gasai_selfbot_cracked[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

gasai_selfbot_cracked.rar
Size

133.0MB
MD5

0dab82c0a992d65ac334fc01a3034415
SHA1

6072bcae488a681175405055ffa003e2756bfb99
SHA256

829d348eb2637386211bfe31b9ce1cca1c545e3a18a60bf20513a969fe97596b
SHA512

09c1557203fa5e62bfe8755b2af608d6f6fd1fd3aa34041b78a53c8be58663926cf7b7bef037dde53ab99970f7cc38e8981aafcc3a4a9c78e977ed7737710ab2
SSDEEP

3145728:1OtbcqKEKvkqWz6UjnLI/+aAo/3m1zZQGEkLq6N3FJ0x1E0rV:1H0Kvk2KLRxo+nLN3FJ0x1Ew

Score

7^/10

pyinstaller themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/gasai_cracked/crack.dll	themida

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/gasai_cracked/Gasai.exe	pyinstaller

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gasai_cracked/Gasai.exe
unpack001/gasai_cracked/crack.dll
unpack001/gasai_cracked/launcher.exe
unpack001/pyarmor obfed src/pytransform/_pytransform.dll

Files

gasai_selfbot_cracked.rar
.rar
extraced_code_memory.txt
gasai_cracked/Gasai.exe
.exe windows:5 windows x64 arch:x64

0bbecc8e9f9f17b0ea9cc3899b15e5cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
FreeLibrary
LoadLibraryExW
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
GetStartupInfoW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gasai.pyc
gasai_cracked/config.json
gasai_cracked/crack.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
gasai_cracked/device_whitelist.json
gasai_cracked/launcher.exe
.exe windows:6 windows x64 arch:x64

3b1f2acaf99643ae95db5789c844503d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

TlsAlloc
HeapReAlloc
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WriteConsoleW
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gasai_cracked/misc/Geolilte.mmdb
gasai_cracked/misc/gasaiselfbot.png
.png
gasai_cracked/misc/img.jpg
.jpg
gasai_cracked/misc/spoofed_profiles.json
gasai_cracked/misc/tags.json
gasai_cracked/misc/yuno.ico
gasai_cracked/notifications.json
gasai_cracked/overseer/aliases.json
gasai_cracked/overseer/giveaways.json
gasai_cracked/overseer/mimic_data.json
gasai_cracked/overseer/server_blacklist.json
gasai_cracked/overseer/servers.json
gasai_cracked/overseer/ssh.json
gasai_cracked/overseer/users.json
gasai_cracked/overseer/watching.json
gasai_cracked/overseer/webhooks.json
gasai_cracked/themes/default_theme.json
pyarmor obfed src/Gasai.py
pyarmor obfed src/pytransform/__init__.py
pyarmor obfed src/pytransform/__pycache__/__init__.cpython-310.pyc
pyarmor obfed src/pytransform/_pytransform.dll
.dll windows:4 windows x64 arch:x64

0f7a3d01e95a1b06e9ee00e9ffd63a4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

iphlpapi

GetAdaptersAddresses
GetNetworkParams

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FlushViewOfFile
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock

msvcrt

__iob_func
_access
_amsg_exit
_errno
_exit
_get_osfhandle
_initterm
_lock
_snprintf
_snwprintf
_stat64
_strdup
_time64
_unlock
_vsnprintf
_waccess
_wfopen
abort
atof
calloc
clock
exit
fclose
fopen
fprintf
fputc
fread
free
fseek
ftell
fwprintf
fwrite
getenv
isprint
isxdigit
malloc
memcmp
memcpy
memmove
memset
putc
qsort
raise
rand
realloc
signal
sprintf
srand
strchr
strcmp
strerror
strlen
strncmp
strncpy
strrchr
strstr
toupper
vfprintf
wcscpy

user32

MessageBoxW
wsprintfA

ws2_32

inet_ntoa

Exports

Exports

assert_armored
clean_obj
encode_capsule_key_file
encrypt_code_object
encrypt_files
encrypt_project_files
exec_file
generate_license_key
generate_project_license_files
get_error_msg
get_expired_days
get_hd_info
get_registration_code
import_module
init_module
init_runtime
set_option
show_hd_info
version_info

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bbecc8e9f9f17b0ea9cc3899b15e5cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 266KB - Virtual size: 265KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2KB - Virtual size: 3KB

Size: 3KB - Virtual size: 7KB

Size: 512B - Virtual size: 1KB

Size: 512B - Virtual size: 456B

Size: 512B - Virtual size: 248B

Size: 512B - Virtual size: 52B

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 2.9MB - Virtual size: 2.9MB

3b1f2acaf99643ae95db5789c844503d

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 67KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 2KB - Virtual size: 1KB

0f7a3d01e95a1b06e9ee00e9ffd63a4f

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 600KB

.data Size: 384KB - Virtual size: 384KB

.rdata Size: 123KB - Virtual size: 123KB

.pdata Size: 10KB - Virtual size: 9KB

.xdata Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 45KB

.edata Size: 1024B - Virtual size: 555B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 688B

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 266KB - Virtual size: 265KB

.reloc
Size: 2KB - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 600KB - Virtual size: 600KB

.data
Size: 384KB - Virtual size: 384KB

.rdata
Size: 123KB - Virtual size: 123KB

.pdata
Size: 10KB - Virtual size: 9KB

.xdata
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 45KB

.edata
Size: 1024B - Virtual size: 555B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 688B