Overview
overview
8Static
static
7T0+program...n).zip
windows10-2004-x64
1T0程序�...��.png
windows10-2004-x64
1T0程序�...xs.exe
windows10-2004-x64
1T0程序�...�.docx
windows10-2004-x64
1T0程序�...�.docx
windows10-2004-x64
6T0程序�...��.png
windows10-2004-x64
1T0程序�...��.png
windows10-2004-x64
1T0程序�...��.mp4
windows10-2004-x64
8T0程序�...��.txt
windows10-2004-x64
1T0程序�...��.png
windows10-2004-x64
1T0程序�...��.mp4
windows10-2004-x64
8Behavioral task
behavioral1
Sample
T0+program+and+tutorial+(NVIDIA+version).zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
T0程序和教程(英伟达版本)/Del按键呼出和隐藏菜单.png
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
T0程序和教程(英伟达版本)/ttxs.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
T0程序和教程(英伟达版本)/图文教程.docx
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
T0程序和教程(英伟达版本)/注意事项和问题解决方法,不看是傻逼.docx
Resource
win10v2004-20231222-en
Behavioral task
behavioral6
Sample
T0程序和教程(英伟达版本)/自瞄讲解和介绍/【超级演员】模式推荐设置.png
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
T0程序和教程(英伟达版本)/自瞄讲解和介绍/暴力模式推荐设置.png
Resource
win10v2004-20231215-en
Behavioral task
behavioral8
Sample
T0程序和教程(英伟达版本)/自瞄讲解和介绍/武器分类设置,使用演示视频.mp4
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
T0程序和教程(英伟达版本)/自瞄讲解和介绍/游戏设置里的鼠标灵敏度恢复默认.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral10
Sample
T0程序和教程(英伟达版本)/自瞄讲解和介绍/演员模式推荐设置.png
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
T0程序和教程(英伟达版本)/视频语音讲解教程.mp4
Resource
win10v2004-20231215-en
General
-
Target
T0+program+and+tutorial+(NVIDIA+version).zip
-
Size
83.4MB
-
MD5
4cbca12dd7ea8e748a3802e174b254ff
-
SHA1
7b4fb5e8879ec0c968f1e8ecb0c729ac05fe7031
-
SHA256
320fd94aa12f9b023003ebaabdbfc31ab63f89e97ccf728dc60bb8e3cf799235
-
SHA512
47e8ef015202ae5c13d21b31da079da6d36a6af6ac8c64450a46c2d9bb54b4da210e0bec33a6410484c8dbcec163aa7fb18aaf97bffedae15379384e04afabfa
-
SSDEEP
1572864:D4KzNNELEzrj0L67AEGO5dTGB3yanRuuTNsrRvnLpa0Pzud9J0bFHodu4xr:FzNNaGj0oLdTO3VndqvswiJ0hI06
Malware Config
Signatures
-
resource yara_rule static1/unpack001/T0程序和教程(英伟达版本)/ttxs.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/T0程序和教程(英伟达版本)/ttxs.exe -
Office document contains embedded OLE objects 2 IoCs
Detected embedded OLE objects in Office documents.
resource yara_rule static1/unpack001/T0程序和教程(英伟达版本)/图文教程.docx office_ole_embedded static1/unpack001/T0程序和教程(英伟达版本)/注意事项和问题解决方法,不看是傻逼.docx office_ole_embedded
Files
-
T0+program+and+tutorial+(NVIDIA+version).zip.zip
-
T0程序和教程(英伟达版本)/Del按键呼出和隐藏菜单.png.png
-
T0程序和教程(英伟达版本)/ttxs.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 790KB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 125KB - Virtual size: 311KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 233KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 50KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 29KB - Virtual size: 32KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 39.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 22.2MB - Virtual size: 22.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
T0程序和教程(英伟达版本)/图文教程.docx.docx office2007
-
T0程序和教程(英伟达版本)/注意事项和问题解决方法,不看是傻逼.docx.docx office2007
-
T0程序和教程(英伟达版本)/自瞄讲解和介绍/【超级演员】模式推荐设置.png.png
-
T0程序和教程(英伟达版本)/自瞄讲解和介绍/暴力模式推荐设置.png.png
-
T0程序和教程(英伟达版本)/自瞄讲解和介绍/武器分类设置,使用演示视频.mp4
-
T0程序和教程(英伟达版本)/自瞄讲解和介绍/游戏设置里的鼠标灵敏度恢复默认.txt
-
T0程序和教程(英伟达版本)/自瞄讲解和介绍/演员模式推荐设置.png.png
-
T0程序和教程(英伟达版本)/视频语音讲解教程.mp4