System Files[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

System Files.zip
Size

28.3MB
MD5

78879ecdbe9a90295080a207f88d3d84
SHA1

b566b0c4d1151fa4708edf7410a757b13ef18d74
SHA256

4e928d44a6923aaf6733b2243f3751ef083c5ee54a70e9a642990e130c9cbf08
SHA512

6e75d1149e0a9f8759510a316f47dab7140d0c626100e91092d8aab11be4845f952328128b419bcdffcf29d11b16b1e3680897b8993ee642a3f6ec292708c7b0
SSDEEP

786432:CqrnbK0azty7mZ4hHQXst8ukOBlx2ULVEpoSuo3LZIQ8nP:CqT2tDEwXk8Ulx2uKpoSuo3LKZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Desktop Goose.exe
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Mono.Security.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Configuration.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Core.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Drawing.Common.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Net.Http.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Numerics.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Security.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Xml.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Xamarin.Mac.dll
unpack001/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/mscorlib.dll

Files

System Files.zip
.zip

Password: IImAss
System Files/.DS_Store
System Files/System/.DS_Store
System Files/System/Users.js/.DS_Store
System Files/System/Users.js/Applications/.DS_Store
System Files/System/Users.js/Applications/Goose.app/Contents/CodeResources
System Files/System/Users.js/Applications/Goose.app/Contents/Info.plist
System Files/System/Users.js/Applications/Goose.app/Contents/MacOS/Desktop Goose
.macho macos arch:x64
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Desktop Goose.exe
.exe windows:4 windows x86 arch:x86

Password: IImAss

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

/Users/zydeco/Documents/Projects/Desktop Goose/MacGoose/obj/Release/Desktop Goose.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Mono.Security.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/Mono.Security.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Configuration.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Configuration.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Core.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Drawing.Common.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/Facades/System.Drawing.Common.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Net.Http.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Net.Http.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Numerics.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Numerics.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Security.dll
.dll windows:4 windows x86 arch:x86

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Security.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.Xml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.Xml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/System.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/Current/src/Xamarin.Mac/mcs/class/lib/xammac_net_4_5/System.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/Xamarin.Mac.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/Library/Frameworks/Xamarin.Mac.framework/Versions/6.14.1.23/src/Xamarin.Mac/build/mac/full-64/Xamarin.Mac.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20.7MB - Virtual size: 20.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/config
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/libMonoPosixHelper.dylib
.dylib macos arch:x64
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/libmono-native.dylib
.dylib macos arch:x64
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/machine.config
.xml
System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/mscorlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

/Users/builder/jenkins/workspace/archive-mono/2019-10/mac/release/mcs/class/lib/xammac_net_4_5/mscorlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Files/System/Users.js/Applications/Goose.app/Contents/PkgInfo
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/AppIcon.icns
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Assets.car
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/BITE.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/DesktopGoose.sdef
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/DonatePage.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Honk1.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Honk2.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Honk3.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Honk4.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/MacAbout.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/64d40b877793f.webp
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/GooseDance.gif
.gif
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme1.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme2.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme3.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme4.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme5.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme6.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/Meme7.png
.png
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/download.jpg
.jpg
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/MudSquith.mp3
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/Note1.txt
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/Note2.txt
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/Note4.txt
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/Note5.txt
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/Note6.txt
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Pat1.wav
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Pat2.wav
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Pat3.wav
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/PreferencesWindow.nib
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/archived-expanded-entitlements.xcent
.xml
System Files/System/Users.js/Applications/Goose.app/Contents/Resources/runtime-options.plist
.xml
System Files/System/Users.js/Applications/Goose.app/Contents/_CodeSignature/CodeResources
.xml
System Files/System/Users.js/Downloads/Archive.zip
.zip
System Files/System/Users.js/Downloads/v4y-7CqJd4MPSPNhOp9_SiFwPf25-gPmPeZZhAhbGow.webp
System Files/System/Users.js/Overides.js/The funni.zip
.zip
System Files/System/Users.js/Users/.DS_Store
System Files/System/Users.js/Users/user.js-master/.DS_Store
System Files/System/Users.js/Users/user.js-master/Ax400/.DS_Store
System Files/System/Users.js/Users/user.js-master/Ax400/You're Gay.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u1.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u10.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u11.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u12.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u13.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u14.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u15.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u16.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u2.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u3.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u4.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u5.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u6.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u7.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u8.jpg
.jpg
System Files/System/Users.js/Users/user.js-master/Ax400/u9.jpg
.jpg
__MACOSX/System Files/._.DS_Store
__MACOSX/System Files/System/._.DS_Store
__MACOSX/System Files/System/._Users.js
__MACOSX/System Files/System/Users.js/._.DS_Store
__MACOSX/System Files/System/Users.js/._Overides.js
__MACOSX/System Files/System/Users.js/Applications/._.DS_Store
__MACOSX/System Files/System/Users.js/Applications/._Goose.app
__MACOSX/System Files/System/Users.js/Applications/Goose.app/._Contents
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._CodeResources
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._Info.plist
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._MacOS
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._MonoBundle
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._PkgInfo
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/._Resources
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/.__CodeSignature
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MacOS/._Desktop Goose
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._Desktop Goose.exe
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._Mono.Security.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Configuration.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Core.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Drawing.Common.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Net.Http.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Numerics.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Security.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.Xml.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._System.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._Xamarin.Mac.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._config
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._libMonoPosixHelper.dylib
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._libmono-native.dylib
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._machine.config
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/MonoBundle/._mscorlib.dll
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._AppIcon.icns
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Assets.car
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._BITE.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._DesktopGoose.sdef
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._DonatePage.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Honk1.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Honk2.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Honk3.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Honk4.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._MacAbout.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Memes
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._MudSquith.mp3
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Notes
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Pat1.wav
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Pat2.wav
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._Pat3.wav
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._PreferencesWindow.nib
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._archived-expanded-entitlements.xcent
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/._runtime-options.plist
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._64d40b877793f.webp
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._GooseDance.gif
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme1.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme2.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme3.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme4.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme5.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme6.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._Meme7.png
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Memes/._download.jpg
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/._Note1.txt
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/._Note2.txt
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/._Note4.txt
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/._Note5.txt
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/Resources/Notes/._Note6.txt
__MACOSX/System Files/System/Users.js/Applications/Goose.app/Contents/_CodeSignature/._CodeResources
__MACOSX/System Files/System/Users.js/Downloads/._Archive.zip
__MACOSX/System Files/System/Users.js/Downloads/._v4y-7CqJd4MPSPNhOp9_SiFwPf25-gPmPeZZhAhbGow.webp
__MACOSX/System Files/System/Users.js/Overides.js/._The funni.zip
__MACOSX/System Files/System/Users.js/Users/._.DS_Store
__MACOSX/System Files/System/Users.js/Users/._user.js-master
__MACOSX/System Files/System/Users.js/Users/user.js-master/._.DS_Store
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._.DS_Store
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._You're Gay.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u1.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u10.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u11.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u12.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u13.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u14.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u15.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u16.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u2.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u3.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u4.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u5.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u6.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u7.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u8.jpg
__MACOSX/System Files/System/Users.js/Users/user.js-master/Ax400/._u9.jpg

Sharing

General

Malware Config

Signatures

Files

Password: IImAss

Password: IImAss

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 47KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 117KB - Virtual size: 117KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 154KB - Virtual size: 154KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 273KB - Virtual size: 272KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: IImAss

dae02f32a21e03ce65412f6e56942daa

.text
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 154KB - Virtual size: 154KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 273KB - Virtual size: 272KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 306KB - Virtual size: 306KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20.7MB - Virtual size: 20.7MB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 12B