f2ada0853d05722733647fb62c0ae4eb68943bfd3f80819174a064ade5249ac7

Sharing

Copy URL Twitter E-mail

General

Target

f2ada0853d05722733647fb62c0ae4eb68943bfd3f80819174a064ade5249ac7
Size

11.8MB
MD5

7cc8c6cdd090e4b1b6085e7745375f8c
SHA1

25a15d571f19aff614de53c948c01c5fc733b572
SHA256

f2ada0853d05722733647fb62c0ae4eb68943bfd3f80819174a064ade5249ac7
SHA512

191dd3b2e6a3e91166397728fc3bea43f56e86d005b779502f70aac32ad1b048a3fdce79588d9101957e189bf31f0aa4e2fc147e6120803a3d4b92827217aae5
SSDEEP

196608:Rv8j1/l0OA4EjZ+Mrf0DwQ2jyb4IQipqAamfn5EkWGzOS4BosJ2oFuRk7n+YE8aP:kaV0Mr+v2+MIQvFmWvSclJ2ogGns8HTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Akirabot-main/akirabot/plugins/ctftools/jsteg.exe
unpack001/Akirabot-main/akirabot/plugins/ctftools/tokeii/dtmf2num.exe
unpack001/Akirabot-main/akirabot/plugins/ctftools/tokeii/exiftool.exe
unpack001/Akirabot-main/go-cqhttp.exe

Files

f2ada0853d05722733647fb62c0ae4eb68943bfd3f80819174a064ade5249ac7
.zip
Akirabot-main/.env
Akirabot-main/.env.dev
Akirabot-main/.env.prod
Akirabot-main/Function.md
Akirabot-main/README.md
Akirabot-main/akirabot/plugins/ctftools/all_crypto.py
Akirabot-main/akirabot/plugins/ctftools/bwm_qqbot.py
Akirabot-main/akirabot/plugins/ctftools/decodeqr.py
Akirabot-main/akirabot/plugins/ctftools/getptb.py
Akirabot-main/akirabot/plugins/ctftools/jsteg.exe
.exe windows:4 windows x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 437B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 42B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Akirabot-main/akirabot/plugins/ctftools/miscimgtools.py
Akirabot-main/akirabot/plugins/ctftools/miscotherstego.py
Akirabot-main/akirabot/plugins/ctftools/noticefile.py
Akirabot-main/akirabot/plugins/ctftools/pwntheboxbot/random_topic.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/Tokeiictftools.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/basecrack.py
.py .sh linux
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/config.json
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/requirements.txt
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/__pycache__/__init__.cpython-38.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/__pycache__/base92.cpython-38.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/__pycache__/base_chain.cpython-38.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/__pycache__/messages.cpython-38.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/base92.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/base_chain.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/basecrack-4.0/src/messages.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/bwmforpy3.py
.py .sh linux
Akirabot-main/akirabot/plugins/ctftools/tokeii/cloacked-pixel/1.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/cloacked-pixel/crypt.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/cloacked-pixel/crypt.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/cloacked-pixel/lsb.py
Akirabot-main/akirabot/plugins/ctftools/tokeii/cloacked-pixel/lsb.pyc
Akirabot-main/akirabot/plugins/ctftools/tokeii/dtmf2num.exe
.exe windows:4 windows x86

93e3bbefb6d7feee67774c9f98817afa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

msvcrt

_fstat
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
atoi
ceil
cos
exit
fclose
fopen
fprintf
fputc
fread
free
fseek
fwrite
malloc
memcpy
perror
printf
puts
setbuf
signal
sin
sqrt
strlen
toupper

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Akirabot-main/akirabot/plugins/ctftools/tokeii/exiftool.exe
.exe windows:4 windows x86

35a1d89b2328f4ff5714078e56feced3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

_access
_chmod
_close
_getpid
_lseek
_open
_read
_spawnvpe
_strdup
_strnicmp
_write
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_environ
_errno
_findclose
_findfirst
_findnext
_fmode
_initterm
_iob
_lock
_mkdir
_onexit
_rmdir
_stat
_stricmp
_unlink
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sprintf
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strstr
strtok
vfprintf

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Akirabot-main/akirabot/plugins/ctftools/tryallbase.py
Akirabot-main/akirabot/plugins/ctftools/zsteg.py
Akirabot-main/akirabot/plugins/other/aihuatu.py
Akirabot-main/akirabot/plugins/other/baidufanyi.py
Akirabot-main/akirabot/plugins/other/help.png
.png
Akirabot-main/akirabot/plugins/other/otherapi.py
Akirabot-main/akirabot/plugins/other/ramdonacg.py
Akirabot-main/bot.py
.py .sh linux
Akirabot-main/config.yml
Akirabot-main/docker-compose.yml
Akirabot-main/go-cqhttp.exe
.exe windows:6 windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Akirabot-main/pyproject.toml
Akirabot-main/requirements.txt

Sharing

General

Malware Config

Signatures

Files

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 80KB - Virtual size: 198KB

/4 Size: 512B - Virtual size: 437B

/18 Size: 89KB - Virtual size: 88KB

/30 Size: 94KB - Virtual size: 93KB

/43 Size: 48KB - Virtual size: 48KB

/59 Size: 51KB - Virtual size: 50KB

/75 Size: 512B - Virtual size: 42B

/94 Size: 476KB - Virtual size: 475KB

/106 Size: 33KB - Virtual size: 33KB

.idata Size: 1024B - Virtual size: 1022B

.symtab Size: 168KB - Virtual size: 168KB

93e3bbefb6d7feee67774c9f98817afa

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 68B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 96B

.idata Size: 1KB - Virtual size: 1KB

35a1d89b2328f4ff5714078e56feced3

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 33KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 9KB - Virtual size: 8KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 5.6MB - Virtual size: 5.6MB

.data Size: 317KB - Virtual size: 747KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 115KB - Virtual size: 115KB

.symtab Size: 512B - Virtual size: 4B

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 80KB - Virtual size: 198KB

/4
Size: 512B - Virtual size: 437B

/18
Size: 89KB - Virtual size: 88KB

/30
Size: 94KB - Virtual size: 93KB

/43
Size: 48KB - Virtual size: 48KB

/59
Size: 51KB - Virtual size: 50KB

/75
Size: 512B - Virtual size: 42B

/94
Size: 476KB - Virtual size: 475KB

/106
Size: 33KB - Virtual size: 33KB

.idata
Size: 1024B - Virtual size: 1022B

.symtab
Size: 168KB - Virtual size: 168KB

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 68B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 96B

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 33KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 9KB - Virtual size: 8KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 317KB - Virtual size: 747KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 115KB - Virtual size: 115KB

.symtab
Size: 512B - Virtual size: 4B