Tricerat ScrewDrivers 7[.]1[.]3_x64_fu11[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Tricerat ScrewDrivers 7.1.3_x64_fu11.rar
Size

107.1MB
MD5

91c8fa673e699aa8e27570446be2e583
SHA1

b5dc8f5990bbb428175b7b054f53f2907196796c
SHA256

3dc50ce53a916b8c214758e93e97e626582d29aaffaf652bb3964fdd095d8b6b
SHA512

c35722b70c110ba717cc856049a2f70cbbe30ff97c83650e68bfaa13fe500c9d2f14f8e8474783760afd0b404aba9f919ba83df8601350f7c0f73648cc211a8f
SSDEEP

3145728:nikPhcRG7GilBVkji4LpxaWBV5ahq/fEUiJ57Im+/1:dP/GeypVB5ahq0l57n+/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Tricerat ScrewDrivers 7.1.3_x64_fu11/crack/vdp_rdpvcbridge.dll

Files

Tricerat ScrewDrivers 7.1.3_x64_fu11.rar
.rar

Password: softoroom
Tricerat ScrewDrivers 7.1.3_x64_fu11/ScrewDriversClient_7.1.3.18595_x64.msi
.msi
Tricerat ScrewDrivers 7.1.3_x64_fu11/ScrewDriversEssentials_7.1.3.18595_x64.msi
.msi
Tricerat ScrewDrivers 7.1.3_x64_fu11/crack/readme.txt
Tricerat ScrewDrivers 7.1.3_x64_fu11/crack/vdp_rdpvcbridge.dll
.dll windows:6 windows x64 arch:x64

Password: softoroom

b8c8f2b906aeb999b02ce591bd756220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
DebugBreak
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQuery
VirtualProtect
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
RtlCaptureContext

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memset
__std_exception_destroy
_CxxThrowException
__std_exception_copy
memcpy
__C_specific_handler

api-ms-win-crt-string-l1-1-0

wcscat_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Exports

Exports

VDP_FreeMemory
VDP_QuerySessionInformationW
VDP_VirtualChannelClose
VDP_VirtualChannelOpen
VDP_VirtualChannelOpenEx
VDP_VirtualChannelRead
VDP_VirtualChannelWrite

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: softoroom

Password: softoroom

b8c8f2b906aeb999b02ce591bd756220

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

api-ms-win-core-path-l1-1-0

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 756B

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 100B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 756B

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 100B