FlipMods-TooManyEmotes-2[.]2[.]5[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FlipMods-TooManyEmotes-2.2.5.zip
Size

104.6MB
MD5

17d7d63efe023077be036cea77ce29db
SHA1

7e15b54cb663990ba6ee534d59267af0c4eef278
SHA256

e6e0f12d1ca1a4ce8e2a5ff95f5b777fec391815e93b635773b9eeddbc1ba8e2
SHA512

728a39c518d9959179a0391c960d486df3bec42fbe9c48902f7e39d7acdce2727ec7bbd9f8b6938b2e86ddc8a565c014cc6ff4b3c18d6e016aaf61698d9e87ee
SSDEEP

3145728:6oZLR31yGHu83s3MfKXEnQrXVX3ys0c6NE:6oZBFX34uaVXmE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugins/TooManyEmotes.dll

Files

FlipMods-TooManyEmotes-2.2.5.zip
.zip

Password: infected
CHANGELOG.md
README.md
icon.png
.png

Password: infected
manifest.json
plugins/Assets/compressed_audio
plugins/Assets/compressed_audio_dmca
plugins/Assets/emote_props
plugins/Assets/emotes_0
plugins/Assets/emotes_1
plugins/Assets/emotes_2
plugins/Assets/emotes_3
plugins/Assets/emotes_complementary
plugins/Assets/emotes_special
plugins/Assets/misc
plugins/Assets/radial_menu
plugins/TooManyEmotes.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\cmoor\source\repos\TooManyEmotes\TooManyEmotes\obj\Debug\TooManyEmotes.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ