cee7fac8eb4be1d5cda863bbe427410ec5d71b5a39d14f64c16389f0afce4760

Sharing

Copy URL Twitter E-mail

General

Target

cee7fac8eb4be1d5cda863bbe427410ec5d71b5a39d14f64c16389f0afce4760
Size

5.6MB
MD5

9b0c8dc2056650009a049a3896928bf6
SHA1

2968fde67704379cdaa89ed7419a2d36e4100817
SHA256

cee7fac8eb4be1d5cda863bbe427410ec5d71b5a39d14f64c16389f0afce4760
SHA512

8bcbaf122900b9b00ea82976c17c43e4b432c55f9c53e055bed667c1f23899705b28eadf964de671ab00e94d82a97bd6cc303fa3e38b165783a4fa9ecb574fd9
SSDEEP

98304:DsdphbvkZvun6Sv45VZkkZgk0tXtUxNoAf8mdCtUAgaxasOKaMnLEUfpmHYwT3Ed:DYphbggn0VCkZgk0tmx6AUWfAdRRthAG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bypass.dll

Files

cee7fac8eb4be1d5cda863bbe427410ec5d71b5a39d14f64c16389f0afce4760
.zip
Bypass.dll
.dll windows x64

b9681f00f1ed33f6057977c9165bc7c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
CharUpperBuffW

Sections

.text
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.@]b
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.|K\
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Q|Z
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xenoceal/bypass.jar
.zip
Xenoceal/mods/BetterCSC-Plus-2.5.5.jar
.jar
Xenoceal/sunec.jar
.jar
Инструкция.txt

Sharing

General

Malware Config

Signatures

Files

b9681f00f1ed33f6057977c9165bc7c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 152KB

.rdata Size: - Virtual size: 73KB

.data Size: - Virtual size: 10KB

.pdata Size: - Virtual size: 8KB

_RDATA Size: - Virtual size: 348B

.@]b Size: - Virtual size: 3.3MB

.|K\ Size: 2KB - Virtual size: 2KB

.Q|Z Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 152KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 10KB

.pdata
Size: - Virtual size: 8KB

_RDATA
Size: - Virtual size: 348B

.@]b
Size: - Virtual size: 3.3MB

.|K\
Size: 2KB - Virtual size: 2KB

.Q|Z
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 512B - Virtual size: 233B