General

Malware Config

Signatures

Files

• BLTools v2.3.1 crack by PARABENFREE.zip

  .zip

  Password: injuankanal

• AlphaFS.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 356KB - Virtual size: 356KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• BLTools v2.3.1.exe

  .exe windows x86

  Password: injuankanal

  bd1dfa5a3a004acbd83f0c70a21378e8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  MultiByteToWideChar

  Sleep

  GetTempPathA

  GetLastError

  GetFileAttributesA

  CreateFileA

  LoadLibraryA

  GetVersionExA

  DeleteFileA

  DeleteFileW

  CloseHandle

  LoadLibraryW

  UnlockFile

  GetProcAddress

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetCurrentProcessId

  FreeLibrary

  WideCharToMultiByte

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  GetModuleFileNameA

  FindFirstFileA

  SetWaitableTimer

  TlsSetValue

  VerifyVersionInfoA

  SetLastError

  VirtualAlloc

  WaitForMultipleObjects

  FindNextFileA

  InitializeCriticalSectionAndSpinCount

  GetQueuedCompletionStatus

  CreateMutexA

  WaitForSingleObject

  LocalAlloc

  ReleaseMutex

  GetCurrentThreadId

  GetModuleHandleA

  OpenProcess

  SetCurrentDirectoryA

  PostQueuedCompletionStatus

  CreateToolhelp32Snapshot

  CreateEventW

  GetFileInformationByHandle

  QueryFullProcessImageNameA

  SetEvent

  FileTimeToSystemTime

  TerminateThread

  TlsAlloc

  GlobalAlloc

  Process32Next

  GlobalFree

  QueueUserAPC

  GetLocalTime

  GlobalLock

  CreateFileMappingA

  LocalFree

  VerSetConditionMask

  SystemTimeToFileTime

  GlobalMemoryStatusEx

  SleepEx

  TlsGetValue

  TlsFree

  MapViewOfFile

  CreateIoCompletionPort

  GlobalUnlock

  HeapSize

  ReadConsoleW

  GetProcessHeap

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetACP

  IsValidCodePage

  GetTimeZoneInformation

  GetFileSizeEx

  GetFileAttributesW

  CreateFileW

  GetTempPathW

  SetEndOfFile

  GetFullPathNameA

  SetFilePointer

  InitializeCriticalSection

  LockFile

  LeaveCriticalSection

  WriteFile

  GetFullPathNameW

  EnterCriticalSection

  AreFileApisANSI

  ReadFile

  UnmapViewOfFile

  GetConsoleMode

  GetConsoleOutputCP

  SetStdHandle

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  HeapAlloc

  HeapFree

  HeapReAlloc

  GetCommandLineW

  GetCommandLineA

  GetStdHandle

  GetModuleFileNameW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  ResetEvent

  WaitForSingleObjectEx

  GetModuleHandleW

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  RaiseException

  GetCurrentDirectoryW

  FindClose

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  SetFileInformationByHandle

  SetFilePointerEx

  GetFileInformationByHandleEx

  LCMapStringEx

  InitializeCriticalSectionEx

  EncodePointer

  DecodePointer

  CompareStringEx

  GetCPInfo

  GetStringTypeW

  RtlUnwind

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetDriveTypeW

  GetFileType

  PeekNamedPipe

  SystemTimeToTzSpecificLocalTime

  WriteConsoleW

  user32

  GetKeyboardLayoutList

  CloseClipboard

  IsClipboardFormatAvailable

  wsprintfA

  EnumDisplayDevicesA

  GetKeyState

  OpenClipboard

  GetClipboardData

  ReleaseDC

  GetDesktopWindow

  gdi32

  SelectObject

  CreateCompatibleDC

  StretchBlt

  GetDIBits

  GetDeviceCaps

  GetObjectW

  CreateDCA

  CreateCompatibleBitmap

  advapi32

  RegGetValueA

  RegQueryInfoKeyA

  RegOpenKeyExA

  RegEnumKeyExA

  GetCurrentHwProfileA

  shell32

  SHGetFolderPathA

  ws2_32

  htonl

  WSAGetLastError

  getsockopt

  WSARecv

  ioctlsocket

  htons

  connect

  WSAStartup

  WSASocketW

  WSAStringToAddressW

  WSASetLastError

  ntohl

  select

  WSASend

  WSACleanup

  closesocket

  setsockopt

  Sections

  .text

  Size: 508KB - Virtual size: 508KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 98KB - Virtual size: 97KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• BouncyCastle.Crypto.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Extreme.Net.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 118KB - Virtual size: 118KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Newtonsoft.Json.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2031 00:00

  Subject

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  27-04-2018 12:41

  Not After

  27-04-2028 12:41

  Subject

  CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e

  Certificate

  Issuer

  CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

  Not Before

  25-10-2018 00:00

  Not After

  29-10-2021 12:00

  Subject

  SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

  Signer

  Actual PE Digest

  2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

  17-03-2021 20:03

  Valid: true

  Chain 1

  SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

  CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 675KB - Virtual size: 675KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Ookii.Dialogs.Wpf.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 100KB - Virtual size: 100KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• RandomUserAgent.dll

  .dll windows x86

  Password: injuankanal

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 326KB - Virtual size: 326KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 980B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Settings.ini