RC7[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

RC7.zip
Size

10.4MB
MD5

f013b378cda7df27b3520b8a1aa167c6
SHA1

e29e120ae735ef89057bd6f285daf0b467239e65
SHA256

c2896e90b50b14aa6ad8d39f7d828f92e963f6b756e8cb2d075046913e497a81
SHA512

55c6b21e13cf645c8d2aab8e8a27bd55e591b41460bb88e75659cdb040a9fa13178b5f66f48af7941886844981ab5b3fce2f8412d232af6475ad85159dae920f
SSDEEP

196608:bzvW907ZvRLSuNhkYtvNl5oENhkYt4a61QKAmtphMa7k/vg:bLW275lPh5hN8Qh5B61QCp2m

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AlphaBlendTextBox.dll
unpack001/Bunifu_UI_v1.5.3.dll
unpack001/HWID.exe
unpack001/RC7/AlphaBlendTextBox.dll
unpack001/RC7/Bunifu_UI_v1.5.3.dll
unpack001/RC7/RC7.exe
unpack001/RC7/RC7_UI.exe
unpack001/RC7/injector.dll
unpack001/RC7/sxlib.dll
unpack001/RC7_UI.exe
unpack001/sxlib.dll

Files

RC7.zip
.zip
AlphaBlendTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bunifu_UI_v1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWID.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/AlphaBlendTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/Bunifu_UI_v1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/Monaco.html
.js
RC7/MonacoEditor.html
.js
RC7/RC7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/RC7_UI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/Themes/Asriel Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Blue Chicago Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Blue Stripes Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Cow Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Emilia Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Frozen Winter Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Gold Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Green Wolf Theme.zip
.zip
Auto_In.bmp
Button_Clicked.bmp
Button_Hover.bmp
Button_Idle.bmp
Config.txt
Google_Drive_In.bmp
Hide_Side.bmp
Krystal_In.bmp
MainUi.bmp
S_Button_Clicked.bmp
S_Button_Hover.bmp
S_Button_Idle.bmp
Save_In.bmp
TextBox.bmp
Wofly_In.bmp
WordWrap_In.bmp
RC7/Themes/Kakarot Theme.zip
.zip
RC7/Themes/Original.zip
.zip
RC7/Themes/Rc7 Classic Wolf Rework.zip
.zip
RC7/Themes/Red Carbon Fiber.zip
.zip
RC7/Themes/Tabs_back.bmp
RC7/Themes/default.zip
.zip
RC7/Themes/light.zip
.zip
RC7/Themes/temp/Auto_In.bmp
RC7/Themes/temp/Button_Clicked.bmp
RC7/Themes/temp/Button_Hover.bmp
RC7/Themes/temp/Button_Idle.bmp
RC7/Themes/temp/Config.txt
RC7/Themes/temp/Google_Drive_In.bmp
RC7/Themes/temp/Hide_Side.bmp
RC7/Themes/temp/Krystal_In.bmp
RC7/Themes/temp/MainUi.bmp
RC7/Themes/temp/RC7 Startup.wav
RC7/Themes/temp/README.txt
RC7/Themes/temp/S_Button_Clicked.bmp
RC7/Themes/temp/S_Button_Hover.bmp
RC7/Themes/temp/S_Button_Idle.bmp
RC7/Themes/temp/Save_In.bmp
RC7/Themes/temp/TextBox.bmp
RC7/Themes/temp/Wofly_In.bmp
RC7/Themes/temp/WordWrap_In.bmp
RC7/def/base.txt
RC7/def/classfunc.txt
RC7/def/globalf.txt
RC7/def/globalns.txt
RC7/def/globalv.txt
RC7/injector.dll
.dll windows:6 windows x86 arch:x86

d588e0751eeca8d75865b11d7d0b6027

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
CloseHandle
Module32FirstW
GetProcAddress
VirtualAllocEx
GetFileAttributesW
ReadProcessMemory
GetModuleHandleW
WideCharToMultiByte
CreateRemoteThread
Module32NextW
VirtualFreeEx
SetUnhandledExceptionFilter
WaitForSingleObject
LocalFree
WriteProcessMemory
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
_except_handler4_common
memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_copy
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table

Exports

Exports

_inject_dll@8
_is_injected@12
_pass_console_input@16
_run_script@16

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/sxlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RC7/vs/base/worker/workerMain.js
.js
RC7/vs/basic-languages/bat/bat.js
RC7/vs/basic-languages/coffee/coffee.js
RC7/vs/basic-languages/cpp/cpp.js
RC7/vs/basic-languages/csharp/csharp.js
RC7/vs/basic-languages/csp/csp.js
RC7/vs/basic-languages/css/css.js
RC7/vs/basic-languages/dockerfile/dockerfile.js
RC7/vs/basic-languages/fsharp/fsharp.js
RC7/vs/basic-languages/go/go.js
RC7/vs/basic-languages/handlebars/handlebars.js
.js
RC7/vs/basic-languages/html/html.js
.js
RC7/vs/basic-languages/ini/ini.js
RC7/vs/basic-languages/java/java.js
RC7/vs/basic-languages/less/less.js
RC7/vs/basic-languages/lua/lua.js
RC7/vs/basic-languages/markdown/markdown.js
.js
RC7/vs/basic-languages/msdax/msdax.js
RC7/vs/basic-languages/mysql/mysql.js
RC7/vs/basic-languages/objective-c/objective-c.js
RC7/vs/basic-languages/pgsql/pgsql.js
RC7/vs/basic-languages/php/php.js
RC7/vs/basic-languages/postiats/postiats.js
RC7/vs/basic-languages/powershell/powershell.js
RC7/vs/basic-languages/pug/pug.js
RC7/vs/basic-languages/python/python.js
RC7/vs/basic-languages/r/r.js
RC7/vs/basic-languages/razor/razor.js
.js
RC7/vs/basic-languages/redis/redis.js
RC7/vs/basic-languages/redshift/redshift.js
RC7/vs/basic-languages/ruby/ruby.js
RC7/vs/basic-languages/rust/rust.js
RC7/vs/basic-languages/sb/sb.js
RC7/vs/basic-languages/scss/scss.js
RC7/vs/basic-languages/solidity/solidity.js
RC7/vs/basic-languages/sql/sql.js
RC7/vs/basic-languages/st/st.js
RC7/vs/basic-languages/swift/swift.js
RC7/vs/basic-languages/vb/vb.js
RC7/vs/basic-languages/xml/xml.js
RC7/vs/basic-languages/yaml/yaml.js
RC7/vs/editor/contrib/suggest/media/String_16x.svg
RC7/vs/editor/contrib/suggest/media/String_inverse_16x.svg
RC7/vs/editor/editor.main.css
RC7/vs/editor/editor.main.js
.js
RC7/vs/editor/editor.main.nls.de.js
RC7/vs/editor/editor.main.nls.es.js
RC7/vs/editor/editor.main.nls.fr.js
RC7/vs/editor/editor.main.nls.it.js
RC7/vs/editor/editor.main.nls.ja.js
RC7/vs/editor/editor.main.nls.js
RC7/vs/editor/editor.main.nls.ko.js
RC7/vs/editor/editor.main.nls.ru.js
RC7/vs/editor/editor.main.nls.zh-cn.js
RC7/vs/editor/editor.main.nls.zh-tw.js
RC7/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
RC7/vs/language/css/cssMode.js
.js
RC7/vs/language/css/cssWorker.js
.js
RC7/vs/language/html/htmlMode.js
.js
RC7/vs/language/html/htmlWorker.js
.js
RC7/vs/language/json/jsonMode.js
.js
RC7/vs/language/json/jsonWorker.js
.js
RC7/vs/language/typescript/lib/typescriptServices.js
.js
RC7/vs/language/typescript/tsMode.js
.js
RC7/vs/language/typescript/tsWorker.js
.js
RC7/vs/loader.js
.js
RC7/workspace.lnk.lnk
.lnk
RC7_UI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start (Run This to start the executor).bat
sxlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 147KB - Virtual size: 146KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 136KB - Virtual size: 136KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 823KB - Virtual size: 823KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

d588e0751eeca8d75865b11d7d0b6027

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 823KB - Virtual size: 823KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 688B

.text
Size: 728KB - Virtual size: 728KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 823KB - Virtual size: 822KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 728KB - Virtual size: 728KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B