SpongebobNoSleep[.]zip

Resubmissions

29/08/2024, 02:16

240829-cqgems1anl 10

29/08/2024, 02:10

240829-clt5yaycrb 10

Sharing

Copy URL Twitter E-mail

General

Target

SpongebobNoSleep.zip
Size

21.3MB
MD5

560b86535f0e965a00810ba75f1c7725
SHA1

8f52994f512c508c0ac6197cb9d89ababc0a4624
SHA256

6eed2abf44686e0b41cd0e62e56fc3b01ba5db1b73488cd50c969c02a735be92
SHA512

3cda9b4415562ac6e9ddacc7e420318502dd3c3103f4ea10bb7c1880cec86ba11c678b1850e91f550c0f9b8674269846b80c30563965cd7d5412f3045b5a740f
SSDEEP

393216:CgqjEYVa75S/Hi59+P2Rz3Py8BNu0c5K05WGe2W0oKhWH3BolOVqcqS4RbDfNjV:Cg1Oa75SPI8P2Rz3KmAble2Logo3BY0u

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SpongebobNoSleep.exe	upx
static1/unpack001/previous versions/HorrorBob2.exe	upx
static1/unpack001/previous versions/SpongebobFuck.exe	upx
static1/unpack001/previous versions/horrorbob.exe	upx
static1/unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe	upx
static1/unpack001/source/MBR - Note Builder.exe	upx

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SpongebobNoSleep.exe
unpack001/previous versions/HorrorBob2.exe
unpack001/previous versions/SpongebobFuck.exe
unpack001/previous versions/horrorbob.exe
unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
unpack001/source/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
unpack001/source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
unpack001/source/MBR - Note Builder.exe
unpack007/out.upx
unpack001/source/RSOD/RSOD/bin/Debug/LogonUI.exe
unpack001/source/RSOD/RSOD/obj/Debug/RSOD.exe
unpack001/source/gdifuncs.exe
unpack001/source/gdifuncs/gdifuncs/bin/Release/gdifuncs.exe
unpack001/source/gdifuncs/gdifuncs/obj/Release/gdifuncs.exe
unpack001/source/mbr.exe

Files

SpongebobNoSleep.zip
.zip
SpongebobNoSleep.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
previous versions/HorrorBob2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
previous versions/Readme.txt
previous versions/SpongebobFuck.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
previous versions/horrorbob.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 23.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 396KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/Bat To Exe Converter/help.chm
.chm
source/Bat To Exe Converter/settings.ini
source/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/.vs/Logon_overwriter/v16/.suo
source/Logon_overwriter/Logon_overwriter.sln
source/Logon_overwriter/Logon_overwriter/Form1.Designer.cs
source/Logon_overwriter/Logon_overwriter/Form1.cs
.js
source/Logon_overwriter/Logon_overwriter/Form1.resx
.vbs
source/Logon_overwriter/Logon_overwriter/Logon_overwriter.csproj
source/Logon_overwriter/Logon_overwriter/Program.cs
source/Logon_overwriter/Logon_overwriter/Properties/AssemblyInfo.cs
source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.cs
.vbs
source/Logon_overwriter/Logon_overwriter/Properties/Resources.resx
.vbs
source/Logon_overwriter/Logon_overwriter/Properties/Settings.Designer.cs
source/Logon_overwriter/Logon_overwriter/Properties/Settings.settings
source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/app.manifest
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.pdb
source/Logon_overwriter/Logon_overwriter/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
source/Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferences.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Logon.resources
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Properties.Resources.resources
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.CoreCompileInputs.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.FileListAbsolute.txt
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.GenerateResource.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csprojAssemblyReference.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.pdb
source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/MBR - Note Builder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/RSOD/.vs/RSOD/v16/.suo
source/RSOD/RSOD.sln
source/RSOD/RSOD/Form1.Designer.cs
source/RSOD/RSOD/Form1.cs
source/RSOD/RSOD/Form1.resx
.vbs
source/RSOD/RSOD/Program.cs
source/RSOD/RSOD/Properties/AssemblyInfo.cs
source/RSOD/RSOD/Properties/Resources.Designer.cs
.vbs
source/RSOD/RSOD/Properties/Resources.resx
.vbs
source/RSOD/RSOD/Properties/Settings.Designer.cs
source/RSOD/RSOD/Properties/Settings.settings
source/RSOD/RSOD/RSOD.csproj
source/RSOD/RSOD/bin/Debug/LogonUI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/RSOD/RSOD/bin/Debug/RSOD.pdb
source/RSOD/RSOD/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
source/RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferences.cache
source/RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
source/RSOD/RSOD/obj/Debug/RSOD.Properties.Resources.resources
source/RSOD/RSOD/obj/Debug/RSOD.RSOD.resources
source/RSOD/RSOD/obj/Debug/RSOD.csproj.CoreCompileInputs.cache
source/RSOD/RSOD/obj/Debug/RSOD.csproj.FileListAbsolute.txt
source/RSOD/RSOD/obj/Debug/RSOD.csproj.GenerateResource.cache
source/RSOD/RSOD/obj/Debug/RSOD.csprojAssemblyReference.cache
source/RSOD/RSOD/obj/Debug/RSOD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/RSOD/RSOD/obj/Debug/RSOD.pdb
source/SpongebobNoSleep.cmd
source/bg.bmp
source/gdifuncs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/gdifuncs/gdifuncs.sln
source/gdifuncs/gdifuncs/MainForm.Designer.cs
source/gdifuncs/gdifuncs/MainForm.cs
source/gdifuncs/gdifuncs/MainForm.resx
.vbs
source/gdifuncs/gdifuncs/Program.cs
source/gdifuncs/gdifuncs/Properties/AssemblyInfo.cs
source/gdifuncs/gdifuncs/app.config
source/gdifuncs/gdifuncs/app.manifest
source/gdifuncs/gdifuncs/bin/Release/gdifuncs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/gdifuncs/gdifuncs/bin/Release/gdifuncs.exe.config
source/gdifuncs/gdifuncs/bob.jpg
.jpg
source/gdifuncs/gdifuncs/gdifuncs.OpenCover.Settings
source/gdifuncs/gdifuncs/gdifuncs.csproj
source/gdifuncs/gdifuncs/majorsgui.Designer.cs
source/gdifuncs/gdifuncs/majorsgui.cs
source/gdifuncs/gdifuncs/majorsgui.resx
.vbs
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.MainForm.resources
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.csproj.FileListAbsolute.txt
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.csproj.GenerateResource.Cache
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.csprojResolveAssemblyReference.cache
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.majorsgui.resources
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.pinksavage.resources
source/gdifuncs/gdifuncs/obj/Release/gdifuncs.protection64.resources
source/gdifuncs/gdifuncs/pinksavage.Designer.cs
source/gdifuncs/gdifuncs/pinksavage.cs
source/gdifuncs/gdifuncs/pinksavage.resx
.vbs
source/gdifuncs/gdifuncs/protection64.Designer.cs
source/gdifuncs/gdifuncs/protection64.cs
source/gdifuncs/gdifuncs/protection64.resx
.vbs
source/mbr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/texticon.ico

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 364KB - Virtual size: 368KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.3MB

UPX1 Size: 11.9MB - Virtual size: 11.9MB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 212KB - Virtual size: 216KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 23.1MB

UPX1 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 548KB

UPX1 Size: 396KB - Virtual size: 400KB

.rsrc Size: 47KB - Virtual size: 48KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 364KB - Virtual size: 368KB

UPX0
Size: - Virtual size: 3.3MB

UPX1
Size: 11.9MB - Virtual size: 11.9MB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 212KB - Virtual size: 216KB

UPX0
Size: - Virtual size: 23.1MB

UPX1
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 548KB

UPX1
Size: 396KB - Virtual size: 400KB

.rsrc
Size: 47KB - Virtual size: 48KB

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 476KB

UPX1
Size: 283KB - Virtual size: 284KB

.rsrc
Size: 19KB - Virtual size: 20KB

CODE
Size: 506KB - Virtual size: 505KB

DATA
Size: 17KB - Virtual size: 17KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 162KB - Virtual size: 162KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 108KB - Virtual size: 106KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B