lumma | bypass_1[.]6[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

bypass_1.6.rar
Size

5.5MB
MD5

1359482bc9c2c61be29e1e2e703675c1
SHA1

22b4f050f21250a0decd9057258ae0842adaf63b
SHA256

5bc2edfe5ff8985697f847d123798321c06f4324ed8bf6cb7a8b91aae932bd9e
SHA512

1c3e46dba1fdeae3b0b8af472ce229cb52283a95ce1fb3a3f64a69265bd2bc9b251f1045cf20e755f2e19504a5374cd367d867da756600b3bff9c7db91766ab3
SSDEEP

98304:6878/uJyHOe/uyRvy775rpZ7T/W3nIhj6YxUNtjZ3GtclnsN5mCAIrV3wSehntZQ:68g/uJyH/E5r7T/W3IhjrxUXJfW5tNhT

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
static1/unpack001/bypass_1.6/bypass_1.6/bypass 1.6/Bypass.dll	family_lumma_v4

Lumma family
lumma

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RDR3.exe
unpack001/bypass_1.6/bypass_1.6/bypass 1.6/Bypass.dll
unpack001/bypass_1.6/bypass_1.6/bypass 1.6/Executor/Xenos64.exe
unpack001/bypass_1.6/bypass_1.6/bypass 1.6/bypass.exe

Files

bypass_1.6.rar
.rar
RDR3.exe
.exe windows:6 windows x64 arch:x64

3283db44436f9cda0258af37cca51bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

ntdll

NtQuerySystemInformation

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

��h��z��D~�h"��- ��)�D�u��s�Y��D�� -��t��T��o"1Q!�>@YT�~s�X'�!�z<�h��vrw��z�)��M1��Y��J&�Ƨ��N�H=0�%Z��B�RsS��~��*��-�Ys�} O� ��1�Rt�A��c�ťgdKK�W��hGPᙚ��>��D��>��vn'�)>�4��V�N��v�o� �� x��2V�A�4~�ԍ6m=g(?��{\"s��S|�� Ϟ�1S�=:ٮx��+֌>pJ�-��% �݇��1�ظlGMYi��5��:җ �tǨ��z�#��+�HR�H�~��w@�HE`�h�F�%��",�/�`L��,�Ó��[ ��n?7GR�[r�' ��w�wy�KS��7�cC��?&��zc��!*R��Ҽĭ< z�}�1]�y@[1��Y�e�5)�0DP/W��#5��E1`�R�q��ܐ�Bl�7�/�}��JW��`�هY�4F�}�Ѫ֓-i��&��h!�P��`�iL>�w[�A��3+�j"��[<ϊj�X�J��c�V@�:�O+ev��z1�"��M �s�ĳ��G�5��s�F��]7fzS�敖s@��m3��X�?��-D9��~��F`�� i}{��sa��2��N��1��i��WW^C=��xL��j�zK��ofQ�XJ��p��uԥ�`x6A"�V}�3��#fݬ��I�>��a&��,�6��z�`bC߰_�^n��Wj� i��)�L��`=1y�"x��T��u�o�RV�&��hH'p�o ��>�蕲U��)f��Q� �4�e�^�k�'�J��s��P��_uԄ:��1��I��KS��ӕ�QW��)c]ay'�m�f��L�� *@�~�6|��σ!0G�r5t[�y*8�Z�}�E��ȞB�1ĻMD�~��E=B: P1g-��\ޡ��U��U��]�!m�UG��í�0��r�vٙذt��jd��c�&��$�_"K��s�p�q�K��"iC��%Bس�G|�؀��P��K��T�U��~��:gJ'=f P��3�'�QkR�ϠRɖ��^�k��CX�~~�Sq�<�p�kqo��K��K��RZ�fx\�^Wcb-�-pZ(mS[��Vq�J��'�9P��J@=r#o�R\��S�y��a ��#��h��f�J��ܒ��ߍQ̻�� DG6_�.�uyUM)Y��X��N%�)�.Ni0>*�b(�F�9�7R�f��c|��`��|��x�̹��=�G�QIU>O�x��]�֤�`r9�DZ��v��h�KRki��[��{�wI*BH��J/Z?}U�uc��8[�O��{-��N��?�M��\�j-��|���0����<=�vf��谲ƅm\DmH?d�U�S�<)q��7/p7w��C��6�;~��*1�`7;P��봧��.��u�מ��_7��&Xy��-'�{03*ڃ �f�1��죬ug��Q��j�獿X� 8��,�/4��q�MJ�,�8�%+7+hM�K/#mK=��X��> �=�e�-�Z��c��F� �Qx�� %Ӡ�[G� ��8�0^)�ȃ�mi��TL�� >_Bo9�z�G�> ��f. �j�R�Q��Pb*�ث.��E�z��I>xήYk�vŋ��%�hE�Z�V��M�V6/��ך�j�"�%��i$��2��yk$��F��0�B��ӑ�胤ň}9G�gO }�S��L+��VlZ��E�u�~�;�d��ō��u��¸�%�W��:��:�nj� �¤��q��\r�=�}��T:W��q6 ��n��]��vrA� L�ه�q�J��X�{��{�:��f�(��r�P��+�U^Q�Q��r �$��d�_�S5�456�t��#�0�;io 6�m=��Z�Q�Y��m��K}��( lڀ��G靚�(��SQ��М�ܡ7;̹�}�'4��S��&�H��lhI@��*��Z>��Q4IT�-;��Yw�OD�}�� ۆ�� Gm��"y�Nk7;��j� �I7�ڏ9{o@�$��"��k�ݙ0��9:�-C��gdFͷ��EMN��"�7t]��[�5(��~�[��i��]a��{�e4��_�\=�9��#6��7��zr��nB��>s�|��_�9��N��ȉ`u�fd�}��`f�{�� ;�+Q]�� N@�le��97�74�GcJ0 |s��h��d��%L�c��1y3��i$��,�J�E�dL�l�ƽ�r ��%@#C�y�G9X7N�@:�7��{��:�Bm�D��%�Ict�Fʽ��se� ��vy��#t��P3Li��!�*��ҳ�nJb��-�"e�~O^��H��M��iiI��|:\�n�� c�B��c��F�"/B� ��:ZQy��HîS�Sd�Y��f�QG ʱv�FV��.��@DC4:��t�P!Q4do�08H+ߟ4��|�[��H��?lR+��<�� W�]o�ɴ�OR)��s��S� M��)�2l$J��n��|k��r锏RA*��h,S1�]׼�cja�ث�_=�T��&��O0�d �n�� ސw�^Q�h��d=%q��1o�D�T�ł��6�7�2arc�N;o�ɟ�$J"��r��@�%H5�� P�l�E*�-ܤ/v��2B��'O@�{��I*y��~��G�(��@��N��O)t(��E�

Sections

.gala
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xys23
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prom
Size: - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ax512
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_gbit_
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2024
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tiko
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.limco
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dino
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bypass_1.6/bypass_1.6/bypass 1.6/Bypass.dll
.dll windows:6 windows x86 arch:x86

5da6b031617f6ee9d662f24bc6d4c6f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Victor\source\repos\VBR_DLL-TESTE - NEW\Release\VBR_DLL.pdb

Imports

kernel32

IsBadReadPtr
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
HeapSize
CreateFileW
SetStdHandle
DecodePointer
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
CreateThread
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
LCMapStringW
K32GetModuleInformation
Sleep
GetModuleHandleA
TerminateProcess
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
VirtualProtect
ReadProcessMemory
GetACP
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
SetEndOfFile

user32

CallWindowProcA
GetAsyncKeyState
FindWindowA
SetWindowLongW
SetForegroundWindow
MessageBeep
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

shell32

ShellExecuteA

d3dx9_42

D3DXMatrixInverse

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bypass_1.6/bypass_1.6/bypass 1.6/Executor/Xenos.log
bypass_1.6/bypass_1.6/bypass 1.6/Executor/Xenos64.exe
.exe windows:6 windows x64 arch:x64

d8c629b29d617e5840b52a1eb7e78d11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Dev\Xenos\build\x64\Release\Xenos64.pdb

Imports

shlwapi

SHDeleteKeyW
SHSetValueW

dbghelp

MiniDumpWriteDump

kernel32

RaiseException
LoadResource
FindResourceW
DecodePointer
GetWindowsDirectoryW
DeleteCriticalSection
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
CreateThread
GetLocalTime
ExitProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileAttributesW
ResumeThread
CloseHandle
GetNativeSystemInfo
GetModuleHandleW
DeleteFileW
LockResource
GetLastError
Wow64RevertWow64FsRedirection
CreateFileW
InitializeCriticalSectionEx
Wow64DisableWow64FsRedirection
WriteFile
VirtualProtect
SetEndOfFile
WriteConsoleW
ReadConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
SizeofResource
GetCommandLineW
CreateNamedPipeW
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
GetConsoleMode
GetConsoleCP
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FormatMessageW
LocalFree
WideCharToMultiByte
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
VirtualAlloc
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
Thread32Next
Thread32First
CreateActCtxW
GetTempPathW
UnmapViewOfFile
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
DuplicateHandle
ResetEvent
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThread
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
ReadFile
TerminateThread
GetExitCodeThread
OpenProcess
IsWow64Process
SuspendThread
GetThreadTimes
OpenThread
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
SwitchToThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType

user32

GetWindowTextW
GetMenu
CreateWindowExW
DestroyIcon
LoadIconW
ChangeWindowMessageFilterEx
EnableMenuItem
wsprintfW
GetMessageW
CreateDialogParamW
CallWindowProcW
DestroyWindow
MessageBoxW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
LoadAcceleratorsW
ShowWindow
IsWindow
DispatchMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
SendMessageA
GetDlgItem
DialogBoxParamW
EnableWindow

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
DragQueryFileW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

advapi32

RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
RegOpenKeyW
OpenProcessToken
RegSetValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bypass_1.6/bypass_1.6/bypass 1.6/Executor/XenosCurrentProfile.xpr
bypass_1.6/bypass_1.6/bypass 1.6/Xenos.log
bypass_1.6/bypass_1.6/bypass 1.6/bypass.exe
.exe windows:4 windows x86 arch:x86

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3283db44436f9cda0258af37cca51bae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

wtsapi32

user32

Exports

Exports

Sections

.gala Size: - Virtual size: 185KB

.xys23 Size: - Virtual size: 100KB

.prom Size: - Virtual size: 889KB

.ax512 Size: - Virtual size: 10KB

_gbit_ Size: - Virtual size: 348B

.2024 Size: - Virtual size: 2.5MB

.tiko Size: 4.9MB - Virtual size: 4.9MB

.limco Size: 512B - Virtual size: 224B

.dino Size: 512B - Virtual size: 480B

5da6b031617f6ee9d662f24bc6d4c6f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

d3dx9_42

imm32

Sections

.text Size: 545KB - Virtual size: 544KB

.rdata Size: 445KB - Virtual size: 445KB

.data Size: 5KB - Virtual size: 40KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 17KB - Virtual size: 17KB

d8c629b29d617e5840b52a1eb7e78d11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dbghelp

kernel32

user32

comdlg32

shell32

ole32

advapi32

Exports

Exports

Sections

.text Size: 746KB - Virtual size: 746KB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 14KB - Virtual size: 24KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 321KB - Virtual size: 321KB

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

winmm

ole32

shlwapi

Sections

.gala
Size: - Virtual size: 185KB

.xys23
Size: - Virtual size: 100KB

.prom
Size: - Virtual size: 889KB

.ax512
Size: - Virtual size: 10KB

_gbit_
Size: - Virtual size: 348B

.2024
Size: - Virtual size: 2.5MB

.tiko
Size: 4.9MB - Virtual size: 4.9MB

.limco
Size: 512B - Virtual size: 224B

.dino
Size: 512B - Virtual size: 480B

.text
Size: 545KB - Virtual size: 544KB

.rdata
Size: 445KB - Virtual size: 445KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 746KB - Virtual size: 746KB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 14KB - Virtual size: 24KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 321KB - Virtual size: 321KB

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB