C:\Projects_CSharp\FastColoredTextBox\FastColoredTextBox\obj\Debug\FastColoredTextBox.pdb
General
-
Target
XWorm-RAT-V2.1-XWorm.zip
-
Size
34.0MB
-
MD5
6a5859351794162ae8f678a8ab7f376a
-
SHA1
2cf7195a0fe29adcb2c81b909c526abaf807e64b
-
SHA256
29fe532017539d0a37057cc6f0f3734219cd9bcd3ee9c05a009c055207bfb5a4
-
SHA512
5f6e72404362e6bed2a39a2ce7dbadb4dfbbf34636edb6624b3b9512d35570a955159621174f8fa1de794eef5507b1c4457ef40be123712c84cb5e6fba538328
-
SSDEEP
786432:BiIKtjXylNXspXclWQK1KDQXzTnHB35oQ9FeDym3yIZU:QLeJsSAlKWh35oQ9KVu
Score
10/10
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule static1/unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DisableWD.dll disable_win_def -
Nirsoft 1 IoCs
resource yara_rule static1/unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/ProduKey.dll Nirsoft -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule static1/unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Guna.UI2.dll agile_net -
Unsigned PE 61 IoCs
Checks for missing Authenticode signature.
resource unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Command Reciever.exe unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/FastColoredTextBox.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Guna.UI2.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/7zip.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/ACTWindows.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/AskUAC.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/BSOD.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/BlankScreen.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Bookmarks.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Bot.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Chat.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Chromium.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Clipboard.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Clipper.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Cmstp-Bypass.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Computerdefaults.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DeletePoints.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DeleteWD.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DicordTokens.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DisableWD.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Email.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Encoder.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/FileSeacher.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/FileZilla.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/HRDP.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/HVNC.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Info.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Install.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Keylogger.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/KillWindows.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Memory.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Microphone.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/NetInstall.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ngrok-Disk.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ngrok-Install.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Pastime.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/PreventSleep.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/ProduKey.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Programs.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ransomware.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/RunM.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/RunPE.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Script.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/TCPGET.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/UACBypass.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Update.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/VB.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/VNC.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WDExclusion.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WSound.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Wallpaper.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WebCam.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WifiKeys.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Worm.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/uninstall.dll unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Resource/data.dat unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/HVNC-Server.exe unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/ResHacker.exe unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/XHVNC.exe unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/XWorm RAT V2.1.exe unpack001/XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/dnlib.dll
Files
-
XWorm-RAT-V2.1-XWorm.zip.zip
-
XWorm-RAT-V2.1-XWorm/LICENSE
-
XWorm-RAT-V2.1-XWorm/README.md
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Command Reciever.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.4MB - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/FastColoredTextBox.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 331KB - Virtual size: 330KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Fixer.bat
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/GeoIP.dat
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Guna.UI2.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Ilham\source\repos\Guna.UI2\Guna.UI2\bin\Release\Secured\Guna.UI2.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/NAudio.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
37:37:aa:de:9f:72:21:81:eb:6e:a4:00:21:65:fb:e1Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/01/2019, 00:00Not After27/02/2022, 23:59SubjectCN=Razer USA Ltd.,O=Razer USA Ltd.,L=Irvine,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
d0:94:af:d7:9f:51:16:9c:c5:1a:e7:ea:23:e5:08:16:11:ae:03:76:1d:25:05:ee:5f:c2:9d:59:4a:68:c8:54Signer
Actual PE Digestd0:94:af:d7:9f:51:16:9c:c5:1a:e7:ea:23:e5:08:16:11:ae:03:76:1d:25:05:ee:5f:c2:9d:59:4a:68:c8:54Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\code\GitHub\NAudio\NAudio\obj\Release\NAudio.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 494KB - Virtual size: 493KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/7zip.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\7zip\7zip\obj\Debug\7zip.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/ACTWindows.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\ACTWindows\ACTWindows\obj\Debug\ACTWindows.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/AskUAC.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\AskUAC\AskUAC\obj\Debug\AskUAC.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/BSOD.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\BSOD\BSOD\obj\Debug\BSOD.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/BlankScreen.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\BlankScreen\BlankScreen\obj\Debug\BlankScreen.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Bookmarks.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Bookmarks\Bookmarks\obj\Debug\Bookmarks.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Bot.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Bot\Bot\obj\Debug\Bot.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Chat.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Chat\Chat\obj\Debug\Chat.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Chromium.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\Chromium\Chromium\obj\Debug\Chromium.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Clipboard.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Clipboard\Clipboard\obj\Debug\Clipboard.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Clipper.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Clipper\Clipper\obj\Debug\Clipper.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Cmstp-Bypass.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Cmstp-Bypass\Cmstp-Bypass\obj\Debug\Cmstp-Bypass.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Computerdefaults.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Computerdefaults\Computerdefaults\obj\Debug\Computerdefaults.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DeletePoints.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\DeletePoints\DeletePoints\obj\Debug\DeletePoints.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DeleteWD.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\DeleteWD\DeleteWD\bin\Debug\DeleteWD2.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 884B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DicordTokens.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\DicordTokens\DicordTokens\obj\Debug\DicordTokens.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/DisableWD.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\DisableWD\DisableWD\obj\Debug\DisableWD.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Email.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 980B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Encoder.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Encoder\Encoder\obj\Debug\Encoder.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/FileSeacher.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\FileSeacher\FileSeacher\bin\Debug\Final.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 472KB - Virtual size: 472KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/FileZilla.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\FileZilla\FileZilla\obj\Debug\FileZilla.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/HRDP.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\HRDP\HRDP\obj\Debug\HRDP.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 477KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/HVNC.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\HVNC\HVNC\obj\Debug\HVNC.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Info.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Info\Info\obj\Debug\Info.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Install.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Install\Install\obj\Debug\Install.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Keylogger.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\Keylogger\Keylogger\obj\Debug\Keylogger.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/KillWindows.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\KillWindows\KillWindows\obj\Debug\KillWindows.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Memory.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Memory\Memory\obj\Debug\Memory.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Microphone.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\MIC\MIC\bin\Debug\Microphone.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 538KB - Virtual size: 538KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/NetInstall.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\NetInstall\NetInstall\obj\Debug\NetInstall.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ngrok-Disk.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\Ngrok-Disk\Ngrok-Disk\bin\Debug\Ngrok-Install.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 12.3MB - Virtual size: 12.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ngrok-Install.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 382KB - Virtual size: 382KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Pastime.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Pastime\Pastime\obj\Debug\Pastime.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/PreventSleep.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\PreventSleep\PreventSleep\obj\Debug\PreventSleep.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/ProduKey.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\ProduKey\ProduKey\obj\Debug\ProduKey.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Programs.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\Programs\Programs\obj\Debug\Programs.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Ransomware.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Ransomware\Ransomware\obj\Debug\Ransomware.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/RunM.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\RunM\RunM\obj\Debug\RunM.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/RunPE.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\PE SRC\RunPE\obj\Debug\RunPE.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Script.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Script\Script\obj\Debug\Script.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/TCPGET.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\TCPGET\TCPGET\obj\Debug\TCPGET.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/UACBypass.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\UACBypass\UACBypass\obj\Debug\UACBypass.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Update.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\Update\Update\obj\Debug\Update.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/VB.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\VB\VB\obj\Debug\VB.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/VNC.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\VNC\VNC\obj\Debug\VNC.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 655KB - Virtual size: 655KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WDExclusion.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\XWorm V2.0 License Updated 12-7-2021\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\WDExclusion\WDExclusion\obj\Debug\WDExclusion.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WSound.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\Sound\Sound\bin\Debug\WSound.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 538KB - Virtual size: 537KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Wallpaper.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\Wallpaper\Wallpaper\obj\Debug\Wallpaper.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WebCam.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Documents\Visual Studio 2015\Projects\WCAM\WCAM\bin\Debug\WebCam.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 207KB - Virtual size: 207KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/WifiKeys.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
c:\users\laptop\documents\visual studio 2015\Projects\WifiKeys\WifiKeys\obj\Debug\WifiKeys.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/Worm.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\XWorm V2.0 License Updated\XWorm V2.0\XWorm V2.0\XWorm V2.0\P\Worm\Worm\obj\Debug\Worm.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Plugins/uninstall.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\LapTop\Desktop\uninstall\uninstall\obj\Debug\uninstall.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Resource/data.dat.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\attat\source\repos\Millenium RAT Buillder V2.8\Millenium\Millenium\obj\Release\net462\conhost.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 5.6MB - Virtual size: 5.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/Background.png.png
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/HVNC-Server.exe.exe windows:6 windows x86 arch:x86
638c3474e6b92f46c9790abce213198c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\LapTop\Desktop\HVNC\Source\Server\Release\Server.pdb
Imports
kernel32
CreateThread
ResetEvent
GetProcAddress
CreateEventA
LoadLibraryW
RaiseException
DecodePointer
WriteConsoleW
SetFilePointerEx
SetEndOfFile
HeapReAlloc
CloseHandle
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CreateFileW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetEvent
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetConsoleTitleW
AllocConsole
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
SetLastError
DeleteCriticalSection
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetModuleHandleW
user32
wsprintfW
LoadCursorW
LoadIconW
ShowWindow
RegisterClassExW
CreateWindowExW
EndPaint
BeginPaint
ReleaseDC
PostQuitMessage
AppendMenuW
GetClientRect
TranslateMessage
PeekMessageW
GetMessageW
DefWindowProcW
GetSystemMenu
GetKeyState
PostMessageW
GetDC
FillRect
InvalidateRgn
DispatchMessageW
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
SetDIBits
DeleteObject
CreateSolidBrush
DeleteDC
ws2_32
inet_ntoa
WSAGetLastError
htons
recv
ntohs
socket
send
getsockname
getpeername
WSAStartup
listen
closesocket
bind
accept
advapi32
SystemFunction036
Sections
.text Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/ResHacker.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 736KB - Virtual size: 736KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 9KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 201KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Tools/vncviewer.exe.exe windows:5 windows x86 arch:x86
66356bfceadca611b2dc546e6b5d92af
Code Sign
01:30:2f:6c:9f:56:b5:a7:b0:0d:14:85:10:a5:a5:9eCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before28/10/2019, 00:00Not After01/11/2022, 12:00SubjectCN=uvnc bvba,O=uvnc bvba,L=Antwerpen,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00Not After11/01/2031, 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00Not After22/03/2029, 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
b0:ba:dc:c2:ba:6f:a7:72:c9:4e:d0:b2:a2:0d:c4:2a:71:11:89:c2:fc:27:c1:1b:4f:f8:0a:0d:0d:f0:38:13Signer
Actual PE Digestb0:ba:dc:c2:ba:6f:a7:72:c9:4e:d0:b2:a2:0d:c4:2a:71:11:89:c2:fc:27:c1:1b:4f:f8:0a:0d:0d:f0:38:13Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17
winmm
timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA
ws2_32
inet_addr
gethostbyname
WSAStartup
WSACleanup
ioctlsocket
recv
bind
WSAAsyncSelect
listen
accept
getpeername
closesocket
send
__WSAFDIsSet
connect
socket
select
WSAGetLastError
htons
shutdown
setsockopt
kernel32
FindClose
LoadLibraryA
FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
ExpandEnvironmentStringsA
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
FindFirstFileA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
HeapSize
CopyFileA
GetConsoleCP
SetHandleCount
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FindFirstFileExA
GetFullPathNameA
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetDateFormatA
GetTimeFormatA
HeapAlloc
ExitProcess
GetModuleHandleW
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
TlsAlloc
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
CreateSemaphoreA
TlsSetValue
GetCurrentThread
GetCurrentProcess
TlsGetValue
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleMode
GetProcAddress
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
CloseHandle
GetModuleFileNameA
ResetEvent
GetLastError
Beep
GetFileAttributesA
CreateEventA
Sleep
RemoveDirectoryA
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
lstrcatA
DosDateTimeToFileTime
GetVolumeInformationA
GetVersion
LocalFileTimeToFileTime
lstrcpynA
CreateMutexA
ReleaseMutex
SetVolumeLabelA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
GetStringTypeW
user32
LoadKeyboardLayoutA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
CreateDialogParamA
IsDlgButtonChecked
SetWindowRgn
LoadBitmapA
PtInRect
IntersectRect
GetDesktopWindow
GetMenuStringA
ScreenToClient
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
PeekMessageA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
SetCapture
GetScrollInfo
SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetTopWindow
GetWindow
MapWindowPoints
GetMessageA
TrackPopupMenu
GetMenuItemID
CharToOemA
OemToCharA
wvsprintfA
SetDlgItemTextA
DialogBoxParamA
LoadImageA
EndDialog
SetForegroundWindow
TranslateAcceleratorA
CreateAcceleratorTableA
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
SetRect
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
SendMessageA
GetWindowTextA
GetWindowLongA
GetDlgItem
SetWindowTextA
GetDlgItemTextA
DestroyAcceleratorTable
gdi32
DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
advapi32
OpenProcessToken
GetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AdjustTokenPrivileges
IsValidAcl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
RegSetValueExA
shell32
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA
imm32
ImmAssociateContext
gdiplus
GdiplusShutdown
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdiplusStartup
Sections
.text Size: 767KB - Virtual size: 767KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 348KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 482KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/Uploader.php
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/XHVNC.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/XWorm RAT V2.1.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\attat\source\repos\XWorm RAT V2.1\XWorm RAT V2.1\obj\Release\XWorm RAT V2.1.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
XWorm-RAT-V2.1-XWorm/XWorm RAT V2.1/dnlib.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\a\dnlib\dnlib\src\obj\Release\net35\dnlib.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ