Static task
static1
General
-
Target
Domain.zip
-
Size
840KB
-
MD5
44181a804c3e38f3c735b1b6efb8d5db
-
SHA1
e8bc080643287a971690e4e0d9f3b87b348013ba
-
SHA256
d4c8845ab6a2415b48bf5539f0d912f4d4f61e898e4e1c839c56784aae3631d2
-
SHA512
ff8ff0d0ab5e049d60b758482d079bab3e7c5e2094358276ec9e448899139e017052d8830c00dea5d900ff069f8a65b0ee9587c5e855c6106f0fbd9e03a418c6
-
SSDEEP
12288:YaylcKeBSY17yDr0dYT52ryZIDCtq1jp4r/ww0hfcJ+jxIe2/EhkXblJ2h/E:ilSsYMqryHtAayoaxIe2/EOXblJ2h/E
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Domain/bin/rbxcompile.exe
Files
-
Domain.zip.zip
-
Domain/.git/COMMIT_EDITMSG
-
Domain/.git/FETCH_HEAD
-
Domain/.git/HEAD
-
Domain/.git/ORIG_HEAD
-
Domain/.git/config
-
Domain/.git/description
-
Domain/.git/hooks/applypatch-msg.sample.sh linux
-
Domain/.git/hooks/commit-msg.sample.sh linux
-
Domain/.git/hooks/fsmonitor-watchman.sample.sh linux
-
Domain/.git/hooks/post-update.sample.sh linux
-
Domain/.git/hooks/pre-applypatch.sample.sh linux
-
Domain/.git/hooks/pre-commit.sample.sh linux
-
Domain/.git/hooks/pre-merge-commit.sample.sh linux
-
Domain/.git/hooks/pre-push.sample.sh linux
-
Domain/.git/hooks/pre-rebase.sample.sh linux
-
Domain/.git/hooks/pre-receive.sample.sh linux
-
Domain/.git/hooks/prepare-commit-msg.sample.sh linux
-
Domain/.git/hooks/push-to-checkout.sample.sh linux
-
Domain/.git/hooks/update.sample.sh linux
-
Domain/.git/index
-
Domain/.git/info/exclude
-
Domain/.git/logs/HEAD
-
Domain/.git/logs/refs/heads/main
-
Domain/.git/logs/refs/remotes/origin/HEAD
-
Domain/.git/logs/refs/remotes/origin/main
-
Domain/.git/objects/05/98ed44979d63a638f30a0a0592f6301de2ef76
-
Domain/.git/objects/08/8a76d22356e6af489f598b0d6ded84d0a91ba9
-
Domain/.git/objects/08/ad3d22a4808128f52453f32cd85243795e51b8
-
Domain/.git/objects/08/f0cf368e6a564d39bfc41ef47e32c7e626d41b
-
Domain/.git/objects/0a/cc25c33ed48b6cc17f8bb67eccde8e1d245155
-
Domain/.git/objects/0d/569037e0a6d58490cfe9a5be697c6e9c9a8252
-
Domain/.git/objects/14/ae3421a5581706e80ffb1eecf6c879634d759d
-
Domain/.git/objects/17/58dddccea2b3b02d21228a0d06a45a35c0d861
-
Domain/.git/objects/1b/fd628fcf5dbc1863ecc5a2543b795ded6fc662
-
Domain/.git/objects/1c/1b5e3e5fc3dfbc06e4cfa0176958da87f3773f
-
Domain/.git/objects/1d/906e4fee28a7f56142702c14a12ea4b9b13729
-
Domain/.git/objects/2d/ad6e8da68492f67205333a5723e740fa561621
-
Domain/.git/objects/2e/0666979135e671e8a02524a06b202d1da92876
-
Domain/.git/objects/34/855d91f42bb1ce3487ea7b77351af7df3618dd
-
Domain/.git/objects/39/4672e77ad5de2f1a38f05df22170325e1208e0
-
Domain/.git/objects/3e/23a4fd8b40db22ba57433284b70812b7ebd88f
-
Domain/.git/objects/40/53a2160460779b9c324f84c43c3f02db568671
-
Domain/.git/objects/42/429ddaa02e0bf9b6e757b2c7547bc34dca6b5e
-
Domain/.git/objects/4f/a0c2cae7fff09f9aca1c7d9062feb03294d36a
-
Domain/.git/objects/55/11cb18f31c62ba0903586f60b1dc7da17d017b
-
Domain/.git/objects/56/749c830e6a7dee4812f62215c7f689d791d8c7
-
Domain/.git/objects/57/a7001dfe4d187299f1b4e175d015f2381d3739
-
Domain/.git/objects/64/ecbdca3a1ca871d1dedc284ea8d0c2e17e938c
-
Domain/.git/objects/6b/a910bf187c35f4907f31cc2b8e8dbd68e3aacc
-
Domain/.git/objects/6c/841e0d01c44646b65db56b08c21cc51ce7603c
-
Domain/.git/objects/6f/41efe74329c1efe13166de5261add6485d95f4
-
Domain/.git/objects/6f/805c9b2ab1c74737a4db95068fdbd45363c265
-
Domain/.git/objects/71/d2b71d9b7f646f7bcf5e3c1f94c704181f87cd
-
Domain/.git/objects/72/92c5c410cf813e6188f1201f1a613efa0240d2
-
Domain/.git/objects/79/4ede9c31cb2bf25373d38d2f64a89171b6c75d
-
Domain/.git/objects/80/04096d87eb5f21209308b1f05b850af67be152
-
Domain/.git/objects/87/011d52ee8eb19ada649120c06c018bae90b30d
-
Domain/.git/objects/8e/9d0543f62289a08fb6160eb9474fba2af76f9f
-
Domain/.git/objects/8f/7fe217b1b9aa775dda46abf7e0df3cb2ab5b2c
-
Domain/.git/objects/91/3222fbcc09f4750070bbf2974336cb6e33fc1d
-
Domain/.git/objects/91/e40e9f0f68f701bbae02c4a019e4df4346c3c1
-
Domain/.git/objects/93/3a5edf63a1c9fc8d5cdae6db87feabed0e6bb3
-
Domain/.git/objects/99/90ec4ab5305f49bb61888709376e1e1125b68a
-
Domain/.git/objects/9c/d72aa941214d4cb8522dda34eb12cf878e3e8b
-
Domain/.git/objects/a1/d12ecabc3d141c3f24e2c45b48840913bbb9f0
-
Domain/.git/objects/a2/eeee9987eddf7bf686d59a9fff118a743e1d88
-
Domain/.git/objects/a5/16ab5f3c881f6afedce016cc1543af624aaf0a
-
Domain/.git/objects/a9/e0b10939c4c7f7d96373124d60a834c8c1e831
-
Domain/.git/objects/ab/ebfd9802d5847ad975eefef209f8434d84fad9
-
Domain/.git/objects/ae/e5e6e848da588b55cf72e6deeac651257737ad
-
Domain/.git/objects/b0/6a192e47c7867bd299624e16886bb1c87e72f0
-
Domain/.git/objects/b8/23a5666fac7bcabe63cace17f92906eecf139e
-
Domain/.git/objects/bc/516b7068e4e85312ac6bfa776c9a4c1161a896
-
Domain/.git/objects/c9/595a7e46d69c4ee3b2a01660bd865f34e56530
-
Domain/.git/objects/cc/468d4e35e598c2ab7095b4b058520035ad3668
-
Domain/.git/objects/cd/da764ea12963a9e2a82350791c6ae343cb4fa8
-
Domain/.git/objects/d4/7edc3d542337ae631f0940620b60901a88d9f5
-
Domain/.git/objects/d5/be6b98835bef79d370c2965cd9a280b2f3aa44
-
Domain/.git/objects/d8/6b645da8f0776e8d188e71480a225487f63374
-
Domain/.git/objects/df/9caac305b89e0146f9d8e271283380961f84ad
-
Domain/.git/objects/e3/f1e9b791c84fce95fe992dc246e9e2286c84ed
-
Domain/.git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
-
Domain/.git/objects/ea/cb3be5597dded0c5c2676abbf640347de5bcf3
-
Domain/.git/objects/f1/85660bf5dd9f1eaa81f63aaef217a0a71114b9
-
Domain/.git/objects/fb/f470f354ae193c17c7a89fd53ba9816eff4076
-
Domain/.git/refs/heads/main
-
Domain/.git/refs/remotes/origin/HEAD
-
Domain/.git/refs/remotes/origin/main
-
Domain/bin/__pycache__/domainapi.cpython-311.pyc
-
Domain/bin/__pycache__/domainapi.cpython-312.pyc
-
Domain/bin/__pycache__/domainbackend.cpython-311.pyc
-
Domain/bin/__pycache__/domainbackend.cpython-312.pyc
-
Domain/bin/__pycache__/octal.cpython-311.pyc
-
Domain/bin/__pycache__/octal.cpython-312.pyc
-
Domain/bin/assets/ui.html.html .js polyglot
-
Domain/bin/b.bin
-
Domain/bin/clientVersion.bin
-
Domain/bin/domainapi.py
-
Domain/bin/domainbackend-p.py
-
Domain/bin/domainbackend.py
-
Domain/bin/domainui.pyw
-
Domain/bin/gameOffset.bin
-
Domain/bin/octal.py
-
Domain/bin/rbxcompile.exe.exe windows:6 windows x64 arch:x64
9a635fb923af8cb7ebdc1fde59b9e8ab
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WakeAllConditionVariable
CloseHandle
GetLastError
WaitForSingleObject
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
msvcp140
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?flags@ios_base@std@@QEBAHXZ
??0_Lockit@std@@QEAA@H@Z
?setf@ios_base@std@@QEAAHHH@Z
?good@ios_base@std@@QEBA_NXZ
vcruntime140
_purecall
__current_exception
__C_specific_handler
memset
memmove
memcpy
memcmp
memchr
__std_terminate
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__current_exception_context
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_exit
_initialize_narrow_environment
api-ms-win-crt-convert-l1-1-0
strtol
strtoull
atoi
strtod
api-ms-win-crt-stdio-l1-1-0
_set_fmode
fclose
__stdio_common_vsprintf
_get_stream_buffer_pointers
fsetpos
ungetc
setvbuf
fwrite
_fseeki64
fflush
fread
fputc
fgetpos
fgetc
__p__commode
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-math-l1-1-0
fmod
log
log10
log2
cosh
sinh
sqrt
tan
tanh
cos
ceil
atan2
atan
exp
asin
acos
round
_dsign
ldexp
pow
sin
__setusermatherr
floor
api-ms-win-crt-string-l1-1-0
strnlen
strcmp
api-ms-win-crt-heap-l1-1-0
free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 521KB - Virtual size: 521KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Domain/domain.py