ItroublveTSC-7[.]0[.]tar[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

ItroublveTSC-7.0.tar.gz
Size

7.2MB
MD5

29cc96f595893bf6ec55a692de22c8ac
SHA1

4fe5f51f29f07ecf9370549bba115f78292623bf
SHA256

5d50a212deb3b064fd28314712c9e0a21f02051829e268175df307c609c3b380
SHA512

83e875280f5fc4c582000d353df2a9249e939ee6e8316f27cd7ede90849748fd6001f942c0c8d06ece8d9fdf5aacb7ecd0fb8abed10f8566e074d69afa8522f6
SSDEEP

196608:5GADuakT42Am8KLncC4cv5YcmyIWc3S0TTgaufE:MASakk2t8KLcCFRYc9c/HgaufE

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack005/bin/Compiler/WebBrowserPassView.exe	Nirsoft
static1/unpack007/bin/Compiler/WebBrowserPassView.exe	Nirsoft

NirSoft WebBrowserPassView 2 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack005/bin/Compiler/WebBrowserPassView.exe	WebBrowserPassView
static1/unpack007/bin/Compiler/WebBrowserPassView.exe	WebBrowserPassView

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack004/ItroublveTSC-6.1/DLL and BINS/GetToken.bin
unpack004/ItroublveTSC-6.1/DLL and BINS/Mono.Cecil.dll
unpack004/ItroublveTSC-6.1/DLL and BINS/RaidAPI.dll
unpack005/bin/Compiler/WebBrowserPassView.exe
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.dll
unpack004/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.dll
unpack006/ItroublveTSC-6.1/DLL and BINS/GetToken.bin
unpack006/ItroublveTSC-6.1/DLL and BINS/Mono.Cecil.dll
unpack006/ItroublveTSC-6.1/DLL and BINS/RaidAPI.dll
unpack007/bin/Compiler/WebBrowserPassView.exe
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.dll
unpack006/ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.dll

Files

ItroublveTSC-7.0.tar.gz
.gz
sample
.tar
ItroublveTSC-7.0/LICENSE
ItroublveTSC-7.0/README.md
ItroublveTSC-7.0/Source code.tar.gz
.gz
Source code.tar
.tar
ItroublveTSC-6.1/DLL and BINS/GetToken.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Itroublve Hacker\Desktop\Token-Browser-Password-Stealer-Creator-5.0\GetToken\obj\Release\sendhookfile.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sources\cecil\obj\net_4_5_Release\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/RaidAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Itroublve Hacker\Desktop\Token Stealer 4.0 SRC+TOOL\Token Stealer 4.0 SRC\RaidAPI by ByteTools\obj\Debug\RaidAPI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/TokenStealer.bin
.vbs
ItroublveTSC-6.1/DLL and BINS/bin.rar
.rar
bin/App.config
.xml
bin/Compiler/WebBrowserPassView.exe
.exe windows:4 windows x86 arch:x86

6526bb2991df39dd134d2e134366b58f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb

Imports

msvcrt

__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
strlen
__p__commode
__p__fmode
__set_app_type
_controlfp
_itow
_wcslwr
strchr
_strlwr
_wcsupr
_wcmdln
memmove
malloc
free
_memicmp
modf
_c_exit
wcstoul
_wtoi64
strcmp
strcpy
wcsrchr
exit
_cexit
_XcptFilter
wcsncmp
_exit
_wcsnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
abs
log
_purecall
wcslen
wcscmp
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
wcscat
wcsncat
_snwprintf
_except_handler3
_onexit
__dllonexit
memchr
realloc
_gmtime64
strftime
strcat
qsort

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetSystemInfo
Sleep
GetDiskFreeSpaceA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
UnlockFile
FlushFileBuffers
LockFile
UnlockFileEx
GetModuleHandleA
GetStartupInfoW
CreateFileA
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetSystemTimeAsFileTime
GetTempPathA
EnumResourceTypesW
CreateToolhelp32Snapshot
Process32NextW
LocalFree
GetFileSize
SystemTimeToFileTime
CloseHandle
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
FileTimeToSystemTime
GetTickCount
SetFilePointerEx
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
CreateFileW
LoadResource
LockResource
SystemTimeToTzSpecificLocalTime
lstrlenW
LoadLibraryExW
lstrcpyW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
GetTempPathW
GetDateFormatW
GlobalLock
SizeofResource
FindNextFileW
GetTempFileNameW
FormatMessageW
GetFileTime
FindFirstFileW
GetVersionExW
FindClose
SetFilePointer
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
CopyFileW
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
Process32FirstW

user32

RegisterWindowMessageW
GetKeyState
DispatchMessageW
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
LoadCursorW
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
SetCursor
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SendDlgItemMessageW
GetDlgItemInt
EndDialog
SetWindowLongW
GetDlgItem
GetWindow
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadIconW
LoadImageW
GetWindowLongW
SetFocus
GetParent
SetTimer
BeginDeferWindowPos
EndDeferWindowPos
KillTimer
GetSysColor
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuItemCount
GetMenuStringW
CheckMenuRadioItem
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/Compiler/curl-ca-bundle.crt
bin/Compiler/curl.exe
.exe windows:4 windows x86 arch:x86

94d50e9c220dcd0fe83e2192746e0886

Code Sign

01
Certificate

Issuer

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Not Before

31/08/2018, 12:18

Not After

30/08/2021, 12:18

Subject

CN=curl-for-win Code Signing Authority,OU=curl-for-win Code Signing Authority,O=curl-for-win

af:42:e4:09:5d:94:1d:14
Certificate

Issuer

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Not Before

31/08/2018, 12:18

Not After

31/08/2023, 12:18

Subject

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4d
Signer

Actual PE Digest

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
PFXImportCertStore

kernel32

CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiber
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
SearchPathA
SetConsoleMode
SetEndOfFile
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__lconv_init
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_errno
_exit
_fileno
_fstati64
_get_osfhandle
_getpid
_initterm
_iob
_lseeki64
_onexit
_setmode
_snwprintf
_vsnwprintf
_wstati64
_stati64
_strdup
_stricmp
_strnicmp
_strtoi64
_sys_nerr
_vsnprintf
_waccess
_wcsdup
_wfopen
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
islower
isprint
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
difftime
printf
putchar
puts
qsort
raise
realloc
rewind
setbuf
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
vfprintf
time
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsstr
_stat
_fstat
_write
_unlink
_strdup
_setmode
_read
_open
_mkdir
_isatty
_getch
_fileno
_close

normaliz

IdnToAscii
IdnToUnicode

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_sW
ldap_err2stringA
ldap_first_attributeW
ldap_first_entry
ldap_get_dnW
ldap_get_values_lenW
ldap_initW
ldap_memfreeW
ldap_msgfree
ldap_next_attributeW
ldap_next_entry
ldap_search_sW
ldap_set_optionW
ldap_simple_bind_sW
ldap_sslinitW
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 778KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/Compiler/finalres.vbs
.vbs
bin/Compiler/finalres2.vbs
.vbs
bin/Program.cs
.js
bin/Properties/AssemblyInfo.cs
bin/Properties/Resources.Designer.cs
.vbs
bin/Properties/Resources.resx
.vbs
bin/Properties/Settings.Designer.cs
bin/Properties/Settings.settings
bin/TOKEN STEALER CREATOR.csproj
bin/TSC.sln
ItroublveTSC-6.1/GetToken/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/GetToken/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/GetToken/Properties/Resources.resources
ItroublveTSC-6.1/GetToken/Properties/Settings.Designer.cs
ItroublveTSC-6.1/GetToken/Properties/Settings.settings
ItroublveTSC-6.1/GetToken/StealerBin/API.cs
.js
ItroublveTSC-6.1/GetToken/StealerBin/Hook.cs
ItroublveTSC-6.1/GetToken/StealerBin/Steal.cs
.js
ItroublveTSC-6.1/GetToken/app.manifest
ItroublveTSC-6.1/GetToken/sendhookfile.csproj
ItroublveTSC-6.1/GetToken/sendhookfile.sln
ItroublveTSC-6.1/ItroublveTSC/DiscordFlooder/Class/Design/Rainbow/Rainbow.cs
.js
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.csproj
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.ico
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.sln
ItroublveTSC-6.1/ItroublveTSC/Mouse.cs
ItroublveTSC-6.1/ItroublveTSC/Program.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.Designer.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.resources
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Settings.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/Settings.settings
ItroublveTSC-6.1/ItroublveTSC/RoundBtn.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/app.manifest
ItroublveTSC-6.1/ItroublveTSC/frm2.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/frm2.cs
ItroublveTSC-6.1/ItroublveTSC/frm2.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/frmMain.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/frmMain.cs
.js
ItroublveTSC-6.1/ItroublveTSC/frmMain.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/packages.config
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/Mono.Cecil.0.11.3.nupkg
.nupkg
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\mdb\obj\Release\netstandard2.0\Mono.Cecil.Mdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\pdb\obj\Release\netstandard2.0\Mono.Cecil.Pdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\rocks\obj\Release\netstandard2.0\Mono.Cecil.Rocks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\Release\netstandard2.0\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.pdb
ItroublveTSC-6.1/LICENSE
ItroublveTSC-6.1/README.md
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Resources.resources
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Settings.Designer.cs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Settings.settings
ItroublveTSC-6.1/RaidAPI by ByteTools/RaidAPI.csproj
ItroublveTSC-6.1/RaidAPI by ByteTools/RaidAPI.sln
ItroublveTSC-6.1/RaidAPI by ByteTools/StealToken/Stealer.cs
ItroublveTSC-7.0/Source code.zip
.zip
ItroublveTSC-6.1/DLL and BINS/GetToken.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Itroublve Hacker\Desktop\Token-Browser-Password-Stealer-Creator-5.0\GetToken\obj\Release\sendhookfile.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sources\cecil\obj\net_4_5_Release\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/RaidAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Itroublve Hacker\Desktop\Token Stealer 4.0 SRC+TOOL\Token Stealer 4.0 SRC\RaidAPI by ByteTools\obj\Debug\RaidAPI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/DLL and BINS/TokenStealer.bin
.vbs
ItroublveTSC-6.1/DLL and BINS/bin.rar
.rar
bin/App.config
.xml
bin/Compiler/WebBrowserPassView.exe
.exe windows:4 windows x86 arch:x86

6526bb2991df39dd134d2e134366b58f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb

Imports

msvcrt

__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
strlen
__p__commode
__p__fmode
__set_app_type
_controlfp
_itow
_wcslwr
strchr
_strlwr
_wcsupr
_wcmdln
memmove
malloc
free
_memicmp
modf
_c_exit
wcstoul
_wtoi64
strcmp
strcpy
wcsrchr
exit
_cexit
_XcptFilter
wcsncmp
_exit
_wcsnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
abs
log
_purecall
wcslen
wcscmp
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
wcscat
wcsncat
_snwprintf
_except_handler3
_onexit
__dllonexit
memchr
realloc
_gmtime64
strftime
strcat
qsort

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetSystemInfo
Sleep
GetDiskFreeSpaceA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
UnlockFile
FlushFileBuffers
LockFile
UnlockFileEx
GetModuleHandleA
GetStartupInfoW
CreateFileA
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetSystemTimeAsFileTime
GetTempPathA
EnumResourceTypesW
CreateToolhelp32Snapshot
Process32NextW
LocalFree
GetFileSize
SystemTimeToFileTime
CloseHandle
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
FileTimeToSystemTime
GetTickCount
SetFilePointerEx
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
CreateFileW
LoadResource
LockResource
SystemTimeToTzSpecificLocalTime
lstrlenW
LoadLibraryExW
lstrcpyW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
GetTempPathW
GetDateFormatW
GlobalLock
SizeofResource
FindNextFileW
GetTempFileNameW
FormatMessageW
GetFileTime
FindFirstFileW
GetVersionExW
FindClose
SetFilePointer
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
CopyFileW
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
Process32FirstW

user32

RegisterWindowMessageW
GetKeyState
DispatchMessageW
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
LoadCursorW
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
SetCursor
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SendDlgItemMessageW
GetDlgItemInt
EndDialog
SetWindowLongW
GetDlgItem
GetWindow
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadIconW
LoadImageW
GetWindowLongW
SetFocus
GetParent
SetTimer
BeginDeferWindowPos
EndDeferWindowPos
KillTimer
GetSysColor
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuItemCount
GetMenuStringW
CheckMenuRadioItem
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/Compiler/curl-ca-bundle.crt
bin/Compiler/curl.exe
.exe windows:4 windows x86 arch:x86

94d50e9c220dcd0fe83e2192746e0886

Code Sign

01
Certificate

Issuer

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Not Before

31/08/2018, 12:18

Not After

30/08/2021, 12:18

Subject

CN=curl-for-win Code Signing Authority,OU=curl-for-win Code Signing Authority,O=curl-for-win

af:42:e4:09:5d:94:1d:14
Certificate

Issuer

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Not Before

31/08/2018, 12:18

Not After

31/08/2023, 12:18

Subject

CN=curl-for-win Root CA,OU=curl-for-win Root CA,O=curl-for-win

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4d
Signer

Actual PE Digest

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryW
PFXImportCertStore

kernel32

CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiber
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVersion
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
SearchPathA
SetConsoleMode
SetEndOfFile
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__lconv_init
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_errno
_exit
_fileno
_fstati64
_get_osfhandle
_getpid
_initterm
_iob
_lseeki64
_onexit
_setmode
_snwprintf
_vsnwprintf
_wstati64
_stati64
_strdup
_stricmp
_strnicmp
_strtoi64
_sys_nerr
_vsnprintf
_waccess
_wcsdup
_wfopen
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
islower
isprint
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
difftime
printf
putchar
puts
qsort
raise
realloc
rewind
setbuf
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
vfprintf
time
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsstr
_stat
_fstat
_write
_unlink
_strdup
_setmode
_read
_open
_mkdir
_isatty
_getch
_fileno
_close

normaliz

IdnToAscii
IdnToUnicode

user32

FindWindowA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

wldap32

ber_free
ldap_bind_sW
ldap_err2stringA
ldap_first_attributeW
ldap_first_entry
ldap_get_dnW
ldap_get_values_lenW
ldap_initW
ldap_memfreeW
ldap_msgfree
ldap_next_attributeW
ldap_next_entry
ldap_search_sW
ldap_set_optionW
ldap_simple_bind_sW
ldap_sslinitW
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 778KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/Compiler/finalres.vbs
.vbs
bin/Compiler/finalres2.vbs
.vbs
bin/Program.cs
.js
bin/Properties/AssemblyInfo.cs
bin/Properties/Resources.Designer.cs
.vbs
bin/Properties/Resources.resx
.vbs
bin/Properties/Settings.Designer.cs
bin/Properties/Settings.settings
bin/TOKEN STEALER CREATOR.csproj
bin/TSC.sln
ItroublveTSC-6.1/GetToken/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/GetToken/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/GetToken/Properties/Resources.resources
ItroublveTSC-6.1/GetToken/Properties/Settings.Designer.cs
ItroublveTSC-6.1/GetToken/Properties/Settings.settings
ItroublveTSC-6.1/GetToken/StealerBin/API.cs
.js
ItroublveTSC-6.1/GetToken/StealerBin/Hook.cs
ItroublveTSC-6.1/GetToken/StealerBin/Steal.cs
.js
ItroublveTSC-6.1/GetToken/app.manifest
ItroublveTSC-6.1/GetToken/sendhookfile.csproj
ItroublveTSC-6.1/GetToken/sendhookfile.sln
ItroublveTSC-6.1/ItroublveTSC/DiscordFlooder/Class/Design/Rainbow/Rainbow.cs
.js
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.csproj
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.ico
ItroublveTSC-6.1/ItroublveTSC/ItroublveTSC.sln
ItroublveTSC-6.1/ItroublveTSC/Mouse.cs
ItroublveTSC-6.1/ItroublveTSC/Program.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.Designer.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.resources
ItroublveTSC-6.1/ItroublveTSC/Properties/Resources.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/Properties/Settings.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/Properties/Settings.settings
ItroublveTSC-6.1/ItroublveTSC/RoundBtn.cs
.vbs
ItroublveTSC-6.1/ItroublveTSC/app.manifest
ItroublveTSC-6.1/ItroublveTSC/frm2.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/frm2.cs
ItroublveTSC-6.1/ItroublveTSC/frm2.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/frmMain.Designer.cs
ItroublveTSC-6.1/ItroublveTSC/frmMain.cs
.js
ItroublveTSC-6.1/ItroublveTSC/frmMain.resx
.vbs
ItroublveTSC-6.1/ItroublveTSC/packages.config
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/Mono.Cecil.0.11.3.nupkg
.nupkg
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\mdb\obj\Release\net40\Mono.Cecil.Mdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Mdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\pdb\obj\Release\net40\Mono.Cecil.Pdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Pdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\rocks\obj\Release\net40\Mono.Cecil.Rocks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.Rocks.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\Release\net40\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/net40/Mono.Cecil.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\mdb\obj\Release\netstandard2.0\Mono.Cecil.Mdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Mdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\symbols\pdb\obj\Release\netstandard2.0\Mono.Cecil.Pdb.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Pdb.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\rocks\obj\Release\netstandard2.0\Mono.Cecil.Rocks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.Rocks.pdb
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\Release\netstandard2.0\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ItroublveTSC-6.1/ItroublveTSC/packages/Mono.Cecil.0.11.3/lib/netstandard2.0/Mono.Cecil.pdb
ItroublveTSC-6.1/LICENSE
ItroublveTSC-6.1/README.md
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/AssemblyInfo.cs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Resources.cs
.vbs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Resources.resources
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Settings.Designer.cs
ItroublveTSC-6.1/RaidAPI by ByteTools/Properties/Settings.settings
ItroublveTSC-6.1/RaidAPI by ByteTools/RaidAPI.csproj
ItroublveTSC-6.1/RaidAPI by ByteTools/RaidAPI.sln
ItroublveTSC-6.1/RaidAPI by ByteTools/StealToken/Stealer.cs

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 272KB - Virtual size: 271KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

6526bb2991df39dd134d2e134366b58f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 101KB

.rsrc Size: 33KB - Virtual size: 33KB

94d50e9c220dcd0fe83e2192746e0886

Code Sign

01Certificate

af:42:e4:09:5d:94:1d:14Certificate

Key Usages

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

normaliz

user32

wldap32

ws2_32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.data Size: 15KB - Virtual size: 15KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 272KB - Virtual size: 271KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 101KB

.rsrc
Size: 33KB - Virtual size: 33KB

01
Certificate

af:42:e4:09:5d:94:1d:14
Certificate

b8:e8:b4:00:af:64:57:3d:a6:1a:84:01:93:a2:24:94:27:a5:45:0b:9a:a8:c9:55:f9:af:41:ab:db:a0:94:4d
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 15KB - Virtual size: 15KB

.rdata
Size: 778KB - Virtual size: 777KB

.bss
Size: - Virtual size: 19KB

.edata
Size: 512B - Virtual size: 49B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 97KB - Virtual size: 97KB

.text
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 85KB - Virtual size: 84KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 876B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 347KB - Virtual size: 346KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 12B