C:\Projects\Discord.Net\src\Discord.Net.Rest\obj\Release\net45\Discord.Net.Rest.pdb
Behavioral task
behavioral1
Sample
RedEngine_Cracked_V5_1/RedEngine Cracked/Fivem.CFX.dll
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
RedEngine_Cracked_V5_1/RedEngine Cracked/InjectAPI.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
RedEngine_Cracked_V5_1/RedEngine Cracked/WebSocket.2.1.version.dll
Resource
win11-20240802-en
General
-
Target
RedEngine_Cracked_V5_1.rar
-
Size
1.4MB
-
MD5
134689ca0917e44a74d51a1a3c2a89f2
-
SHA1
43538701963c2366b7de676b1a13ea3580517a3c
-
SHA256
1dfe3f83136031270e0d10047557c532b49a874b77bc455d6c93d356349545c7
-
SHA512
4cfd9f93f64d93df43e15e5d0d47ac0f42c0ce832fe1745c7ad0e60809b39cb532040ffd19dd1fdb772fcb9147d8f2f215233ab1fe88c9608314c2d1131fc6a9
-
SSDEEP
24576:+KC9fMa6jR1ENRM9gzLxJKojLOVHbe+Aw7Oev+PKSXUMI+aWFNF2/f+tNy:+KCaDORX336VHbuqvxSpayF2/f+tg
Malware Config
Signatures
-
resource yara_rule static1/unpack001/RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe vmprotect -
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/RedEngine_Cracked_V5_1/RedEngine Cracked/Fivem.CFX.dll unpack001/RedEngine_Cracked_V5_1/RedEngine Cracked/InjectAPI.dll unpack001/RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe unpack001/RedEngine_Cracked_V5_1/RedEngine Cracked/WebSocket.2.1.version.dll
Files
-
RedEngine_Cracked_V5_1.rar.rar
Password: Paradox#7513
-
RedEngine_Cracked_V5_1/RedEngine Cracked/Fivem.CFX.dll.dll windows:4 windows x86 arch:x86
Password: Paradox#7513
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 412KB - Virtual size: 412KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RedEngine_Cracked_V5_1/RedEngine Cracked/InjectAPI.dll.dll windows:4 windows x86 arch:x86
Password: Paradox#7513
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\exten\Documents\All Projects\RaiderCore\RaidAPI\RaidAPI\obj\Debug\RaidAPI.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe.exe windows:4 windows x86 arch:x86
Password: Paradox#7513
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 633KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 777KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RedEngine_Cracked_V5_1/RedEngine Cracked/WebSocket.2.1.version.dll.dll windows:4 windows x86 arch:x86
Password: Paradox#7513
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Projects\Discord.Net\src\Discord.Net.Core\obj\Release\net45\Discord.Net.Core.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 996B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ