BFHSoft[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BFHSoft.rar
Size

4.5MB
MD5

2797bd9d0679a4dbf1a7b2882cc7dbb6
SHA1

e374d9fdb3bc56c09ec6c7b9879859f4f3b72662
SHA256

1156df9560851f8fa8bd9b0efafb76babfe9e77cf8ce5d7693421dd57391d991
SHA512

6533999b0d6168df92fefbc37b012a395da9e1b25c12bb8b9f15297e0ebea5bf43c6b3d0629c3e870754df153b0ad36d775819a8adb16a74336ea3f86d20f41f
SSDEEP

98304:qCEe7EVeSmZMbU5f8Bl9Dsu7Lel3zCKOxr5g4PAaArVJF3:qCEe7ZGblBexzg1PAaArVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LauncherBFH-Last.exe
unpack001/mainf.dll

Files

BFHSoft.rar
.rar

Password: free
AntiCheatDisabler
GameCheck/GameInject
GameCheck/GameMenu
GameCheck/GameStatus
GameDetect
Launcher.dll
.dll windows:6 windows x64 arch:x64

Password: free

3706de3acac2c92e06c3693f522ba68e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14-07-2021 00:00

Not After

18-07-2024 23:59

Subject

CN=Unity Technologies ApS,OU=Developer Services,O=Unity Technologies ApS,L=København,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1a
Signer

Actual PE Digest

c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build\output\Unity-Technologies\mono\msvc\build\boehm\x64\bin\Release\mono-2.0-bdwgc.pdb

Imports

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
select
__WSAFDIsSet
htons
getnameinfo
getaddrinfo
freeaddrinfo
WSAStartup
WSASend
WSASetLastError
recvfrom
WSARecv
sendto
accept
send
socket
connect
recv
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
shutdown
listen
WSASocketW
inet_pton
getpeername
getsockname
ntohs
gethostname
getsockopt
htonl
setsockopt
WSAWaitForMultipleEvents
WSACleanup
getprotobyname

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemFree

oleaut32

SysStringLen
SafeArrayPutElement
SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SysAllocStringLen
SafeArrayDestroy
SafeArrayPtrOfIndex
SafeArrayGetDim

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

CreateProcessWithLogonW
GetEffectiveRightsFromAclW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
OpenProcessToken
FreeSid
DuplicateToken
GetLengthSid
BuildTrusteeWithSidW
OpenThreadToken
LookupAccountSidW
GetTokenInformation
EventWriteTransfer
EventRegister
EventUnregister
RevertToSelf
ImpersonateLoggedOnUser

winmm

timeGetDevCaps
timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod

kernel32

IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
SetFilePointerEx
ReadConsoleW
FreeLibraryAndExitThread
GetConsoleCP
GetTimeZoneInformation
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetStdHandle
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetConsoleOutputCP
RtlPcToFileHeader
GetUserDefaultLCID
TlsGetValue
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSection
SetUnhandledExceptionFilter
AcquireSRWLockShared
AddVectoredExceptionHandler
ReleaseSRWLockShared
RemoveVectoredExceptionHandler
CreateFileA
SetThreadStackGuarantee
EnumSystemLocalesW
HeapReAlloc
SetConsoleCtrlHandler
WideCharToMultiByte
MoveFileExW
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetProcessHeap
GetStringTypeW
WriteConsoleW
HeapSize
EncodePointer
ResumeThread
MultiByteToWideChar
FreeConsole
GetExitCodeProcess
GetProcessTimes
SetProcessWorkingSetSize
CreateProcessW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
Sleep
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
SetEnvironmentVariableW
GetLocaleInfoEx
GetEnvironmentVariableW
GetLastError
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
K32GetModuleFileNameExW
FormatMessageW
K32GetModuleBaseNameW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
K32EnumProcessModules
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfoExW
HeapCreate
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TlsAlloc
HeapAlloc
HeapDestroy
InitializeSRWLock
SetLastError
SetErrorMode
LoadLibraryExW
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
CloseHandle
GetSystemInfo
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetSystemTimes
GetCurrentProcessId
GetTickCount64
GetSystemTimeAsFileTime
IsDebuggerPresent
SleepConditionVariableCS
TryEnterCriticalSection
WakeConditionVariable
InitializeConditionVariable
DeleteCriticalSection
SleepConditionVariableSRW
ReleaseSemaphore
CreateSemaphoreW
TlsSetValue
WakeAllConditionVariable
DuplicateHandle
TlsFree
CancelIo
GetCurrentProcessorNumberEx
FlushProcessWriteBuffers
WaitForSingleObject
GetCurrentThreadId
SuspendThread
RtlUnwind
ExitThread
CancelSynchronousIo
GetCurrentThread
CreateThread
QueueUserAPC
SwitchToThread
GetThreadContext
SetThreadContext
OpenThread
GlobalMemoryStatusEx
CreateEventW
SetEvent
ResetEvent
SignalObjectAndWait
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SleepEx
GetCommandLineW
CreateFileW
GetSystemDirectoryW
DisableThreadLibraryCalls
GetFileSize
ExitProcess
GetVersionExW
SetThreadPriority
GetFileInformationByHandleEx
SetHandleInformation
OpenFileMappingW
GetFileAttributesExW
FlushViewOfFile
DeleteFileW
GetConsoleMode
CreateDirectoryW
ReadFile
GetVolumeInformationW
GetFileSizeEx
GetStdHandle
WriteFile
RemoveDirectoryW
SetFileTime
LockFile
CreatePipe
SetFilePointer
SetEndOfFile
SetFileAttributesW
GetLogicalDriveStringsW
FileTimeToSystemTime
GetDiskFreeSpaceExW
CancelIoEx
UnlockFile
SetCurrentDirectoryW
ReplaceFileW
CopyFileW
GetFileType
MoveFileW
GetDriveTypeW
FlushFileBuffers
FreeEnvironmentStringsW
OutputDebugStringW
GetComputerNameW
GetEnvironmentStringsW
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateMutexW
ReleaseMutex
OpenMutexW
OpenSemaphoreW
OpenEventW
GetProcessWorkingSetSize
SetPriorityClass
TerminateProcess
GetProcessId
OpenProcess
VerLanguageNameW
K32GetModuleInformation
K32EnumProcesses
GetPriorityClass

user32

WaitForInputIdle
MsgWaitForMultipleObjectsEx
EnumWindows
IsWindowVisible
GetWindow
GetWindowThreadProcessId
MessageBoxA
MessageBoxW
SendMessageTimeoutW

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetKnownFolderPath

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompress
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
BrotliDecoderErrorString
BrotliDecoderGetErrorCode
BrotliDecoderHasMoreOutput
BrotliDecoderIsFinished
BrotliDecoderIsUsed
BrotliDecoderSetParameter
BrotliDecoderTakeOutput
BrotliDecoderVersion
BrotliEncoderCompress
BrotliEncoderCompressStream
BrotliEncoderCreateInstance
BrotliEncoderDestroyInstance
BrotliEncoderHasMoreOutput
BrotliEncoderIsFinished
BrotliEncoderMaxCompressedSize
BrotliEncoderSetParameter
BrotliEncoderTakeOutput
BrotliEncoderVersion
BrotliGetDictionary
BrotliSetDictionaryData
MonoFixupCorEE
burst_mono_install_hooks
burst_mono_simulate_burst_debug_domain_reload
burst_mono_update_tracking_pointers
mini_get_debug_options
mini_parse_debug_option
mono_add_internal_call
mono_add_internal_call_internal
mono_add_internal_call_with_flags
mono_aot_register_module
mono_array_addr_with_size
mono_array_class_get
mono_array_clone
mono_array_element_size
mono_array_length
mono_array_new
mono_array_new_full
mono_array_new_specific
mono_assemblies_cleanup
mono_assemblies_init
mono_assembly_addref
mono_assembly_close
mono_assembly_fill_assembly_name
mono_assembly_foreach
mono_assembly_get_assemblyref
mono_assembly_get_image
mono_assembly_get_image_internal
mono_assembly_get_main
mono_assembly_get_name
mono_assembly_get_name_internal
mono_assembly_get_object
mono_assembly_getrootdir
mono_assembly_invoke_load_hook
mono_assembly_invoke_search_hook
mono_assembly_load
mono_assembly_load_from
mono_assembly_load_from_full
mono_assembly_load_full
mono_assembly_load_full_alc
mono_assembly_load_module
mono_assembly_load_module_checked
mono_assembly_load_reference
mono_assembly_load_references
mono_assembly_load_with_partial_name
mono_assembly_loaded
mono_assembly_loaded_full
mono_assembly_name_free
mono_assembly_name_get_culture
mono_assembly_name_get_name
mono_assembly_name_get_pubkeytoken
mono_assembly_name_get_version
mono_assembly_name_new
mono_assembly_name_parse
mono_assembly_names_equal
mono_assembly_open
mono_assembly_open_full
mono_assembly_set_main
mono_assembly_setrootdir
mono_bitset_alloc_size
mono_bitset_clear
mono_bitset_clear_all
mono_bitset_clone
mono_bitset_copyto
mono_bitset_count
mono_bitset_equal
mono_bitset_find_first
mono_bitset_find_first_unset
mono_bitset_find_last
mono_bitset_find_start
mono_bitset_foreach
mono_bitset_free
mono_bitset_intersection
mono_bitset_intersection_2
mono_bitset_invert
mono_bitset_mem_new
mono_bitset_new
mono_bitset_set
mono_bitset_set_all
mono_bitset_size
mono_bitset_sub
mono_bitset_test
mono_bitset_test_bulk
mono_bitset_union
mono_bounded_array_class_get
mono_breakpoint_clean_code
mono_build_date
mono_callspec_cleanup
mono_callspec_eval
mono_callspec_eval_exception
mono_callspec_parse
mono_check_corlib_version
mono_class_array_element_size
mono_class_data_size
mono_class_describe_statics
mono_class_enum_basetype
mono_class_from_generic_parameter
mono_class_from_mono_type
mono_class_from_mono_type_internal
mono_class_from_name
mono_class_from_name_case
mono_class_from_typeref
mono_class_from_typeref_checked
mono_class_get
mono_class_get_byref_type
mono_class_get_checked
mono_class_get_context
mono_class_get_element_class
mono_class_get_event_token
mono_class_get_events
mono_class_get_field
mono_class_get_field_from_name
mono_class_get_field_token
mono_class_get_fields
mono_class_get_flags
mono_class_get_full
mono_class_get_image
mono_class_get_interfaces
mono_class_get_method_from_name
mono_class_get_method_from_name_flags
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nested_types
mono_class_get_nesting_type
mono_class_get_nullable_param
mono_class_get_parent
mono_class_get_properties
mono_class_get_property_from_name
mono_class_get_property_token
mono_class_get_rank
mono_class_get_type
mono_class_get_type_token
mono_class_get_userdata
mono_class_get_userdata_offset
mono_class_implements_interface
mono_class_inflate_generic_method
mono_class_inflate_generic_type
mono_class_init
mono_class_instance_size
mono_class_interface_offset
mono_class_is_assignable_from
mono_class_is_blittable
mono_class_is_delegate
mono_class_is_enum
mono_class_is_generic
mono_class_is_inflated
mono_class_is_nullable
mono_class_is_subclass_of
mono_class_is_valid_enum
mono_class_is_valuetype
mono_class_min_align
mono_class_name_from_token
mono_class_num_events
mono_class_num_fields
mono_class_num_methods
mono_class_num_properties
mono_class_set_userdata
mono_class_value_size
mono_class_vtable
mono_cli_rva_image_map
mono_compile_method
mono_conc_hashtable_destroy
mono_conc_hashtable_foreach
mono_conc_hashtable_foreach_steal
mono_conc_hashtable_insert
mono_conc_hashtable_lookup
mono_conc_hashtable_new
mono_conc_hashtable_new_full
mono_conc_hashtable_remove
mono_config_cleanup
mono_config_for_assembly
mono_config_get_cpu
mono_config_get_os
mono_config_get_wordsize
mono_config_is_server_mode
mono_config_parse
mono_config_parse_memory
mono_config_set_server_mode
mono_config_string_for_assembly_file
mono_context_get
mono_context_get_desc
mono_context_get_domain_id
mono_context_get_id
mono_context_init
mono_context_set
mono_counter_get_name
mono_counter_get_section
mono_counter_get_size
mono_counter_get_type
mono_counter_get_unit
mono_counter_get_variance
mono_counters_cleanup
mono_counters_dump
mono_counters_enable
mono_counters_foreach
mono_counters_init
mono_counters_on_register
mono_counters_register
mono_counters_register_with_size
mono_counters_sample
mono_cpu_count
mono_cpu_features_disabled
mono_cpu_features_enabled
mono_create_new_bundled_satellite_assembly
mono_custom_attrs_construct
mono_custom_attrs_free
mono_custom_attrs_from_assembly
mono_custom_attrs_from_class
mono_custom_attrs_from_event
mono_custom_attrs_from_field
mono_custom_attrs_from_index
mono_custom_attrs_from_method
mono_custom_attrs_from_param
mono_custom_attrs_from_property
mono_custom_attrs_get_attr
mono_custom_attrs_get_attrs
mono_custom_attrs_has_attr
mono_dangerous_add_raw_internal_call
mono_debug_add_delegate_trampoline
mono_debug_add_method
mono_debug_cleanup
mono_debug_close_image
mono_debug_close_mono_symbol_file
mono_debug_domain_create
mono_debug_domain_unload
mono_debug_enabled
mono_debug_find_method
mono_debug_free_locals
mono_debug_free_method_jit_info
mono_debug_free_source_location
mono_debug_get_handle
mono_debug_il_offset_from_address
mono_debug_init
mono_debug_lookup_locals
mono_debug_lookup_method
mono_debug_lookup_method_addresses
mono_debug_lookup_source_location
mono_debug_lookup_source_location_by_il
mono_debug_method_lookup_location
mono_debug_open_image_from_memory
mono_debug_open_mono_symbols
mono_debug_print_stack_frame
mono_debug_print_vars
mono_debug_remove_method
mono_debug_symfile_free_location
mono_debug_symfile_is_loaded
mono_debug_symfile_lookup_locals
mono_debug_symfile_lookup_location
mono_debug_symfile_lookup_method
mono_debugger_agent_init
mono_debugger_agent_parse_options
mono_debugger_agent_register_transport
mono_debugger_agent_transport_handshake
mono_debugger_disconnect
mono_debugger_get_generate_debug_info
mono_debugger_insert_breakpoint
mono_debugger_install_attach_detach_callback
mono_debugger_method_has_breakpoint
mono_debugger_run_finally
mono_debugger_set_generate_debug_info
mono_declsec_flags_from_assembly
mono_declsec_flags_from_class
mono_declsec_flags_from_method
mono_declsec_get_assembly_action
mono_declsec_get_class_action
mono_declsec_get_demands
mono_declsec_get_inheritdemands_class
mono_declsec_get_inheritdemands_method
mono_declsec_get_linkdemands
mono_declsec_get_method_action
mono_digest_get_public_token
mono_disasm_code
mono_disasm_code_one
mono_dl_fallback_register
mono_dl_fallback_unregister
mono_dllmap_insert
mono_domain_assembly_foreach
mono_domain_assembly_open
mono_domain_create
mono_domain_create_appdomain
mono_domain_ensure_entry_assembly
mono_domain_finalize
mono_domain_foreach
mono_domain_free
mono_domain_from_appdomain
mono_domain_get
mono_domain_get_by_id
mono_domain_get_friendly_name
mono_domain_get_id
mono_domain_has_type_resolve
mono_domain_is_unloading
mono_domain_jit_foreach
mono_domain_owns_vtable_slot
mono_domain_set
mono_domain_set_config
mono_domain_set_internal
mono_domain_try_type_resolve
mono_domain_try_unload
mono_domain_unload
mono_ee_api_version
mono_ee_interp_init
mono_environment_exitcode_get
mono_environment_exitcode_set
mono_error_cleanup
mono_error_get_error_code
mono_error_get_message
mono_error_init
mono_error_init_flags
mono_error_ok
mono_escape_uri_string
mono_event_get_add_method
mono_event_get_flags
mono_event_get_name
mono_event_get_object
mono_event_get_parent
mono_event_get_raise_method
mono_event_get_remove_method
mono_exception_from_name
mono_exception_from_name_domain
mono_exception_from_name_msg
mono_exception_from_name_two_strings
mono_exception_from_token
mono_exception_from_token_two_strings
mono_exception_walk_trace
mono_field_from_token
mono_field_full_name
mono_field_get_data
mono_field_get_flags
mono_field_get_name
mono_field_get_object
mono_field_get_offset
mono_field_get_parent
mono_field_get_type
mono_field_get_value
mono_field_get_value_object
mono_field_set_value
mono_field_static_get_value
mono_field_static_set_value
mono_file_map
mono_file_map_close
mono_file_map_error
mono_file_map_fd
mono_file_map_open
mono_file_map_size
mono_file_unmap
mono_free
mono_free_bstr
mono_free_method
mono_free_verify_list
mono_g_hash_table_destroy
mono_g_hash_table_find
mono_g_hash_table_foreach
mono_g_hash_table_foreach_remove
mono_g_hash_table_insert
mono_g_hash_table_lookup
mono_g_hash_table_lookup_extended
mono_g_hash_table_new_type
mono_g_hash_table_print_stats
mono_g_hash_table_remove
mono_g_hash_table_replace
mono_g_hash_table_size
mono_gc_collect
mono_gc_collect_a_little
mono_gc_collection_count
mono_gc_finalize_notify
mono_gc_get_generation
mono_gc_get_heap_size
mono_gc_get_max_time_slice_ns
mono_gc_get_used_size
mono_gc_init_finalizer_thread
mono_gc_invoke_finalizers
mono_gc_is_incremental
mono_gc_max_generation
mono_gc_pending_finalizers
mono_gc_reference_queue_add
mono_gc_reference_queue_free
mono_gc_reference_queue_new
mono_gc_register_finalizer_callbacks
mono_gc_register_root
mono_gc_set_incremental
mono_gc_set_max_time_slice_ns
mono_gc_start_incremental_collection
mono_gc_toggleref_add
mono_gc_toggleref_register_callback
mono_gc_walk_heap
mono_gc_wbarrier_arrayref_copy
mono_gc_wbarrier_generic_nostore
mono_gc_wbarrier_generic_store
mono_gc_wbarrier_generic_store_atomic
mono_gc_wbarrier_object_copy
mono_gc_wbarrier_set_arrayref
mono_gc_wbarrier_set_field
mono_gc_wbarrier_value_copy
mono_gchandle_free
mono_gchandle_free_v2
mono_gchandle_get_target
mono_gchandle_get_target_v2
mono_gchandle_is_in_domain
mono_gchandle_is_in_domain_v2
mono_gchandle_new
mono_gchandle_new_v2
mono_gchandle_new_weakref
mono_gchandle_new_weakref_v2
mono_get_array_class
mono_get_boolean_class
mono_get_byte_class
mono_get_char_class
mono_get_config_dir
mono_get_corlib
mono_get_dbnull_object
mono_get_delegate_begin_invoke
mono_get_delegate_end_invoke
mono_get_delegate_invoke
mono_get_double_class
mono_get_enum_class
mono_get_exception_appdomain_unloaded
mono_get_exception_argument
mono_get_exception_argument_null
mono_get_exception_argument_out_of_range
mono_get_exception_arithmetic
mono_get_exception_array_type_mismatch
mono_get_exception_bad_image_format
mono_get_exception_bad_image_format2
mono_get_exception_cannot_unload_appdomain
mono_get_exception_class
mono_get_exception_divide_by_zero
mono_get_exception_execution_engine
mono_get_exception_field_access
mono_get_exception_file_not_found
mono_get_exception_file_not_found2
mono_get_exception_index_out_of_range
mono_get_exception_invalid_cast
mono_get_exception_invalid_operation
mono_get_exception_io
mono_get_exception_method_access
mono_get_exception_missing_field
mono_get_exception_missing_method
mono_get_exception_not_implemented
mono_get_exception_not_supported
mono_get_exception_null_reference
mono_get_exception_out_of_memory
mono_get_exception_overflow
mono_get_exception_reflection_type_load
mono_get_exception_runtime_wrapped
mono_get_exception_security
mono_get_exception_serialization
mono_get_exception_stack_overflow
mono_get_exception_synchronization_lock
mono_get_exception_thread_abort
mono_get_exception_thread_interrupted
mono_get_exception_thread_state
mono_get_exception_type_initialization
mono_get_exception_type_load
mono_get_find_plugin_callback
mono_get_inflated_method
mono_get_int16_class
mono_get_int32_class
mono_get_int64_class
mono_get_intptr_class
mono_get_machine_config
mono_get_method
mono_get_method_constrained
mono_get_method_full
mono_get_object_class
mono_get_root_domain
mono_get_runtime_build_info
mono_get_sbyte_class
mono_get_single_class
mono_get_string_class
mono_get_thread_class
mono_get_uint16_class
mono_get_uint32_class
mono_get_uint64_class
mono_get_uintptr_class
mono_get_void_class
mono_guid_to_string

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LauncherBFH-Last.exe
.exe windows:4 windows x86 arch:x86

Password: free

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\86155\source\repos\AAAAAAA\AAAAAAA\obj\Release\AAAAAAA.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Updater/Updater
Updater/web.config
.xml
config
mainf.dll
.dll windows:4 windows x86 arch:x86

Password: free

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\86155\source\repos\AAAAAAA\mainf\obj\Release\mainf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mconfig/config.xml
.xml

Sharing

General

Malware Config

Signatures

Files

Password: free

Password: free

3706de3acac2c92e06c3693f522ba68e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52Certificate

Extended Key Usages

Key Usages

c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

ws2_32

ole32

oleaut32

version

advapi32

winmm

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 15KB - Virtual size: 2.8MB

.pdata Size: 222KB - Virtual size: 221KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

Password: free

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 712KB - Virtual size: 712KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

Password: free

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0f:7c:5a:5e:06:2a:bd:ba:fc:be:1e:c6:3d:4c:30:52
Certificate

c5:75:0f:62:c3:7f:6f:18:93:5f:b0:60:7a:0f:8f:a4:d8:58:d8:1a
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 15KB - Virtual size: 2.8MB

.pdata
Size: 222KB - Virtual size: 221KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 712KB - Virtual size: 712KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B