AimAssistLeakedTigerZ[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AimAssistLeakedTigerZ.exe
Size

2.6MB
MD5

138feab29e64a15ab9e90237ee93dc47
SHA1

1df808ef239a8b9261033070a9dbe74c15d0f40f
SHA256

35890318db7b61954a3777a0faecdff06d1c1f1bb85fec497292db0985fafb7f
SHA512

25d55e9178c6b0ed73af7beec88c58f31653c5c08d0ec9429fbbdc4592d743d087410319691c4f9fdd5398aab319e16a7eefc351afd5576da7395ec505c9cd2e
SSDEEP

49152:SclflTpLa5Ztamtbi94zRG5UDXlDjnPL7:S+wBDlDjnPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AimAssistLeakedTigerZ.exe

Files

AimAssistLeakedTigerZ.exe
.exe windows:6 windows x64 arch:x64

ca6eddca312605b65ac4475755454132

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\dinod\Desktop\FUD ME NC 2.8\bin\target\release\deps\Quick_Pulsar.pdb

Imports

kernel32

GetLastError
GetFullPathNameW
Sleep
FindNextFileW
lstrlenW
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
FindFirstFileW
SetHandleInformation
GetCurrentThread
GetStdHandle
GetConsoleMode
CreateIoCompletionPort
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
SetLastError
GetEnvironmentVariableW
GetQueuedCompletionStatusEx
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateThread
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
IsDebuggerPresent
UnhandledExceptionFilter
HeapReAlloc
GetSystemInfo
SwitchToThread
FormatMessageW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetThreadStackGuarantee
AddVectoredExceptionHandler
FlushInstructionCache
SetUnhandledExceptionFilter
GetProcAddress
EnumSystemLocalesA
WriteProcessMemory
GetCurrentProcess
HeapCreate
HeapAlloc
GetProcessHeap
CloseHandle
GetModuleHandleA
FindClose
HeapFree
IsProcessorFeaturePresent

crypt32

CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChain
CertOpenStore
CertDuplicateStore
CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile

ws2_32

WSASocketW
setsockopt
connect
closesocket
getsockopt
shutdown
getaddrinfo
ioctlsocket
WSAStartup
WSACleanup
recv
send
getsockname
WSAGetLastError
getpeername
WSASend
freeaddrinfo
bind
WSAIoctl

advapi32

RegCloseKey
RegOpenKeyExW
SystemFunction036
RegQueryValueExW

secur32

FreeContextBuffer
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
DecryptMessage
EncryptMessage

vcruntime140

memcpy
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memmove
memset
memcmp
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm_e
exit
_exit
_register_onexit_function
__p___argc
terminate
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
__p___argv
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca6eddca312605b65ac4475755454132

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

crypt32

shell32

ole32

bcrypt

ntdll

ws2_32

advapi32

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 757KB - Virtual size: 757KB

.data Size: 512B - Virtual size: 952B

.pdata Size: 83KB - Virtual size: 83KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 757KB - Virtual size: 757KB

.data
Size: 512B - Virtual size: 952B

.pdata
Size: 83KB - Virtual size: 83KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 7KB - Virtual size: 7KB