05857846f585cb7dcc12f5f6f26ad54c

Sharing

Copy URL Twitter E-mail

General

Target

05857846f585cb7dcc12f5f6f26ad54c
Size

586KB
MD5

05857846f585cb7dcc12f5f6f26ad54c
SHA1

1d45a86f85dd120d54ed2e7bae9ee0a5afc9aebd
SHA256

c64f9cc4278d783e6dfc60e7c2266eeb3b2f82d56c815394064d1ef5de5a6a0b
SHA512

1fec11a8dcb1fad6023e53a9ef0185cc96bae57921950961e0dbc34504620ae95e8d32e7a2db9d08ad3ecf9f4605d17daffdaa911d3a6b49c42ac0c40b6b7563
SSDEEP

12288:nTJBLHf9fdiI++LM4dA03U9Mfy4uUHquNmofI7+2S2cLgdtFAtME:nTJt9fdiYQ45Dy4uURNTKcwcx

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RedBoy/FastColoredTextBox.dll
unpack001/RedBoy/FlatUI.dll
unpack001/RedBoy/RedBoyV1.1.exe
unpack001/RedBoy/WeAreDevs_API.dll
unpack001/RedBoy/exploit-main.dll
unpack001/RedBoy/robloxinjector.exe

Files

05857846f585cb7dcc12f5f6f26ad54c
.zip
RedBoy/FastColoredTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy/FlatUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy/RedBoyV1.1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy/WeAreDevs_API.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy/exploit-main.dll
.dll windows:6 windows x86 arch:x86

73ede511279267f6795e7cd2181c75d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
FreeLibrary
FormatMessageA
ReadFile
VirtualProtect
CreateNamedPipeA
SetConsoleTextAttribute
VirtualFree
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
VirtualAlloc
GetCurrentDirectoryA
ExitThread
GetModuleHandleA
DisconnectNamedPipe
MultiByteToWideChar
Sleep
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
FreeConsole
K32GetModuleInformation
CreateThread
AddVectoredExceptionHandler
GlobalLock
GetConsoleWindow
GlobalUnlock
AllocConsole
VirtualQuery
ConnectNamedPipe
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
LoadLibraryA
SetThreadContext
SuspendThread
ResumeThread
CloseHandle
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MoveFileExW
GetTimeZoneInformation
DeleteFileW
GetFileSizeEx
CreateFileW
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetConsoleCP
WriteFile
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLastError
GetThreadContext
GetModuleFileNameA
GetTimeFormatW
GetDateFormatW
QueryPerformanceFrequency
GetTempPathW
CreateProcessW
DuplicateHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
RtlUnwind
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
RaiseException
WideCharToMultiByte
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetProcessHeap
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer

user32

GetCursorPos
CreateMenu
AppendMenuA
SendInput
DrawMenuBar
SendMessageA
FindWindowW
GetClipboardData
DefWindowProcA
SetMenu
SetClipboardData
ShowWindow
MessageBoxA
SetWindowPos
MessageBoxW
GetSystemMetrics
CreatePopupMenu
GetAsyncKeyState
OpenClipboard
SetWindowLongA
CloseClipboard
CallWindowProcA
EmptyClipboard
GetWindowLongA

gdi32

SetTextColor
GetStockObject

shell32

ShellExecuteA

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy/robloxinjector.exe
.exe windows:4 windows x86 arch:x86

bd7afac887565b5607affbdd160239ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetTickCount
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
WritePrivateProfileStringA
FreeResource
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
CreateThread
GetFileAttributesA
Module32First
Process32First
Sleep
Process32Next
CreateToolhelp32Snapshot
ExitProcess
MultiByteToWideChar
GetCurrentProcess
OutputDebugStringA
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapCreate
InterlockedExchange

user32

PostThreadMessageA
DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
RegisterClipboardFormatA
MapWindowPoints
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
wsprintfA
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
GetMessagePos
SetCursor
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
FindWindowA
ShowWindow
SetForegroundWindow
GetSystemMetrics
EnableWindow
LoadIconA
GetClientRect
IsIconic
SendMessageA
DrawIcon
wvsprintfA

gdi32

TextOutA
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
ExtTextOutA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA

shell32

SHGetFileInfoA
ShellExecuteA

comctl32

ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString

wininet

HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 54KB - Virtual size: 53KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 61KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

73ede511279267f6795e7cd2181c75d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

wininet

Sections

.text Size: 435KB - Virtual size: 434KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 22KB - Virtual size: 21KB

bd7afac887565b5607affbdd160239ba

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 168KB - Virtual size: 164KB

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 54KB - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 435KB - Virtual size: 434KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 84KB - Virtual size: 80KB