0f8e114b9025e7f95f4d72901cf056e3

Sharing

Copy URL

Twitter E-mail

General

Target

0f8e114b9025e7f95f4d72901cf056e3
Size

986KB
MD5

0f8e114b9025e7f95f4d72901cf056e3
SHA1

fa931ac002628bfb9bedf7a48f0cffe969c51fd3
SHA256

491a7743e26ecbf89e9e9e7bb79118c3986efaa20babaf17ba31bc832bee8b97
SHA512

ebfcdc8d27066ad0638edda1ddd63f72312779b2f465510a5a89b4d954002a171abfc87a47cde35e19b189b96dd20cf34fa60d5e838bb6c1c1ba49ed91c4c99a
SSDEEP

24576:E7hIRdbUYKlm7jPRgGoswxRCCkBoJyrgOsnlev:MhCFzfztWRC/BoJyrHOev

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GSBOT cracked/GSBOT cracked.dll
unpack001/GSBOT cracked/Xenos.exe
unpack001/GSBOT cracked/Xenos64.exe

Files

0f8e114b9025e7f95f4d72901cf056e3
.rar .ps1 polyglot
GSBOT cracked/GSBOT cracked.dll
.dll windows:6 windows x86 arch:x86

3f43552e1a221e17f9e4377d2af572ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualProtect
GetVolumeInformationA
GetModuleHandleA
Sleep
DisableThreadLibraryCalls
CreateThread
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GlobalFree
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetProcAddress
GetCurrentProcess
FlushInstructionCache
SetLastError
GlobalLock
GlobalAlloc
SetUnhandledExceptionFilter

user32

ClientToScreen
GetActiveWindow
GetClientRect
SetWindowLongA
SetCursor
SetCursorPos
DestroyWindow
keybd_event
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
ScreenToClient
GetAsyncKeyState
GetCursorPos
LoadCursorA
RegisterClassExA
GetDesktopWindow
CallWindowProcA
DefWindowProcA
CreateWindowExA

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

d3d9

Direct3DCreate9

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_type_info_destroy_list
memmove
_CxxThrowException
_except_handler4_common
memcpy
memset
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
ftell
__stdio_common_vfprintf
fwrite
_wfopen
_get_stream_buffer_pointers
fseek
_fseeki64
fsetpos
ungetc
fclose
setvbuf
fgetpos
fgetc
__stdio_common_vsprintf
fread
fputc
__stdio_common_vsscanf

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_execute_onexit_table
_initterm
_initterm_e
terminate
_seh_filter_dll
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

_CIatan2
_CIfmod
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_except1
ceil
floor
_libm_sse2_sqrt_precise

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GSBOT cracked/Xenos.exe
.exe windows:6 windows x86 arch:x86

2c4f8364dc2c225221cd7dc66caea7e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyW
SHSetValueW

dbghelp

MiniDumpWriteDump

kernel32

RaiseException
LoadResource
FindResourceW
DecodePointer
GetWindowsDirectoryW
DeleteCriticalSection
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
CreateThread
GetLocalTime
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileAttributesW
ResumeThread
CloseHandle
GetNativeSystemInfo
GetModuleHandleW
DeleteFileW
LockResource
GetLastError
Wow64RevertWow64FsRedirection
CreateFileW
InitializeCriticalSectionEx
Wow64DisableWow64FsRedirection
WriteFile
VirtualProtect
SetEndOfFile
WriteConsoleW
ReadConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
SizeofResource
GetCommandLineW
GetCurrentDirectoryW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
GetConsoleMode
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FormatMessageW
LocalFree
WideCharToMultiByte
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
VirtualAlloc
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
Thread32Next
Thread32First
CreateActCtxW
GetTempPathW
UnmapViewOfFile
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
DuplicateHandle
ResetEvent
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThread
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
ReadFile
CreateNamedPipeW
TerminateThread
GetExitCodeThread
OpenProcess
IsWow64Process
SuspendThread
GetThreadTimes
OpenThread
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType
HeapAlloc

user32

GetWindowTextW
GetMenu
CreateWindowExW
DestroyIcon
LoadIconW
ChangeWindowMessageFilterEx
EnableMenuItem
wsprintfW
GetMessageW
CreateDialogParamW
CallWindowProcW
DestroyWindow
MessageBoxW
SendMessageW
EndDialog
SetWindowTextW
LoadAcceleratorsW
ShowWindow
IsWindow
DispatchMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
SendMessageA
SetWindowLongW
GetDlgItem
DialogBoxParamW
EnableWindow

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
DragQueryFileW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
RegOpenKeyW
OpenProcessToken
RegSetValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GSBOT cracked/Xenos64.exe
.exe windows:6 windows x64 arch:x64

d8c629b29d617e5840b52a1eb7e78d11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

SHDeleteKeyW
SHSetValueW

dbghelp

MiniDumpWriteDump

kernel32

RaiseException
LoadResource
FindResourceW
DecodePointer
GetWindowsDirectoryW
DeleteCriticalSection
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
CreateThread
GetLocalTime
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileAttributesW
ResumeThread
CloseHandle
GetNativeSystemInfo
GetModuleHandleW
DeleteFileW
LockResource
GetLastError
Wow64RevertWow64FsRedirection
CreateFileW
InitializeCriticalSectionEx
Wow64DisableWow64FsRedirection
WriteFile
VirtualProtect
SetEndOfFile
WriteConsoleW
ReadConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
SizeofResource
GetCommandLineW
CreateNamedPipeW
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
GetConsoleMode
GetConsoleCP
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FormatMessageW
LocalFree
WideCharToMultiByte
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
VirtualAlloc
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
Thread32Next
Thread32First
CreateActCtxW
GetTempPathW
UnmapViewOfFile
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
DuplicateHandle
ResetEvent
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThread
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
ReadFile
TerminateThread
GetExitCodeThread
OpenProcess
IsWow64Process
SuspendThread
GetThreadTimes
OpenThread
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType

user32

GetWindowTextW
GetMenu
CreateWindowExW
DestroyIcon
LoadIconW
ChangeWindowMessageFilterEx
EnableMenuItem
wsprintfW
GetMessageW
CreateDialogParamW
CallWindowProcW
DestroyWindow
MessageBoxW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
LoadAcceleratorsW
ShowWindow
IsWindow
DispatchMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
SendMessageA
GetDlgItem
DialogBoxParamW
EnableWindow

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
DragQueryFileW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
RegOpenKeyW
OpenProcessToken
RegSetValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GSBOT cracked/XenosCurrentProfile.xpr
Readme.txt

Sharing

General

Malware Config

Signatures

Files

3f43552e1a221e17f9e4377d2af572ff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

wininet

d3d9

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

2c4f8364dc2c225221cd7dc66caea7e0

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dbghelp

kernel32

user32

comdlg32

shell32

ole32

advapi32

Exports

Exports

Sections

.text Size: 637KB - Virtual size: 637KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 321KB - Virtual size: 321KB

d8c629b29d617e5840b52a1eb7e78d11

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dbghelp

kernel32

user32

comdlg32

shell32

ole32

advapi32

Exports

Exports

Sections

.text Size: 746KB - Virtual size: 746KB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 14KB - Virtual size: 24KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 321KB - Virtual size: 321KB

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 637KB - Virtual size: 637KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 321KB - Virtual size: 321KB

.text
Size: 746KB - Virtual size: 746KB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 14KB - Virtual size: 24KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 321KB - Virtual size: 321KB