc93c32208b52aec01cd6be5af810389410caf1d81b12a31a699483178f1ddc9f30d37ddc3d93680a872c6e768e556cee8ebb0d706b1504ca310e77f66
SSDEEP

196608:/vecjlVi2vDWmm1PTlbEfT7Pe4Nc7EdPjifLZqEM4PoMxSh0Ih5Y:Hl7WZ1PpCTre4a7EdPWd3QgSDY

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/bin/MatSploit.dll	vmprotect

Files

MatSploit.rar
.rar
BootsTrapperU.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.|J4`)
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DiscordRPC.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

2f:a0:44:2f:06:32:a7:9b:41:c8:a3:56:14:ea:70:3a
Certificate

Issuer

CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

Not Before

14-05-2019 08:09

Not After

13-05-2020 14:09

Subject

CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9
Signer

Actual PE Digest

e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN={1791EA4B-5C2E-4ED0-9F7E-18430A42F920}

01-07-2019 08:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ICSharpCode.AvalonEdit.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ICSharpCode.AvalonEdit.xml
.xml
MatSploit.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

[-.H;
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
bin/BootstrapperVersion.txt
bin/MatSploit.dll
.dll windows x86

34c2cea2badec3fa6de333889f4dd3b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SendInput
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptEncrypt

shell32

ShellExecuteA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmReleaseContext

xinput9_1_0

XInputGetState

vcruntime140

longjmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-stdio-l1-1-0

setvbuf

api-ms-win-crt-math-l1-1-0

modf

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_mktime64

ws2_32

select

crypt32

CertFreeCertificateChainEngine

wldap32

ord27

normaliz

IdnToAscii

wtsapi32

WTSSendMessageW

Exports

Exports

o��Iqc�H&+�ҙ��c��g��b��W��@֓n�ƈ9gsGf�De�Y�֫>�q`N�YV�cx��fj@u�!)^%M�bk��p><F�hnʵZ�)�w=܊�`�?d��Q��l��K'\$�7C��p�ڜ<7l�8�橡Ԡ$YQg��DN�~wY��^��1��ǟtQ�+=��) �*�� Ɖ��U~�aU��EW��̜��֦&'��wAt m��y�9bsR��%nEgӎ=4�*��O!�l<�:r�$Il��%F�3~�x�b�2�v�Fn��Y�|��f#�S@��J^��z��Ӹ/S��z[^�9%��M⊑*��#��E��9'i}o�R�I�]��-P�c=b�s7Z�� H�<�b�i� ��ö�gV#t��`0�G[�ups^��эb&�**��/� ;y,*�9-z!(�B��b<rؼb��y�I�IJ|��1�Oe�i��-��H�^�X�U��y5��*⢰?G�z7��~!��p�ۯ�Vۋ��|��fj�wwO7�g��?��)<�r龞h %҉�1!V?��9�C] �'PF,E��T�&OT�)��1�q�팖�!�4r|V`-� T��-)B�Ǿ<�u|QSk��6h��eU��w��[8��}չ)?��H�!*�T<Ӑ< ��b�sA�� yOn�e�L��Rcu��8�"��(�]��}��5#�oj�mP��n��d��QJ�7lYa2�I[�8c[��)}�S2�� 4�U�0 ��@�&��$��N2J��K��vn�MQ��Oȉ)cf��i�?$�@fj��9n��Lį*e�ǝ�k��Y�7�f��f)p�5ŷJ�Sѯ+Qa�vR��2\`��Lpւ��(4��;ĸe��6�g �7��0�f�?�އ��6$��!$x��Ӛ$ۜ��%�?#{�\�yw2%Zc :�ls!�<@��K�2ጣ��+ɬ�A=��~�O0��|�\��m��/�?]��\��;K�.ڋ��(Wo��i��i�|�+�ۣ2�M�C}�� q�7��xZ )h�X<��;*�i��j�M�v��m��$�M d�"��z#��%��E)�ش&w&��,R^_S2��X&o}�{��oe��h�'�z�hBU��U�zr��T C`� T��^�m�4��FOO, Q��9��9��Z(�F�H|��Z&��J�cz��%�U'��!u�(0��k�3��c'��'R.U�$��I�Q��qc;w斀:=*��U�z��p$�pՑ��ʬ|H��g��X�og��7C@�,$��T�V7�|��^��i�]$%��V<��v~:�f��1�-�V��YW��؇cx�p��%��2��*��?��"��8!��;D�$'8��r�Ie�� sR�ëڽ�0v��Li��㺊#��E��t��a�M��1_�6��:+��Q5 ��T �{T��u�E��t<��8�m��Qx��Bȵc(1�y"Wd��4�4�9�˖��]q��30�� 0�I厇3ߴ�@�;Tc\�s�/��L�F��hn-�z�X��W"ۃݯ�j�'1%)��_E�o�L2e��s��.�^��3l��P��9(�!��4�T��F��=��i�O�;��'��f�o?9��(��hjf�h <L��@��:_JAa��ggq�C�n�sLl?��ݑHV]MY N�㞂� �0�f�L5�W�5�0t_��EP<43y2�b�v2rK�� ßW% �F�! WگB�(F�[&ǡF,�N�U��i�� v҇�uF��4?�A�@�d�!��ͽ#�G�r�Q�6��/o�;ĥm��J+��ėt<�� 6&%6�KD�]P��a�.G��UR��3�5�g�#��R�E��'�{��n�8�5V�n��)�w�dI�.=ɇ8}��5�nYP�c�8Xz~�_=t��Bz�M�G�@$7��;��F��Zq��(n�C!#g�5�n-*��h�@�r�� C��6s��j�{O��_JO�� ~7U��vC14$�v��E6X�劖��i�J�Q7#U�H+�2��Nݽ�Q�4�afƳb�;ɚ?��S��BW�66� ��P� X�s՜�sI∷��Ѕ�W�1FHY��#��^۝��m�� S+$"�&P(�T|�vG�^��X� �t$y��_Vq��4��p��h��n�%�.P�"њ/ ��}�%��f�\M)�1.;Vaj��`��dU��J��x�$��:ky�S�%pzGH�*�b��|(Y��CH�PNNQ&�f�"U��-rkj��4$%�G}'8�Al=��5�$��pW��9��f�"�4Q.Y�H��3C�� H�֎�G9D�^��J��u�_�r��ߋAN�ħm�U��#Z��#�$�.?��RR1�,�L�+ѩVD��hxR�s(�ên�d� �N�,`��y��eX;�?�-%%2o�O�E8�^�ſ�?�{D�s*C.��$O�^,-#�a�߽T��$��N��j$Y��8ʾ�`yC��LϤ�2ɸ-+�pe��d'0E]��>�+��X�٘��T&3[1D��PfJ��t^�p�a�S��f�=k�y_�-��w�-d�S7�e�CH�7%�St";^��,u��AX�D+�x�@�� ڟ0��]J�G�`Vn��c�mTp�<�۷X��;-X)�v%�Ǹc� ��@ �&�i4MĹ��(@� s2��{� �c��.nb��pkՎ#�]p��h��!q��/0ϵ �4L�VX~��S��ԑx�ͼ~�:[!��ύߘ�k(/�

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/UIVersion.txt
bin/Zeus.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/lua.xshd
.xml
bin/rbxfpsunlocker.exe
.exe windows x64

8a30acffa5d4e68c6f30f1c14d9a5f09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleTextAttribute
GetStdHandle
GetProcessId
CreateMutexA
Sleep
GetLastError
CloseHandle
ReadProcessMemory
GetExitCodeProcess
Process32First
K32EnumProcessModulesEx
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
QueryFullProcessImageNameA
Process32Next
K32GetModuleInformation
IsWow64Process
VirtualQueryEx
GetCurrentProcess
SetConsoleTitleA
TerminateThread
FreeConsole
CreateThread
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
AllocConsole
WriteProcessMemory
HeapFree
HeapAlloc
WriteFile
GetModuleFileNameW
GetModuleHandleExW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
RtlUnwind

user32

GetWindowTextA
MessageBoxA
EnumWindows
IsWindowVisible
GetSystemMenu
GetMessageA
CheckMenuRadioItem
DispatchMessageA
LoadCursorA
CreatePopupMenu
TrackPopupMenu
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
LoadIconA
AppendMenuA
CheckMenuItem
PostQuitMessage
EnableMenuItem
RegisterClassExA
SetForegroundWindow
GetCursorPos
GetWindowThreadProcessId

gdi32

GetStockObject

shell32

ShellExecuteA
Shell_NotifyIconA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/version.txt
bin/workspace/286090429.txt
librarys/discordrpc.dll
.dll windows x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scripts/LT2.txt
.js

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.|J4`) Size: 128KB - Virtual size: 127KB

.text Size: 34KB - Virtual size: 33KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

dae02f32a21e03ce65412f6e56942daa

Code Sign

2f:a0:44:2f:06:32:a7:9b:41:c8:a3:56:14:ea:70:3aCertificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9Signer

Signature Validations

Verification

01-07-2019 08:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 76KB - Virtual size: 76KB

.rsrc Size: 1024B - Virtual size: 916B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 601KB - Virtual size: 601KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

[-.H; Size: 432KB - Virtual size: 431KB

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

34c2cea2badec3fa6de333889f4dd3b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

d3dcompiler_47

d3d11

imm32

xinput9_1_0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

.|J4`)
Size: 128KB - Virtual size: 127KB

.text
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

2f:a0:44:2f:06:32:a7:9b:41:c8:a3:56:14:ea:70:3a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e7:43:de:4b:d3:a2:96:5a:f7:a8:72:62:d4:9d:f1:ad:cb:9f:8e:e9
Signer

01-07-2019 08:14
Valid: false

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1024B - Virtual size: 916B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 601KB - Virtual size: 601KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

[-.H;
Size: 432KB - Virtual size: 431KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 214KB

.data
Size: - Virtual size: 994KB

.vmp0
Size: - Virtual size: 4.3MB

.vmp1
Size: 6.9MB - Virtual size: 6.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 257KB - Virtual size: 256KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB