Casmo_perm_woofer[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Casmo_perm_woofer.rar
Size

12.3MB
MD5

4e6f678356180c839e620f14d2cf16cd
SHA1

33be01a59b13ceb270b0fc2ab6f8ba3f3573dbba
SHA256

1425a103672172d3731b82afa6b35922c01bdd294abff285a197c1a31a8b446b
SHA512

6d322f26e1118db95f74e147a1a4d1c9664168e1e485b359b3588b575803cc7df532afbad4635570b32808cdd5c1f094f535b42437a878755002b9f6df1d3eef
SSDEEP

196608:3Qgt3d2nJ9d+ksgtJvIh2F443Mmp/BByS7rv5RwFDWLtnlpCW56AmpHZAggk/qBA:gO2nJrnseIh43MQ/F0iBmWIAmp5Avkmo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Perm woofer/BadwareFreePermaUnban.exe
unpack001/Perm woofer/FixSerials.exe

Files

Casmo_perm_woofer.rar
.rar
Perm woofer/BadwareFreePermaUnban.exe
.exe windows:6 windows x64 arch:x64

55c0044c48f8115f60d32125ff06fd64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASetLastError

wldap32

ord50

crypt32

CryptQueryObject

advapi32

CryptEnumProvidersW

kernel32

SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

shell32

ShellExecuteA

userenv

UnloadUserProfile

rpcrt4

UuidCreate

urlmon

URLDownloadToFileA

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.":u
Size: - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ruX
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

."th
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Perm woofer/Cleaners/FortniteCleaner.bat
Perm woofer/Cleaners/Registry.bat
Perm woofer/Cleaners/Reset_ip.bat
Perm woofer/Cleaners/Serials_Checker.bat
Perm woofer/Cleaners/regedit_change.bat
Perm woofer/Cleaners/riot client unistaller.bat
Perm woofer/Cleaners/valo1.bat
Perm woofer/Cleaners/valo2.bat
Perm woofer/FixSerials.exe
.exe windows:6 windows x64 arch:x64

9f16a94c475fe9051ead2215b95aaf56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ShellAboutW

kernel32

GetModuleHandleA

user32

OffsetRect

advapi32

RegQueryValueA

Sections

.text
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Perm woofer/How to use.txt
Perm woofer/License .gg casmo.txt

Sharing

General

Malware Config

Signatures

Files

55c0044c48f8115f60d32125ff06fd64

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

userenv

rpcrt4

urlmon

bcrypt

Sections

.text Size: - Virtual size: 2.4MB

.rdata Size: - Virtual size: 785KB

.data Size: - Virtual size: 1.6MB

.pdata Size: - Virtual size: 99KB

_RDATA Size: - Virtual size: 500B

.":u Size: - Virtual size: 7.3MB

.ruX Size: 4KB - Virtual size: 3KB

."th Size: 13.8MB - Virtual size: 13.8MB

.rsrc Size: 512B - Virtual size: 480B

9f16a94c475fe9051ead2215b95aaf56

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

Sections

.text Size: - Virtual size: 18KB

.rdata Size: - Virtual size: 8KB

.text Size: - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 960B

.rsrc Size: 1024B - Virtual size: 824B

.data Size: 255KB - Virtual size: 255KB

.text
Size: - Virtual size: 2.4MB

.rdata
Size: - Virtual size: 785KB

.data
Size: - Virtual size: 1.6MB

.pdata
Size: - Virtual size: 99KB

_RDATA
Size: - Virtual size: 500B

.":u
Size: - Virtual size: 7.3MB

.ruX
Size: 4KB - Virtual size: 3KB

."th
Size: 13.8MB - Virtual size: 13.8MB

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 18KB

.rdata
Size: - Virtual size: 8KB

.text
Size: - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 960B

.rsrc
Size: 1024B - Virtual size: 824B

.data
Size: 255KB - Virtual size: 255KB