SchooisMultitool_v2[.]2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SchooisMultitool_v2.2.zip
Size

234KB
MD5

9424b2cacd9f0fb76a0fe4f202e4d614
SHA1

77bca369a07a8cc4815d0897d897bed758453bff
SHA256

9235d2676794ff9cc054258ec08e894647ed0112a94f078c9b901d8f1aa049ce
SHA512

9ba6531994986a636e7e7143c929248149ebddc580cd42ae9f6b21512d22d3d3a7c745248af3e55877ab0983575f51786927399092093aad26f6ffb927ac0f13
SSDEEP

6144:c6z9pUmgmH9ozNAYmNGqgYSY1zSRFV1MuH1Y+sC0j:cK9pvgQlYmNYYXzSRFV1MuVzsb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Files/IPGeolocator.exe
unpack001/Files/Newtonsoft.Json.dll

Files

SchooisMultitool_v2.2.zip
.zip
Files/Apps/7z.bat
.bat .ps1
Files/Apps/SuperF4.bat
.bat .ps1
Files/Apps/bts.bat
Files/Apps/chrome.bat
.bat .ps1
Files/Apps/ctt.bat
Files/Apps/fastfetch.bat
Files/Apps/firefox.bat
Files/Apps/flux.bat
Files/Apps/geek.bat
.bat .ps1
Files/Apps/git.bat
.bat .ps1
Files/Apps/logo.bat
Files/Apps/pcm.bat
Files/Apps/ps7.bat
.bat .ps1
Files/Apps/pswin7.bat
.bat .vbs
Files/Apps/winget.bat
Files/Apps/wintoys.bat
Files/BackupRegistry.bat
Files/CommandLineGame.bat
Files/Components/Import Backups.bat
Files/Components/Registry Backup.bat
Files/GPEE.bat
Files/IPGeolocator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Schooi\source\repos\IPGeolocator\IPGeolocator\obj\Debug\IPGeolocator.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Files/IPLogs.txt
Files/IPStealer.bat
Files/ImportBackups.bat
Files/InfoFinder.bat
Files/Malwarebytes-Premium-Reset.bat
Files/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Files/PasswordGenerator.bat
.bat .vbs
Files/RAUP.bat
Files/Read Me.txt
Files/SMBBruteforcer.bat
Files/SSAMBYO.bat
Files/Schnuker/Files/Run Me (Instructions).bat
Files/Schnuker/Files/Schnuker.cmd
Files/Schnuker/Files/Schnuker.py
Files/Schnuker/Files/logo.txt
Files/Schnuker/Installation.lnk
.lnk
Files/Schnuker/Launcher.lnk
.lnk
Files/UPPPE.bat
Files/URLShortener.bat
Files/WA.bat
Files/WD.bat
Files/ascii.bat
Files/autorespo.bat
Files/bfc.bat
Files/color.txt
Files/db.bat
Files/fo.bat
.bat .vbs
Files/hfb.bat
Files/hibern.bat
Files/iplog.bat
Files/logo.bat
Files/music.bat
.bat .vbs
Files/mystery.bat
Files/nsl.bat
Files/pf.bat
Files/pinger.bat
Files/rcmc.bat
Files/restart.bat
Files/rockyou.bat
Files/s32.bat
Files/setup.bat
Files/speak.vbs
.vbs
Files/stcli.bat
Files/suc.bat
Files/sysinfo.bat
Files/taskmanager.bat
Files/trt.bat
Files/wifipasses.bat
Files/zicrack.bat
SchooiMultitool.bat
.bat .vbs
uninstall.bat

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 511KB - Virtual size: 511KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 511KB - Virtual size: 511KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B