General
-
Target
Venom.zip
-
Size
35.6MB
-
MD5
734c630084d64554527fe900188ba69f
-
SHA1
9e4661f0bf162817f339b55a45cc076e2d14c9e1
-
SHA256
0f0adc8b3ff11637c98d64990ba4017fbcdc2cbf88b36f999e7f6448a64fbaba
-
SHA512
72f4ebd62e58c9495a5d3676d931912d4387d3507000ebebcc194f174d97db876871d058ecce59e40925b8f874dc0d2a4fc849f297f4e7220f7d3594c7d9b206
-
SSDEEP
786432:fsw3w2PSYYnDgmSnnz4injRQT1lxLFfy64bClJXZdmb46S20u:f5pJYDazTnulLfrYypdq3HB
Score
8/10
Malware Config
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with macros.
Files
-
Venom.zip
-
RIP EAC.sln
-
RIP EAC/230x0w.ico
-
RIP EAC/DiamorphineGuard.h
-
RIP EAC/DiamorphineGuard.lib
-
RIP EAC/Driver.hpp
-
RIP EAC/Func Spoofer.h
-
RIP EAC/Loading/APIs.cpp
-
RIP EAC/Loading/APIs.h
-
RIP EAC/Loading/ApiTypeDefs.cpp
-
RIP EAC/Loading/ApiTypeDefs.h
-
RIP EAC/Loading/Common.cpp
-
RIP EAC/Loading/Common.h
-
RIP EAC/Loading/Utils.cpp
-
RIP EAC/Loading/Utils.h
-
RIP EAC/Loading/VersionHelpers.h
-
RIP EAC/Loading/WinStructs.h
-
RIP EAC/Loading/log.cpp
-
RIP EAC/Loading/log.h
-
RIP EAC/Loading/pch.h
-
RIP EAC/Loading/winapifamily.h
-
RIP EAC/RIP EAC.APS
-
RIP EAC/RIP EAC.cpp
-
RIP EAC/RIP EAC.rc
-
RIP EAC/RIP EAC.vcxproj
-
RIP EAC/RIP EAC.vcxproj.filters
-
RIP EAC/RIP EAC.vcxproj.user
-
RIP EAC/String Hider 2.h
-
RIP EAC/String Hider.h
-
RIP EAC/auth.hpp
-
RIP EAC/burbank.h
-
RIP EAC/colorss.h
-
RIP EAC/defines.h
-
RIP EAC/draw.h
-
RIP EAC/fonts.h
-
RIP EAC/grdv/binary/bytes.h
-
RIP EAC/grdv/binary/dropper.h
-
RIP EAC/grdv/exploit/pe.cpp
-
RIP EAC/grdv/exploit/swind2.cpp
-
RIP EAC/grdv/global.h
-
RIP EAC/grdv/hde/hde64.c
-
RIP EAC/grdv/hde/hde64.h
-
RIP EAC/grdv/hde/table64.h
-
RIP EAC/grdv/resource.h
-
RIP EAC/grdv/utils/ntdll.h
-
RIP EAC/gui/imconfig.h
-
RIP EAC/gui/imgui.cpp
-
RIP EAC/gui/imgui.h
-
RIP EAC/gui/imgui_draw.cpp
-
RIP EAC/gui/imgui_freetype.cpp
-
RIP EAC/gui/imgui_freetype.h
-
RIP EAC/gui/imgui_impl_dx11.cpp
-
RIP EAC/gui/imgui_impl_dx11.h
-
RIP EAC/gui/imgui_impl_win32.cpp
-
RIP EAC/gui/imgui_impl_win32.h
-
RIP EAC/gui/imgui_internal.h
-
RIP EAC/gui/imgui_settings.h
-
RIP EAC/gui/imgui_tables.cpp
-
RIP EAC/gui/imgui_tricks.hpp
-
RIP EAC/gui/imgui_widgets.cpp
-
RIP EAC/gui/imstb_rectpack.h
-
RIP EAC/gui/imstb_textedit.h
-
RIP EAC/gui/imstb_truetype.h
-
RIP EAC/gui/notification.h
-
RIP EAC/hexrays.h
-
RIP EAC/images.h
-
RIP EAC/import spoof.h
-
RIP EAC/loop.h
-
RIP EAC/math.h
-
RIP EAC/mouse.h
-
RIP EAC/protection/SDK/keygen64.h
-
RIP EAC/protection/SDK/obsidium.h
-
RIP EAC/protection/SDK/obsidium64.a
-
RIP EAC/protection/SDK/obsidium64.def
-
RIP EAC/protection/SDK/obsidium64.h
-
RIP EAC/protection/SDK/obsidiumlib.obj
-
RIP EAC/protection/antiDbg.h
-
RIP EAC/protection/anti_vm.h
-
RIP EAC/protection/auth.hpp
-
RIP EAC/protection/blowfish/blowfish.cpp
-
RIP EAC/protection/blowfish/blowfish.h
-
RIP EAC/protection/libcurl.lib
-
RIP EAC/protection/library_x64.lib
-
RIP EAC/protection/obfuscator.hpp
-
RIP EAC/protection/process.h
-
RIP EAC/protections/AntiAnalysis/pch.h
-
RIP EAC/protections/AntiAnalysis/process.cpp
-
RIP EAC/protections/AntiAnalysis/process.h
-
RIP EAC/protections/AntiDebug/BeingDebugged.cpp
-
RIP EAC/protections/AntiDebug/BeingDebugged.h
-
RIP EAC/protections/AntiDebug/CheckRemoteDebuggerPresent.cpp
-
RIP EAC/protections/AntiDebug/CheckRemoteDebuggerPresent.h
-
RIP EAC/protections/AntiDebug/CloseHandle_InvalidHandle.cpp
-
RIP EAC/protections/AntiDebug/CloseHandle_InvalidHandle.h
-
RIP EAC/protections/AntiDebug/HardwareBreakpoints.cpp
-
RIP EAC/protections/AntiDebug/HardwareBreakpoints.h
-
RIP EAC/protections/AntiDebug/Interrupt_0x2d.cpp
-
RIP EAC/protections/AntiDebug/Interrupt_0x2d.h
-
RIP EAC/protections/AntiDebug/Interrupt_3.cpp
-
RIP EAC/protections/AntiDebug/Interrupt_3.h
-
RIP EAC/protections/AntiDebug/IsDebuggerPresent.cpp
-
RIP EAC/protections/AntiDebug/IsDebuggerPresent.h
-
RIP EAC/protections/AntiDebug/LowFragmentationHeap.cpp
-
RIP EAC/protections/AntiDebug/LowFragmentationHeap.h
-
RIP EAC/protections/AntiDebug/MemoryBreakpoints_PageGuard.cpp
-
RIP EAC/protections/AntiDebug/MemoryBreakpoints_PageGuard.h
-
RIP EAC/protections/AntiDebug/ModuleBoundsHookCheck.cpp
-
RIP EAC/protections/AntiDebug/ModuleBoundsHookCheck.h
-
RIP EAC/protections/AntiDebug/NtGlobalFlag.cpp
-
RIP EAC/protections/AntiDebug/NtGlobalFlag.h
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.cpp
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugFlags.h
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.cpp
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugObject.h
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.cpp
-
RIP EAC/protections/AntiDebug/NtQueryInformationProcess_ProcessDebugPort.h
-
RIP EAC/protections/AntiDebug/NtQueryObject_AllTypesInformation.cpp
-
RIP EAC/protections/AntiDebug/NtQueryObject_ObjectInformation.h
-
RIP EAC/protections/AntiDebug/NtQueryObject_ObjectTypeInformation.cpp
-
RIP EAC/protections/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.cpp
-
RIP EAC/protections/AntiDebug/NtQuerySystemInformation_SystemKernelDebuggerInformation.h
-
RIP EAC/protections/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.cpp
-
RIP EAC/protections/AntiDebug/NtSetInformationThread_ThreadHideFromDebugger.h
-
RIP EAC/protections/AntiDebug/NtSystemDebugControl.cpp
-
RIP EAC/protections/AntiDebug/NtSystemDebugControl.h
-
RIP EAC/protections/AntiDebug/NtYieldExecution.cpp
-
RIP EAC/protections/AntiDebug/NtYieldExecution.h
-
RIP EAC/protections/AntiDebug/OutputDebugStringAPI.cpp
-
RIP EAC/protections/AntiDebug/OutputDebugStringAPI.h
-
RIP EAC/protections/AntiDebug/PageExceptionBreakpointCheck.cpp
-
RIP EAC/protections/AntiDebug/PageExceptionBreakpointCheck.h
-
RIP EAC/protections/AntiDebug/ParentProcess.cpp
-
RIP EAC/protections/AntiDebug/ParentProcess.h
-
RIP EAC/protections/AntiDebug/ProcessHeap_Flags.cpp
-
RIP EAC/protections/AntiDebug/ProcessHeap_Flags.h
-
RIP EAC/protections/AntiDebug/ProcessHeap_ForceFlags.cpp
-
RIP EAC/protections/AntiDebug/ProcessHeap_ForceFlags.h
-
RIP EAC/protections/AntiDebug/ProcessJob.cpp
-
RIP EAC/protections/AntiDebug/ProcessJob.h
-
RIP EAC/protections/AntiDebug/ScanForModules.cpp
-
RIP EAC/protections/AntiDebug/ScanForModules.h
-
RIP EAC/protections/AntiDebug/SeDebugPrivilege.cpp
-
RIP EAC/protections/AntiDebug/SeDebugPrivilege.h
-
RIP EAC/protections/AntiDebug/SetHandleInformation_API.cpp
-
RIP EAC/protections/AntiDebug/SetHandleInformation_API.h
-
RIP EAC/protections/AntiDebug/SharedUserData_KernelDebugger.cpp
-
RIP EAC/protections/AntiDebug/SharedUserData_KernelDebugger.h
-
RIP EAC/protections/AntiDebug/SoftwareBreakpoints.cpp
-
RIP EAC/protections/AntiDebug/SoftwareBreakpoints.h
-
RIP EAC/protections/AntiDebug/TLS_callbacks.cpp
-
RIP EAC/protections/AntiDebug/TLS_callbacks.h
-
RIP EAC/protections/AntiDebug/TrapFlag.cpp
-
RIP EAC/protections/AntiDebug/TrapFlag.h
-
RIP EAC/protections/AntiDebug/UnhandledExceptionFilter_Handler.cpp
-
RIP EAC/protections/AntiDebug/UnhandledExceptionFilter_Handler.h
-
RIP EAC/protections/AntiDebug/WUDF_IsDebuggerPresent.cpp
-
RIP EAC/protections/AntiDebug/WUDF_IsDebuggerPresent.h
-
RIP EAC/protections/AntiDebug/WriteWatch.cpp
-
RIP EAC/protections/AntiDebug/WriteWatch.h
-
RIP EAC/protections/AntiDebug/int2d_x64.asm
-
RIP EAC/protections/AntiDebug/pch.h
-
RIP EAC/protections/AntiDisassm/AntiDisassm.cpp
-
RIP EAC/protections/AntiDisassm/AntiDisassm.h
-
RIP EAC/protections/AntiDisassm/AntiDisassm_x64.asm
-
RIP EAC/protections/AntiDisassm/pch.h
-
RIP EAC/protections/AntiDump/ErasePEHeaderFromMemory.cpp
-
RIP EAC/protections/AntiDump/ErasePEHeaderFromMemory.h
-
RIP EAC/protections/AntiDump/SizeOfImage.cpp
-
RIP EAC/protections/AntiDump/SizeOfImage.h
-
RIP EAC/protections/AntiDump/pch.h
-
RIP EAC/protections/AntiVM/Generic.cpp
-
RIP EAC/protections/AntiVM/Generic.h
-
RIP EAC/protections/AntiVM/HyperV.cpp
-
RIP EAC/protections/AntiVM/HyperV.h
-
RIP EAC/protections/AntiVM/KVM.cpp
-
RIP EAC/protections/AntiVM/KVM.h
-
RIP EAC/protections/AntiVM/Parallels.cpp
-
RIP EAC/protections/AntiVM/Parallels.h
-
RIP EAC/protections/AntiVM/Qemu.cpp
-
RIP EAC/protections/AntiVM/Qemu.h
-
RIP EAC/protections/AntiVM/Services.cpp
-
RIP EAC/protections/AntiVM/Services.h
-
RIP EAC/protections/AntiVM/VMWare.cpp
-
RIP EAC/protections/AntiVM/VMWare.h
-
RIP EAC/protections/AntiVM/VirtualBox.cpp
-
RIP EAC/protections/AntiVM/VirtualBox.h
-
RIP EAC/protections/AntiVM/VirtualPC.cpp
-
RIP EAC/protections/AntiVM/VirtualPC.h
-
RIP EAC/protections/AntiVM/Wine.cpp
-
RIP EAC/protections/AntiVM/Wine.h
-
RIP EAC/protections/AntiVM/Xen.cpp
-
RIP EAC/protections/AntiVM/Xen.h
-
RIP EAC/protections/AntiVM/pch.h
-
RIP EAC/protections/CodeInjection/CreateRemoteThread.cpp
-
RIP EAC/protections/CodeInjection/CreateRemoteThread.h
-
RIP EAC/protections/CodeInjection/GetSetThreadContext.cpp
-
RIP EAC/protections/CodeInjection/GetSetThreadContext.h
-
RIP EAC/protections/CodeInjection/InjectedDLL/InjectedDLL.cpp
-
RIP EAC/protections/CodeInjection/InjectedDLL/InjectedDLL.h
-
RIP EAC/protections/CodeInjection/InjectedDLL/InjectedDLL.vcxproj
-
RIP EAC/protections/CodeInjection/InjectedDLL/InjectedDLL.vcxproj.filters
-
RIP EAC/protections/CodeInjection/InjectedDLL/definitions.def
-
RIP EAC/protections/CodeInjection/NtCreateThreadEx.cpp
-
RIP EAC/protections/CodeInjection/NtCreateThreadEx.h
-
RIP EAC/protections/CodeInjection/QueueUserAPC.cpp
-
RIP EAC/protections/CodeInjection/QueueUserAPC.h
-
RIP EAC/protections/CodeInjection/RtlCreateUserThread.cpp
-
RIP EAC/protections/CodeInjection/RtlCreateUserThread.h
-
RIP EAC/protections/CodeInjection/SetWindowsHooksEx.cpp
-
RIP EAC/protections/CodeInjection/SetWindowsHooksEx.h
-
RIP EAC/protections/CodeInjection/pch.h
-
RIP EAC/protections/OfficeMacro/al-khaser.docm
ThisDocument
-
RIP EAC/protections/OfficeMacro/macros.vba
-
RIP EAC/protections/TimingAttacks/pch.h
-
RIP EAC/protections/TimingAttacks/timing.cpp
-
RIP EAC/protections/TimingAttacks/timing.h
-
RIP EAC/protections/pch.cpp
-
RIP EAC/protections/pch.h
-
RIP EAC/render.h
-
RIP EAC/resource.h
-
RIP EAC/resource1.h
-
RIP EAC/utils.h
-
RIP EAC/winternal.h
-
RIP EAC/x64/Debug/APIs.obj
-
RIP EAC/x64/Debug/AntiDisassm.obj
-
RIP EAC/x64/Debug/AntiDisassm_x64.obj
-
RIP EAC/x64/Debug/ApiTypeDefs.obj
-
RIP EAC/x64/Debug/BeingDebugged.obj
-
RIP EAC/x64/Debug/CheckRemoteDebuggerPresent.obj
-
RIP EAC/x64/Debug/CloseHandle_InvalidHandle.obj
-
RIP EAC/x64/Debug/Common.obj
-
RIP EAC/x64/Debug/ErasePEHeaderFromMemory.obj
-
RIP EAC/x64/Debug/HardwareBreakpoints.obj
-
RIP EAC/x64/Debug/HyperV.obj
-
RIP EAC/x64/Debug/Interrupt_0x2d.obj
-
RIP EAC/x64/Debug/Interrupt_3.obj
-
RIP EAC/x64/Debug/IsDebuggerPresent.obj
-
RIP EAC/x64/Debug/KVM.obj
-
RIP EAC/x64/Debug/LowFragmentationHeap.obj
-
RIP EAC/x64/Debug/MemoryBreakpoints_PageGuard.obj
-
RIP EAC/x64/Debug/ModuleBoundsHookCheck.obj
-
RIP EAC/x64/Debug/NtGlobalFlag.obj
-
RIP EAC/x64/Debug/NtQueryInformationProcess_ProcessDebugFlags.obj
-
RIP EAC/x64/Debug/NtQueryInformationProcess_ProcessDebugObject.obj
-
RIP EAC/x64/Debug/NtQueryInformationProcess_ProcessDebugPort.obj
-
RIP EAC/x64/Debug/NtQueryObject_AllTypesInformation.obj
-
RIP EAC/x64/Debug/NtQueryObject_ObjectTypeInformation.obj
-
RIP EAC/x64/Debug/NtQuerySystemInformation_SystemKernelDebuggerInformation.obj
-
RIP EAC/x64/Debug/NtSetInformationThread_ThreadHideFromDebugger.obj
-
RIP EAC/x64/Debug/NtSystemDebugControl.obj
-
RIP EAC/x64/Debug/NtYieldExecution.obj
-
RIP EAC/x64/Debug/OutputDebugStringAPI.obj
-
RIP EAC/x64/Debug/Parallels.obj
-
RIP EAC/x64/Debug/ProcessHeap_Flags.obj
-
RIP EAC/x64/Debug/ProcessHeap_ForceFlags.obj
-
RIP EAC/x64/Debug/ProcessJob.obj
-
RIP EAC/x64/Debug/RIP EAC.exe.recipe
-
RIP EAC/x64/Debug/RIP EAC.log
-
RIP EAC/x64/Debug/RIP EAC.tlog/CL.command.1.tlog
-
RIP EAC/x64/Debug/RIP EAC.tlog/CL.read.1.tlog
-
RIP EAC/x64/Debug/RIP EAC.tlog/CL.write.1.tlog
-
RIP EAC/x64/Debug/RIP EAC.tlog/Masm.read.1u.tlog
-
RIP EAC/x64/Debug/RIP EAC.tlog/Masm.write.1u.tlog
-
RIP EAC/x64/Debug/RIP EAC.tlog/RIP EAC.lastbuildstate
-
RIP EAC/x64/Debug/SeDebugPrivilege.obj
-
RIP EAC/x64/Debug/SetHandleInformation_API.obj
-
RIP EAC/x64/Debug/SharedUserData_KernelDebugger.obj
-
RIP EAC/x64/Debug/SizeOfImage.obj
-
RIP EAC/x64/Debug/SoftwareBreakpoints.obj
-
RIP EAC/x64/Debug/TLS_callbacks.obj
-
RIP EAC/x64/Debug/TrapFlag.obj
-
RIP EAC/x64/Debug/UnhandledExceptionFilter_Handler.obj
-
RIP EAC/x64/Debug/WUDF_IsDebuggerPresent.obj
-
RIP EAC/x64/Debug/assert.obj
-
RIP EAC/x64/Debug/driver.obj
-
RIP EAC/x64/Debug/imgui.obj
-
RIP EAC/x64/Debug/imgui_demo.obj
-
RIP EAC/x64/Debug/imgui_draw.obj
-
RIP EAC/x64/Debug/imgui_impl_dx11.obj
-
RIP EAC/x64/Debug/imgui_impl_win32.obj
-
RIP EAC/x64/Debug/imgui_tables.obj
-
RIP EAC/x64/Debug/imgui_tricks.obj
-
RIP EAC/x64/Debug/imgui_widgets.obj
-
RIP EAC/x64/Debug/int2d_x64.obj
-
RIP EAC/x64/Debug/log.obj
-
RIP EAC/x64/Debug/pe.obj
-
RIP EAC/x64/Debug/process.obj
-
RIP EAC/x64/Debug/swind2.obj
-
RIP EAC/x64/Debug/vc143.idb
-
RIP EAC/x64/Debug/vc143.pdb
-
RIP EAC/x64/Release/IPVanish.Build.CppClean.log
-
RIP EAC/x64/Release/IPVanish.exe.recipe
-
RIP EAC/x64/Release/IPVanish.iobj
-
RIP EAC/x64/Release/IPVanish.ipdb
-
RIP EAC/x64/Release/RIP EAC.log
-
RIP EAC/x64/Release/RIP EAC.obj
-
RIP EAC/x64/Release/RIP EAC.res
-
RIP EAC/x64/Release/RIP EAC.tlog/CL.command.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/CL.read.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/CL.write.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/Cl.items.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/RIP EAC.lastbuildstate
-
RIP EAC/x64/Release/RIP EAC.tlog/link.command.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/link.read.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/link.secondary.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/link.write.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/rc.command.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/rc.read.1.tlog
-
RIP EAC/x64/Release/RIP EAC.tlog/rc.write.1.tlog
-
RIP EAC/x64/Release/driver.obj
-
RIP EAC/x64/Release/hde64.obj
-
RIP EAC/x64/Release/imgui.obj
-
RIP EAC/x64/Release/imgui_demo.obj
-
RIP EAC/x64/Release/imgui_draw.obj
-
RIP EAC/x64/Release/imgui_impl_dx11.obj
-
RIP EAC/x64/Release/imgui_impl_win32.obj
-
RIP EAC/x64/Release/imgui_tables.obj
-
RIP EAC/x64/Release/imgui_tricks.obj
-
RIP EAC/x64/Release/imgui_widgets.obj
-
RIP EAC/x64/Release/pe.obj
-
RIP EAC/x64/Release/swind2.obj
-
RIP EAC/x64/Release/vc143.pdb
-
library.lib