debotnet[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

debotnet.zip
Size

1.5MB
MD5

f6953c99f45e39b36621e0397a177941
SHA1

8b64faafb47a15f3d2369c499ad95a46df616d99
SHA256

40365b0f155ccf7e56ff96f4339b7e578a66cbdcff6e8141c252175c351ff5ef
SHA512

f345ede630508c896eb8bc394b70b9046d9024c7864020ffdb80c2589df35f08e3e36551c320d3467beb02373ec5dab9195632d56cfcebec5ec0638e50c08e80
SSDEEP

24576:J+/ihql/NvZV6KAqZneFNsP46q1xg5UMbJS02GfHPc6v/3EgvRZq09fQGxT:J5odNhVHZeoP46qdM1wGfHhvNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debotnet.exe

Files

debotnet.zip
.zip
Debotnet.exe
.exe windows:4 windows x86 arch:x86

4f9607e656e1052070f69ab9d8704e21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
__vbaBoolStr
__vbaStrBool
__vbaVarForInit
__vbaExitProc
__vbaForEachCollObj
__vbaObjSet
ord595
__vbaOnError
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
ord520
__vbaForEachCollVar
__vbaBoolVar
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
ord631
ord525
ord632
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaR4Str
__vbaNextEachCollVar
ord561
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
ord670
_adj_fpatan
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaInStr
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
ord650
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/Debotnet Centaur.design
bin/Debotnet Dark.design
bin/Debotnet Modern.design
bin/Debotnet Plinius.design
bin/Debotnet Retro .design
bin/Debotnet.design
bin/Norton Commander.design
bin/Terminus.design
bin/The Goat Theme.design
bin/Visual Studio Dark.design
bin/Windows PowerShell.design
bin/Windows Terminal.design
bin/debotnet.ico
bin/wget.exe
.exe windows:4 windows x86 arch:x86

fe8f0bebf787f35580b2866a83df1c53

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c
Signer

Actual PE Digest

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c

Digest Algorithm

sha256

PE Digest Matches

true

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2
Signer

Actual PE Digest

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersA
CryptExportKey
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextFileA
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chmod
_close
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fmode
_fstati64
_get_osfhandle
_getch
_getpid
_initterm
_iob
_isctype
_lock
_lseeki64
_mkdir
_onexit
_open
_open_osfhandle
_setmode
_snwprintf
_stat
time
localtime
gmtime
_stati64
_stricmp
_strnicmp
_telli64
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
puts
qsort
raise
rand
realloc
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_unlock
_wfopen
_wopen
_write
abort
atoi
time
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcsstr
wcstombs
_snprintf
_vsnprintf
_write
_utime
_unlink
_strdup
_read
_open
_isatty
_getpid
_fileno
_fdopen
_dup
_close
_chmod

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

user32

DispatchMessageA
GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
ReleaseDC
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scripts/#start/#Try Privatezilla (Replacement for Debotnet).ds1
scripts/#start/Block automatic Installation of apps.ds1
scripts/#start/Clean-up Windows (Advanced).ds1
scripts/#start/Clean-up Windows (Normal).ds1
scripts/#start/Create a System Restore Point.ds1
scripts/#start/Disable Clipboard history.ds1
scripts/#start/Disable Compatibility Telemetry.ds1
scripts/#start/Disable Diagnostics Tracking Service.ds1
scripts/#start/Disable Input Personalization.ds1
scripts/#start/Disable Location tracking.ds1
scripts/#start/Disable OneDrive everywhere.ds1
scripts/#start/Disable Scheduled tasks (Advanced).ds1
scripts/#start/Disable Sync.ds1
scripts/#start/Disable Telemetry.ds1
scripts/#start/Disable Timeline history.ds1
scripts/#start/Disable Wi-Fi Sense.ds1
scripts/#start/Disable Windows Error reporting.ds1
scripts/#start/Disable Windows Hello Biometrics.ds1
scripts/#start/Disable app notifications.ds1
scripts/#start/Disable performance tracking tool.ds1
scripts/#start/Disable web search in start menu.ds1
scripts/#start/No License checking.ds1
scripts/#start/No Windows Tips.ds1
scripts/#start/Opt out of CEIP.ds1
scripts/#start/Opt out of HEIP.ds1
scripts/#start/Prevent using diagnostic data.ds1
scripts/#start/Remove Telemetry (Advanced).ds1
scripts/#start/Turn off Windows spotlight features.ds1
scripts/#start/Turn off ad tracking.ds1
scripts/#start/Turn off ads in Settings app.ds1
scripts/bloatware/(AIO) Remove all apps.ds1
scripts/bloatware/3D Builder.ds1
scripts/bloatware/3D Viewer.ds1
scripts/bloatware/Adobe Photoshop Express.ds1
scripts/bloatware/Alarms & Clock.ds1
scripts/bloatware/App Connector.ds1
scripts/bloatware/App Resolver UX.ds1
scripts/bloatware/Asphalt 8 Airborne.ds1
scripts/bloatware/Calculator.ds1
scripts/bloatware/Camera.ds1
scripts/bloatware/Candy Crush Soda Saga.ds1
scripts/bloatware/Code Writer.ds1
scripts/bloatware/Contact Support.ds1
scripts/bloatware/Dolby Access.ds1
scripts/bloatware/Drawboard PDF.ds1
scripts/bloatware/Eclipse Manager.ds1
scripts/bloatware/Facebook.ds1
scripts/bloatware/Farm Heroes Saga.ds1
scripts/bloatware/Feedback Hub.ds1
scripts/bloatware/File Explorer.ds1
scripts/bloatware/Flipboard.ds1
scripts/bloatware/Game bar.ds1
scripts/bloatware/Get Help.ds1
scripts/bloatware/Groove Music.ds1
scripts/bloatware/Hello Setup UI.ds1
scripts/bloatware/Mail and Calendar.ds1
scripts/bloatware/Maps.ds1
scripts/bloatware/March of Empires.ds1
scripts/bloatware/Messaging.ds1
scripts/bloatware/Microsoft Advertising.ds1
scripts/bloatware/Microsoft News.ds1
scripts/bloatware/Microsoft Solitaire Collection.ds1
scripts/bloatware/Microsoft Store.ds1
scripts/bloatware/Microsoft To-Do.ds1
scripts/bloatware/Microsoft Whiteboard.ds1
scripts/bloatware/Microsoft Wi-Fi.ds1
scripts/bloatware/MinecraftUWP.ds1
scripts/bloatware/Mixed Reality Portal.ds1
scripts/bloatware/Mobile Plans.ds1
scripts/bloatware/Movies & TV.ds1
scripts/bloatware/Netflix.ds1
scripts/bloatware/Network Speed Test.ds1
scripts/bloatware/Notepad.ds1
scripts/bloatware/Office.ds1
scripts/bloatware/OneNote.ds1
scripts/bloatware/Paint 3D.ds1
scripts/bloatware/Pandora.ds1
scripts/bloatware/People.ds1
scripts/bloatware/Phone Companion.ds1
scripts/bloatware/Phone.ds1
scripts/bloatware/Photos.ds1
scripts/bloatware/Print 3D.ds1
scripts/bloatware/Remote Desktop.ds1
scripts/bloatware/Scan.ds1
scripts/bloatware/Settings.ds1
scripts/bloatware/Shazam.ds1
scripts/bloatware/Sketch Book.ds1
scripts/bloatware/Skype.ds1
scripts/bloatware/Snip & Sketch.ds1
scripts/bloatware/Sports.ds1
scripts/bloatware/Spotify.ds1
scripts/bloatware/Sticky Notes.ds1
scripts/bloatware/Store Purchase App.ds1
scripts/bloatware/Sway.ds1
scripts/bloatware/Tips.ds1
scripts/bloatware/Twitter.ds1
scripts/bloatware/View 3D Preview.ds1
scripts/bloatware/Voice Recorder.ds1
scripts/bloatware/Weather.ds1
scripts/bloatware/XING.ds1
scripts/bloatware/Xbox (Beta).ds1
scripts/bloatware/Xbox Game Speech Window.ds1
scripts/bloatware/Xbox.ds1
scripts/bloatware/Your Phone.ds1
scripts/bloatware/Zune.ds1
scripts/chocolatey software/(Core) Installing Chocolatey.ds1
.ps1
scripts/chocolatey software/7-Zip.ds1
scripts/chocolatey software/Adobe Acrobat Reader DC.ds1
scripts/chocolatey software/AdwCleaner.ds1
scripts/chocolatey software/Atom.ds1
scripts/chocolatey software/Audacity.ds1
scripts/chocolatey software/BleachBit.ds1
scripts/chocolatey software/CCleaner.ds1
scripts/chocolatey software/CDBurnerXP.ds1
scripts/chocolatey software/Chrome.ds1
scripts/chocolatey software/CloneApp.ds1
scripts/chocolatey software/Debotnet.ds1
scripts/chocolatey software/FileZilla.ds1
scripts/chocolatey software/Firefox.ds1
scripts/chocolatey software/GIMP.ds1
scripts/chocolatey software/GeekUninstaller.ds1
scripts/chocolatey software/Git.ds1
scripts/chocolatey software/GitHub.ds1
scripts/chocolatey software/Greenshot.ds1
scripts/chocolatey software/IrfanView.ds1
scripts/chocolatey software/JDownloader.ds1
scripts/chocolatey software/KeePass.ds1
scripts/chocolatey software/Kodi.ds1
scripts/chocolatey software/Mozilla Thunderbird.ds1
scripts/chocolatey software/MusicBee.ds1
scripts/chocolatey software/Notepad++.ds1
scripts/chocolatey software/Opera.ds1
scripts/chocolatey software/PDF Creator.ds1
scripts/chocolatey software/Patch My PC.ds1
scripts/chocolatey software/PrivaZer.ds1
scripts/chocolatey software/Putty.ds1
scripts/chocolatey software/Q-Dir.ds1
scripts/chocolatey software/SublimeText3.ds1
scripts/chocolatey software/TeamViewer.ds1
scripts/chocolatey software/Tor Browser Bundle.ds1
scripts/chocolatey software/Total Commander.ds1
scripts/chocolatey software/VLC.ds1
scripts/chocolatey software/VirtualBox.ds1
scripts/chocolatey software/WinRAR.ds1
scripts/chocolatey software/Wireshark.ds1
scripts/cortana/Disable Bing in Start Menu.ds1
scripts/cortana/Disable Cortana (20H1).ds1
scripts/cortana/Disable Cortana (Current).ds1
scripts/cortana/Remove Cortana.ds1
scripts/debloat windows 10/1. Block tracking domains.ds1
scripts/debloat windows 10/2. Disable services.ds1
scripts/debloat windows 10/3. Remove default apps.ds1
scripts/debloat windows 10/4. Remove OneDrive.ds1
scripts/debloat windows 10/5. Restart Computer.ds1
scripts/debloat windows 10/Windows10Debloater by Sycnex.ds1
scripts/edge/Block third party cookies in Edge.ds1
scripts/edge/Disable AutoFill for credit cards in Edge.ds1
scripts/edge/Disable SmartScreen Filter in Edge.ds1
scripts/edge/Disable favorites bar in Edge.ds1
scripts/edge/Disable search suggestions in Edge.ds1
scripts/edge/Disable synchronization of data in Edge.ds1
scripts/edge/Neutralize Microsoft Edge.ds1
scripts/edge/Prevent Edge from running in background.ds1
scripts/edge/Prevent Installing Edge Chrome.ds1
scripts/edge/desktop.ini
scripts/gaming/Disable Game Bar features.ds1
scripts/gaming/Disable Logitech Gaming service.ds1
scripts/gaming/Disable Razer Game Scanner service.ds1
scripts/gaming/Opt-out nVidia telemetry.ds1
scripts/iso downloader/Create bootable USB flash drive.ds1
scripts/iso downloader/Download Windows 10 ISO with MCT Wrapper.ds1
scripts/iso downloader/Download Windows 10 ISO with PowerShell.ds1
scripts/iso downloader/Windows 10, version 1909 Pro x64.ds1
scripts/iso downloader/Windows 10, version 1909 Pro x86.ds1
scripts/miscellaneous/Comparison of Windows Privacy Tools.ds1
scripts/miscellaneous/Download Wim Tweak.ds1
scripts/ninite apps/(Example) Create Multiple Installer.ds1
scripts/ninite apps/7-Zip.ds1
scripts/ninite apps/AIMP.ds1
scripts/ninite apps/Audacity.ds1
scripts/ninite apps/Avira.ds1
scripts/ninite apps/Blender.ds1
scripts/ninite apps/CDBurnerXP.ds1
scripts/ninite apps/Classic Start.ds1
scripts/ninite apps/Combined Community Codec Pack.ds1
scripts/ninite apps/CutePDF.ds1
scripts/ninite apps/Discord.ds1
scripts/ninite apps/Dropbox.ds1
scripts/ninite apps/Eclipse.ds1
scripts/ninite apps/Essentials.ds1
scripts/ninite apps/Evernote.ds1
scripts/ninite apps/Everything.ds1
scripts/ninite apps/FastStone.ds1
scripts/ninite apps/FileZilla.ds1
scripts/ninite apps/Foxit Reader.ds1
scripts/ninite apps/GIMP.ds1
scripts/ninite apps/GOM Player.ds1
scripts/ninite apps/Glary.ds1
scripts/ninite apps/Google Chrome.ds1
scripts/ninite apps/Google Earth.ds1
scripts/ninite apps/Greenshot.ds1
scripts/ninite apps/HandBrake.ds1
scripts/ninite apps/ImgBurn.ds1
scripts/ninite apps/InfraRecorder.ds1
scripts/ninite apps/Inkscape.ds1
scripts/ninite apps/IrfanView.ds1
scripts/ninite apps/Java (AdoptOpenJDK) Runtime 11 x64.ds1
scripts/ninite apps/Java (AdoptOpenJDK) Runtime 8 x32.ds1
scripts/ninite apps/Java (AdoptOpenJDK) Runtime 8 x64.ds1
scripts/ninite apps/K-Lite Codecs.ds1
scripts/ninite apps/KeePass 2.ds1
scripts/ninite apps/Krita.ds1
scripts/ninite apps/Launchy.ds1
scripts/ninite apps/LibreOffice.ds1
scripts/ninite apps/Malwarebytes.ds1
scripts/ninite apps/MediaMonkey.ds1
scripts/ninite apps/Microsoft .NET 4.8.ds1
scripts/ninite apps/Mozilla Firefox.ds1
scripts/ninite apps/MusicBee.ds1
scripts/ninite apps/NonVisual Desktop Access.ds1
scripts/ninite apps/Notepad++.ds1
scripts/ninite apps/OneDrive.ds1
scripts/ninite apps/OpenOffice.ds1
scripts/ninite apps/Opera.ds1
scripts/ninite apps/PDFCreator.ds1
scripts/ninite apps/Paint.NET.ds1
scripts/ninite apps/PeaZip.ds1
scripts/ninite apps/Pidgin.ds1
scripts/ninite apps/PuTTY.ds1
scripts/ninite apps/Python.ds1
scripts/ninite apps/RealVNC.ds1
scripts/ninite apps/Revo Uninstaller.ds1
scripts/ninite apps/SUPERAntiSpyware.ds1
scripts/ninite apps/ShareX.ds1
scripts/ninite apps/Skype.ds1
scripts/ninite apps/Spotify.ds1
scripts/ninite apps/Spybot 2.ds1
scripts/ninite apps/Steam.ds1
scripts/ninite apps/SugarSync.ds1
scripts/ninite apps/SumatraPDF.ds1
scripts/ninite apps/TeamViewer.ds1
scripts/ninite apps/TeraCopy.ds1
scripts/ninite apps/Thunderbird.ds1
scripts/ninite apps/Trillian.ds1
scripts/ninite apps/VLC.ds1
scripts/ninite apps/Visual Studio Code.ds1
scripts/ninite apps/WinDirStat.ds1
scripts/ninite apps/WinMerge.ds1
scripts/ninite apps/WinRAR.ds1
scripts/ninite apps/WinSCP.ds1
scripts/ninite apps/Winamp.ds1
scripts/ninite apps/XnView.ds1
scripts/ninite apps/foobar2000.ds1
scripts/ninite apps/qBittorrent.ds1
scripts/pimp apps/Enhance CCleaner with Winapp2.ini.ds1
scripts/privacy/Disable app access to account info.ds1
scripts/privacy/Disable app access to calendar.ds1
scripts/privacy/Disable app access to call history.ds1
scripts/privacy/Disable app access to call.ds1
scripts/privacy/Disable app access to contacts.ds1
scripts/privacy/Disable app access to diagnostic information.ds1
scripts/privacy/Disable app access to documents.ds1
scripts/privacy/Disable app access to email.ds1
scripts/privacy/Disable app access to file system.ds1
scripts/privacy/Disable app access to location.ds1
scripts/privacy/Disable app access to messaging.ds1
scripts/privacy/Disable app access to microphone.ds1
scripts/privacy/Disable app access to motion.ds1
scripts/privacy/Disable app access to notifications.ds1
scripts/privacy/Disable app access to other devices.ds1
scripts/privacy/Disable app access to pictures.ds1
scripts/privacy/Disable app access to radios.ds1
scripts/privacy/Disable app access to tasks.ds1
scripts/privacy/Disable app access to videos.ds1
scripts/privacy/Disable app access to webcam.ds1
scripts/privacy/Disable apps from running in background.ds1
scripts/privacy/Disable tracking of app starts.ds1
scripts/privacy/Disable user data synchronization.ds1
scripts/privacy/Open privacy settings.ds1
scripts/security/Disable Windows Media DRM Internet Access.ds1
scripts/security/Disable password reveal button.ds1
scripts/slim/Disable Reserved Storage.ds1
scripts/slim/Disable System Restore.ds1
scripts/slim/Uninstall Software.ds1
scripts/third-party/Block Chrome Software Reporter Tool.ds1
scripts/third-party/Disable Acrobat Reader online service.ds1
scripts/third-party/Disable CCleaner Health Check.ds1
scripts/third-party/Disable CCleaner Monitoring & more.ds1
scripts/third-party/Disable Dropbox Update service.ds1
scripts/third-party/Disable Google update service.ds1
scripts/third-party/Disable Media Player telemetry.ds1
scripts/third-party/Disable Microsoft Office telemetry.ds1
scripts/third-party/Disable Microsoft Windows Live ID service.ds1
scripts/third-party/Disable Mozilla Firefox telemetry.ds1
scripts/third-party/Disable Visual Studio telemetry.ds1
scripts/update/Delay feature updates.ds1
scripts/update/Download Store app updates.ds1
scripts/update/Download Windows updates.ds1
scripts/update/Manage Windows updates.ds1
scripts/update/No more forced driver updates.ds1
scripts/update/No more forced updates.ds1
scripts/update/Patch Windows apps.ds1
scripts/update/Turn off Windows updates sharing.ds1
scripts/windows defender/Disable Windows Defender Real-time Protection.ds1
scripts/windows defender/Disable Windows Defender.ds1
scripts/windows defender/Enable Windows Defender PUA.ds1
scripts/windows defender/Remove Windows Defender.ds1

Sharing

General

Malware Config

Signatures

Files

4f9607e656e1052070f69ab9d8704e21

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 268KB - Virtual size: 267KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 368KB - Virtual size: 365KB

fe8f0bebf787f35580b2866a83df1c53

Code Sign

04:7a:55Certificate

Extended Key Usages

04:7a:53Certificate

Key Usages

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1Certificate

Extended Key Usages

Key Usages

04:7a:53Certificate

Key Usages

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1Certificate

Extended Key Usages

Key Usages

04:7a:55Certificate

Extended Key Usages

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3cSigner

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2Signer

Headers

File Characteristics

Imports

advapi32

crypt32

gdi32

kernel32

msvcrt

ole32

user32

ws2_32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.data Size: 60KB - Virtual size: 59KB

.rdata Size: 649KB - Virtual size: 648KB

.bss Size: - Virtual size: 41KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 512B - Virtual size: 20B

.text
Size: 268KB - Virtual size: 267KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 368KB - Virtual size: 365KB

04:7a:55
Certificate

04:7a:53
Certificate

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

04:7a:53
Certificate

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

04:7a:55
Certificate

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c
Signer

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 60KB - Virtual size: 59KB

.rdata
Size: 649KB - Virtual size: 648KB

.bss
Size: - Virtual size: 41KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 512B - Virtual size: 20B