C:\Users\jacob\Documents\Projects\ScintillaNET\src\ScintillaNET\obj\Release\ScintillaNET.pdb
Static task
static1
1 signatures
General
-
Target
Krnl ReBuild.rar
-
Size
26.9MB
-
MD5
ea43f76bfa9c5d4c7910454c16ebf766
-
SHA1
1d539e1bc4d207482aeb292e777d95270f4d736b
-
SHA256
5e1854126da8b5fcd22dd32840797a7751c7d08a7380671e8039692e6e697ffb
-
SHA512
01bc333a7fbc57cff8e3ae5cefccf9cab2553fdcd84264886d69dde5aa8ebfeee7b3e435c699506a41856b2e74421dc4ef8a5f613a447d5d5c6e81eef7782e1e
-
SSDEEP
786432:GPv4iaa/4T4x6YECTuv7BZplZA3aDXDbe5tw:GPv4iaawTU65zBDlyKXXevw
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/Krnl ReBuild/Bunifu_UI_v1.5.3.dll unpack001/Krnl ReBuild/ScintillaNET.dll unpack001/Krnl ReBuild/injector.dll unpack001/Krnl ReBuild/krnl.dll unpack001/Krnl ReBuild/krnl.exe
Files
-
Krnl ReBuild.rar.rar
-
Krnl ReBuild/Bunifu_UI_v1.5.3.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 234KB - Virtual size: 233KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Krnl ReBuild/ScintillaNET.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Krnl ReBuild/autoexec.lnk.lnk
-
Krnl ReBuild/injector.dll.dll windows:6 windows x86 arch:x86
d588e0751eeca8d75865b11d7d0b6027
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Archives\repos\krnl_injector\Release\krnl_injector.pdb
Imports
kernel32
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
CloseHandle
Module32FirstW
GetProcAddress
VirtualAllocEx
GetFileAttributesW
ReadProcessMemory
GetModuleHandleW
WideCharToMultiByte
CreateRemoteThread
Module32NextW
VirtualFreeEx
SetUnhandledExceptionFilter
WaitForSingleObject
LocalFree
WriteProcessMemory
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
advapi32
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
msvcp140
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
vcruntime140
__CxxFrameHandler3
__std_exception_destroy
_except_handler4_common
memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_copy
memcpy
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
api-ms-win-crt-runtime-l1-1-0
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
Exports
Exports
_inject_dll@8
_is_injected@12
_pass_console_input@16
_run_script@16
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Krnl ReBuild/krnl.dll.dll windows:6 windows x86 arch:x86
615138fe2fa1806ffa5686c81568e1f8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
AcquireSRWLockExclusive
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
ClientToScreen
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
ws2_32
WSACleanup
crypt32
CertAddCertificateContextToStore
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
shell32
SHGetFolderPathW
imm32
ImmGetContext
d3dcompiler_47
D3DCompile
advapi32
CryptAcquireContextA
wldap32
ord301
normaliz
IdnToAscii
bcrypt
BCryptGenRandom
wtsapi32
WTSSendMessageW
Exports
Exports
queue_script
send_console_input
Sections
.text Size: - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 381KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.voltbl Size: - Virtual size: 348B
.asd10 Size: - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.asd11 Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 223B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Krnl ReBuild/krnl.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20.5MB - Virtual size: 20.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Krnl ReBuild/krnlss.exe.config.xml
-
Krnl ReBuild/workspace.lnk.lnk.lnk