E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Spoofer Valorant C#\Bypass Valorant TPM\SpooferAtualizado\SpooferAtualizado\obj\Release\01010101.pdb
Static task
static1
General
-
Target
System32.exe
-
Size
3.0MB
-
MD5
e3bff589ddc242382d4c2bed7b148036
-
SHA1
bb446839b08ac9a65582af2ef2619ddc0aefae19
-
SHA256
fd89e744de4dfbedbdead51a0dafd5bf3e2722f361509abf2446e2a36482375a
-
SHA512
e7caa6eee3524f952ccc51a7c7a372d6e4ee050b7d29a6d3a7b138556f3c2c558db0f801347ec1193840829e8050acbebe4a407007706fdb367418d476e80611
-
SSDEEP
49152:oGnGJEZOIGB5E9308K6YW2qiTo+pWswnrqkqXfd+/9ATrgBWBKH8jkDVFCNXODzr:oGnGH1KBJ2RoqWTnrqkqXf0F9+KH4kp5
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule sample disable_win_def -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource System32.exe
Files
-
System32.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 264KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ