S-400 [.]Cracked By LMJ[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

S-400 .Cracked By LMJ.rar
Size

10.2MB
MD5

40ec42776d20ddf033c96cdce5726812
SHA1

d104f876c7ced7e8eb2fb6fe079af73f6f002a97
SHA256

498df8057ccd98b0cc7b47fb53276fb2cf040d5f745c6138d4b574df620e7ce2
SHA512

4708394c61820076d085480c94263ed577d5c528f2454b421829940c95c3fc88fd0a891979f30fdbac8bef1810fee22c1c02e7c96fe110c91d32585febe17f0b
SSDEEP

196608:uXQ6Six3oz37XVk6zP8+ADo9msQ/UjzTVSrvtJgOlq+Q8fjLwylzeiWR:MVeLXVLrSooNMfTgrFbq+QGgy4xR

Score

10^/10

agilenet

Malware Config

Signatures

Contains code to disable Windows Defender 2 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Def.dll	disable_win_def
static1/unpack001/Thanks For Purchase/S-400 [EXTRACT]/S-400 RAT v3.0.exe	disable_win_def

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/tory.dll	Nirsoft

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
static1/unpack001/Thanks For Purchase/S-400 [EXTRACT]/Guna.UI2.dll	agile_net

Unsigned PE 45 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Thanks For Purchase/S-400 [EXTRACT]/API.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Act.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Anti.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Anx.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Cok.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Controll.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Def.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Fun.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/HBR.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/HRR.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/IFF.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/MSG.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Manger.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/NGR.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/Pass.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/RDP.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/SO.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/TCP.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/VB.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/VDP.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/XMR.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/cam.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/ch.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/cli.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/coc.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/dos.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/inff.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/loc.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/mic.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/pw.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/sc2.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/tory.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/uac.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/uns.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/FC/vnc.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.Design.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.Fonts.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/Mono.Cecil.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/S-400 RAT v3.0.exe
unpack001/Thanks For Purchase/S-400 [EXTRACT]/SQLABC_ModernUI.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/Tulpep.NotificationWindow.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/UPX/mpress.exe
unpack001/Thanks For Purchase/S-400 [EXTRACT]/WinMM.Net.dll
unpack001/Thanks For Purchase/S-400 [EXTRACT]/zxing.dll

Files

S-400 .Cracked By LMJ.rar
.rar
!!! READ ME !!!.txt
Thanks For Purchase/S-400 [EXTRACT]/API.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Act.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Act\obj\Debug\Act.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Anti.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Anti\obj\Debug\Anti.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Anx.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Anx\obj\Debug\Anx.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Aut2Exe/Aut2exe.exe
.exe windows:5 windows x86 arch:x86

4f062ee6f3ff9baef7efe7ca21de7747

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24-01-2018 09:39

Not After

04-07-2020 06:50

Subject

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

28-02-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 002-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:c3:5b:1a:d5:3e:eb:53:99:58:a4:6a:03:e1:4d:19:c4:2c:0d:0b:65:e4:32:04:fc:cb:57:2d:5b:f0:8e:3c
Signer

Actual PE Digest

66:c3:5b:1a:d5:3e:eb:53:99:58:a4:6a:03:e1:4d:19:c4:2c:0d:0b:65:e4:32:04:fc:cb:57:2d:5b:f0:8e:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateStatusWindowW
InitCommonControlsEx

kernel32

LockResource
GetTempPathW
GetTempFileNameW
DeleteFileW
CopyFileW
CreateFileW
CloseHandle
LoadLibraryA
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSection
IsDebuggerPresent
lstrcmpiW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
lstrlenW
ReadFile
CreateProcessW
GetExitCodeProcess
Sleep
WideCharToMultiByte
CompareStringW
GetCommandLineW
FindResourceW
EnumResourceNamesW
BeginUpdateResourceW
SetFilePointer
UpdateResourceW
EndUpdateResourceW
GetVersionExW
IsWow64Process
GetCurrentProcess
GetSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
DuplicateHandle
GetStdHandle
CreatePipe
CreateThread
InterlockedExchange
TerminateThread
WaitForSingleObject
SetFilePointerEx
SizeofResource
FlushFileBuffers
GetLastError
TerminateProcess
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
CreateDirectoryW
QueryPerformanceCounter
OutputDebugStringW
GetFileTime
SetStdHandle
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetFileType
GetConsoleCP
GetProcessHeap
GetModuleHandleExW
ExitProcess
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
ExitThread
HeapFree
HeapAlloc
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
WriteConsoleW
SetEndOfFile

user32

LoadIconW
RegisterClassExW
MessageBeep
DispatchMessageW
PostQuitMessage
SetCursor
DefWindowProcW
ChildWindowFromPoint
LoadImageW
GetDlgItemTextW
DialogBoxParamW
EnableMenuItem
EndDialog
GetSystemMenu
SetActiveWindow
LoadCursorW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
GetDlgItem
SetFocus
UpdateWindow
SendDlgItemMessageW
CheckMenuItem
GetMenu
CheckMenuRadioItem
SetDlgItemTextW
LoadAcceleratorsW
MessageBoxA
DestroyIcon
LoadStringW
MessageBoxW
CharUpperBuffW
PostMessageW
ShowWindow
EnableWindow
SendMessageW
CreateDialogParamW

gdi32

GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

DragFinish
DragQueryFileW
DragQueryPoint
SHGetFolderPathW

ole32

CreateStreamOnHGlobal

oleaut32

VariantCopy
VariantClear
VariantInit

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIComConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIDiagConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIDlgConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIErrorsConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIFilesConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIGdiConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APILocaleConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIMiscConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIProcConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIRegConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIResConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIShPathConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIShellExConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APISysConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/APIThemeConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/AVIConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Array.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ArrayDisplayInternals.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/AutoItConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/BorderConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ButtonConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Clipboard.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Color.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ColorConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ComboConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Constants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Crypt.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Date.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/DateTimeConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Debug.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/DirConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/EditConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/EventLog.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Excel.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ExcelConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/FTPEx.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/File.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/FileConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/FontConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/FrameConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GDIPlus.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GDIPlusConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GUIConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GUIConstantsEx.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiAVI.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiButton.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiComboBox.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiComboBoxEx.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiDateTimePicker.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiEdit.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiHeader.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiIPAddress.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiImageList.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiListBox.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiListView.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiMenu.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiMonthCal.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiReBar.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiRichEdit.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiScrollBars.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiSlider.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiStatusBar.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiTab.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiToolTip.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiToolbar.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/GuiTreeView.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/HeaderConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/IE.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/IPAddressConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ImageListConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Inet.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/InetConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ListBoxConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ListViewConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Math.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/MathConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Memory.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/MemoryConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/MenuConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Misc.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/MsgBoxConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/NTSTATUSConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/NamedPipes.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/NetShare.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Process.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ProcessConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ProgressConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/RebarConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/RichEditConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/SQLite.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/SQLite.dll.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ScreenCapture.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ScrollBarConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ScrollBarsConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Security.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/SecurityConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/SendMessage.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/SliderConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Sound.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/StaticConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/StatusBarConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/String.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/StringConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/StructureConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/TabConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Timers.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ToolTipConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/ToolbarConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/TrayConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/TreeViewConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/UDFGlobalID.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/UpDownConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Visa.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPI.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPICom.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIConv.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIDiag.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIDlg.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIError.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIEx.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIFiles.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIGdi.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIGdiDC.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIGdiInternals.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIHObj.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIIcons.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIInternals.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPILocale.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIMem.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIMisc.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIProc.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIReg.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIRes.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIShPath.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIShellEx.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPISys.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPISysInternals.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPISysWin.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPITheme.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIlangConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIsysinfoConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinAPIvkeysConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WinNet.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WindowsConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/Word.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/WordConstants.au3
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/AutoIt3/Include/_ReadMe_.txt
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/DotNetAll.au3
.ps1
Thanks For Purchase/S-400 [EXTRACT]/FC/CVE_Port/ico.ico
Thanks For Purchase/S-400 [EXTRACT]/FC/Cok.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\Cok\obj\Debug\Cok.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Controll.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Controll\Controll\obj\Debug\Controll.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Def.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\Def\obj\Debug\Def.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Fun.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Fun\obj\Debug\Fun.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/HBR.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\HBR\obj\Debug\HBR.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/HRR.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\HRR\obj\Debug\HRR.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/IFF.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\IFF\obj\Debug\IFF.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/MSG.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\MSG\obj\Debug\MSG.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Manger.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\Part2\SRC S400 RAT v 1.0 by FC\SRC Plugin\Manger\obj\Debug\Manger.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/NGR.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\NGR\obj\Debug\NGR.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/Pass.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\Stub\Pass\obj\Debug\Pass.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/RDP.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\RDP\obj\Debug\RDP.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/SO.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\SO\obj\Debug\SO.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/TCP.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\TCP\obj\Debug\TCP.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/VB.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\VB\obj\Debug\VB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/VDP.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\VDP\obj\Debug\VDP.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/XMR.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\XMR\obj\Debug\XMR.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/cam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/ch.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\ch\ch\obj\Debug\ch.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/cli.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\cli\obj\Debug\cli.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/coc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\coc\obj\Debug\coc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/dos.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\dos\obj\Debug\dos.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/inff.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\inff\obj\Debug\inff.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/loc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\loc\obj\Debug\loc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/mic.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/pw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\Pas\Pas\obj\Debug\pw.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/sc2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\SRC S400 RAT v 1.0 by FC\sc2\obj\Debug\sc2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/tory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\tory\obj\Debug\tory.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/uac.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\S400RAT v 1.0\uac\obj\Debug\uac.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/uns.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\DZ\Desktop\Part2\SRC S400 RAT v 1.0 by FC\SRC Plugin\Uns\obj\Debug\uns.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/FC/vnc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\AF\Desktop\SRC S400 RAT v 1.0 by FC\SRC Plugin\vnc\obj\Debug\vnc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/GeoIP.dat
Thanks For Purchase/S-400 [EXTRACT]/Guna.UI2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23-10-2019 05:22

Not After

22-10-2025 17:00

Subject

CN=Sobatdata Software

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fb
Signer

Actual PE Digest

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\Guna.UI2\Build\Guna.UI2.WinForms\build\nuget\Guna.UI2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/Map/UN.jpg
.png
Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Development\Desktop\Github\winforms-modernui\MetroFramework.Design\obj\Release\MetroFramework.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.Fonts.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Development\Desktop\Github\winforms-modernui\MetroFramework.Fonts\obj\Release\MetroFramework.Fonts.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/MetroFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\cecil\obj\netstandard_Release\netstandard1.3\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/S-400 RAT v3.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/SQLABC_ModernUI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Demir Dervishi\Documents\Visual Studio 2015\YoutubeProject\SQLABC_ModernUI\SQLABC_ModernUI\obj\Debug\SQLABC_ModernUI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/Stub.manifest
.xml
Thanks For Purchase/S-400 [EXTRACT]/Terror/T.wav
Thanks For Purchase/S-400 [EXTRACT]/Tulpep.NotificationWindow.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\notification-popup-window\Tulpep.NotificationWindow\obj\Release\Tulpep.NotificationWindow.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/UPX/mpress.exe
.exe windows:4 windows x86 arch:x86

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

imagehlp

CheckSumMappedFile

Sections

.MPRESS1
Size: 88KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Thanks For Purchase/S-400 [EXTRACT]/WinMM.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/machine.config
.xml
Thanks For Purchase/S-400 [EXTRACT]/options.vnc
Thanks For Purchase/S-400 [EXTRACT]/vncviewer.exe
.exe windows:5 windows x64 arch:x64

b53dc4f8863a2ea25c86908835939902

Code Sign

52:31:09:fd:26:76:d2:5c:b3:d4:57:c9:a3:48:53:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-08-2016 00:00

Not After

22-11-2019 23:59

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c0:b2:47:bf:2f:45:8a:00:e4:24:44:98:90:7b:60:47:92:2f:38:07:ca:9a:ad:5b:48:e0:26:9d:b3:6d:59:ed
Signer

Actual PE Digest

c0:b2:47:bf:2f:45:8a:00:e4:24:44:98:90:7b:60:47:92:2f:38:07:ca:9a:ad:5b:48:e0:26:9d:b3:6d:59:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\rudi\Desktop\UltraVNC_1212\vncviewer\x64\Release\vncviewer.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon
CreateToolbarEx
ord17
ord6
InitCommonControlsEx

winmm

timeGetTime
timeKillEvent
timeSetEvent
PlaySoundA

ws2_32

ioctlsocket
WSAStartup
WSACleanup
accept
bind
listen
__WSAFDIsSet
getpeername
inet_addr
send
socket
connect
htons
setsockopt
WSAGetLastError
closesocket
gethostbyname
select
WSAAsyncSelect
shutdown
recv

kernel32

LoadLibraryA
DeleteFileA
GetProcAddress
FreeLibrary
lstrcpyA
ReadFile
CompareFileTime
MoveFileA
EnterCriticalSection
WriteFile
GetDriveTypeA
SetFileTime
LeaveCriticalSection
InitializeCriticalSection
SetErrorMode
SetFilePointer
SetEndOfFile
lstrlenA
GetFileAttributesA
MoveFileExA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLogicalDriveStringsA
DeleteCriticalSection
SystemTimeToFileTime
lstrcmpiA
CreateDirectoryA
GetFileTime
FlushFileBuffers
MulDiv
GetStdHandle
WriteConsoleA
OutputDebugStringA
AllocConsole
GetComputerNameA
GetVersionExA
SetFileAttributesW
DeleteFileW
HeapReAlloc
WriteConsoleW
CreateDirectoryW
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetACP
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetCPInfo
CopyFileA
ReadConsoleW
GetConsoleMode
GetConsoleCP
FindClose
PeekNamedPipe
GetDriveTypeW
CreateFileW
GetFullPathNameW
GetModuleHandleExW
ExitProcess
SetStdHandle
GetTimeZoneInformation
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateSemaphoreA
GetSystemTime
TlsGetValue
TlsAlloc
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
ReleaseSemaphore
TlsSetValue
GetFileType
lstrcatA
GetProcessHeap
lstrcpynA
HeapAlloc
ReleaseMutex
CreateMutexA
GetCurrentProcess
HeapFree
DosDateTimeToFileTime
GetLocalTime
SetFileAttributesA
SetVolumeLabelA
LocalFileTimeToFileTime
GetVersion
GetLocaleInfoA
GetVolumeInformationA
GetFullPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
SetFilePointerEx
GetTempPathA
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindNextFileA
FindFirstFileA
GetModuleFileNameA
WideCharToMultiByte
FindNextFileW
SetConsoleCtrlHandler
GlobalFree
GlobalSize
MultiByteToWideChar
GetPrivateProfileStringA
GlobalUnlock
GetPrivateProfileIntA
GlobalLock
WritePrivateProfileStringA
GlobalAlloc
GetTickCount
CreateEventA
FormatMessageA
LocalFree
Beep
ResetEvent
CreateThread
CloseHandle
SetEvent
GetLastError
Sleep
ResumeThread
WaitForSingleObject
GetModuleHandleA
OutputDebugStringW
WaitForSingleObjectEx
RemoveDirectoryW
HeapSize
MoveFileExW
FindFirstFileExA
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
IsValidCodePage

user32

CallWindowProcA
SetCapture
GetCaretBlinkTime
ReleaseCapture
GetWindowThreadProcessId
GetMessageA
CallNextHookEx
PostThreadMessageA
SetWindowsHookExA
GetForegroundWindow
GetKeyState
ModifyMenuA
keybd_event
GetKeyboardState
VkKeyScanW
ToUnicode
SetCaretBlinkTime
WindowFromDC
MapWindowPoints
LoadBitmapA
IntersectRect
GetDesktopWindow
GetMenuStringA
PtInRect
SendMessageTimeoutA
GetMenuItemCount
DestroyIcon
DrawTextA
TranslateMessage
SendDlgItemMessageA
GetComboBoxInfo
PeekMessageA
GetWindowTextLengthA
GetScrollInfo
ScreenToClient
IsDlgButtonChecked
LoadKeyboardLayoutA
SetWindowLongPtrA
SetWindowRgn
GetParent
EnableWindow
MonitorFromPoint
EnumDisplayDevicesA
GetSystemMetrics
EnumDisplaySettingsExA
GetMonitorInfoA
SystemParametersInfoA
ValidateRect
LoadMenuA
GetMenuItemID
LoadStringA
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RegisterClassExA
IsClipboardFormatAvailable
RegisterClipboardFormatA
RedrawWindow
SetWindowLongA
SetCursorPos
GetCursorPos
GetClipboardOwner
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetScrollInfo
GetSystemMenu
AdjustWindowRectEx
ShowScrollBar
GetWindowRect
GetFocus
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
SetClipboardViewer
PostMessageA
FillRect
GetKeyboardLayoutNameA
CreatePopupMenu
wsprintfA
ShowWindow
IsWindow
InvalidateRgn
RegisterWindowMessageA
SetTimer
ChangeClipboardChain
GetWindowLongA
SendNotifyMessageA
MessageBoxA
MoveWindow
RegisterClassA
DefWindowProcA
DestroyMenu
CreateWindowExA
SetFocus
ScrollWindowEx
DrawMenuBar
SetCursor
LoadIconA
GetDlgItemInt
AppendMenuA
CheckMenuItem
GetClientRect
SetRect
KillTimer
PostQuitMessage
GetSysColorBrush
EnableMenuItem
SetDlgItemInt
UpdateWindow
InvalidateRect
IsIconic
ReleaseDC
BeginPaint
EndPaint
GetDlgItemTextA
GetWindowTextA
SetWindowTextA
SendMessageA
GetDlgItem
GetWindowLongPtrA
TranslateAcceleratorA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadImageA
EndDialog
DialogBoxParamA
IsRectEmpty
SetDlgItemTextA
SetForegroundWindow
OemToCharA
CharToOemA
wvsprintfA
DispatchMessageA
ToAscii

gdi32

CreateCompatibleDC
SelectObject
BitBlt
CombineRgn
SetStretchBltMode
CreatePalette
SelectPalette
CreateRectRgn
GetDeviceCaps
GetStockObject
UpdateColors
RealizePalette
StretchBlt
PatBlt
CreateDIBSection
SetBrushOrgEx
CreateRectRgnIndirect
Rectangle
MoveToEx
CreatePen
LineTo
SetBkMode
SetTextColor
CreatePolygonRgn
CreateFontA
SetROP2
GetClipBox
DeleteDC
SetDIBColorTable
CreateSolidBrush
DeleteObject

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

advapi32

GetSecurityDescriptorLength
RegSetValueExA
RegQueryValueExA
RegCloseKey
IsValidAcl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
LookupPrivilegeValueA
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
IsValidSid
IsValidSecurityDescriptor
OpenProcessToken
GetKernelObjectSecurity
RegOpenKeyExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thanks For Purchase/S-400 [EXTRACT]/zxing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ZXing.Net.0.14.0.0\Source\lib\obj\Release\zxing.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 49KB - Virtual size: 49KB

.rsrc Size: 1024B - Virtual size: 836B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 12B

4f062ee6f3ff9baef7efe7ca21de7747

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16Certificate

Extended Key Usages

Key Usages

13:b7:74:ee:59:e3:5e:c6:06:26:16:89Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

66:c3:5b:1a:d5:3e:eb:53:99:58:a4:6a:03:e1:4d:19:c4:2c:0d:0b:65:e4:32:04:fc:cb:57:2d:5b:f0:8e:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 65KB - Virtual size: 64KB

.text
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16
Certificate

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

66:c3:5b:1a:d5:3e:eb:53:99:58:a4:6a:03:e1:4d:19:c4:2c:0d:0b:65:e4:32:04:fc:cb:57:2d:5b:f0:8e:3c
Signer

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 578KB - Virtual size: 577KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B