remcos | 15793586c3009951f5629e509728de4bb42a5bab16ff5ee69c50f60264f90d01

Sharing

Copy URL

Twitter E-mail

General

Target

15793586c3009951f5629e509728de4bb42a5bab16ff5ee69c50f60264f90d01
Size

1.2MB
MD5

79266b0fdc530b2c8699d1cb57542992
SHA1

e51855d5f400fed20006819ce01652f730c1165a
SHA256

15793586c3009951f5629e509728de4bb42a5bab16ff5ee69c50f60264f90d01
SHA512

d1690525ce4b6c5481c6dadc54adfc15fd8d14f14ed614a2d4dcefcf4d97a11f86e04c6a4da9235e56c9a87376f9d7235552664b0beb221bafe7c69db4bb9007
SSDEEP

24576:HcLwSH2RLuYiqg2xVVLBHef1kd+kw6QcjlCcIRaL2dK:sh+ut0fVLku9w6ZscKK

Score

10^/10

host remcos

Malware Config

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

vshield.publicvm.com:5151

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
chrome.exe
copy_folder
Google Chrome
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Google Chrome
keylog_path
%AppData%
mouse_option
true
mutex
remcos_ykhychcufk
screenshot_crypt
true
screenshot_flag
true
screenshot_folder
Screens
screenshot_path
%AppData%
screenshot_time
1
startup_value
chrome
take_screenshot_option
true
take_screenshot_time
5
take_screenshot_title
paypal;amazon;nulled.to;cracked.to;ebay;blockchain;coinbase

Signatures

Remcos family
remcos

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Godaddy Checker Cracked/Godaddy Checker.exe
unpack001/Godaddy Checker Cracked/Godaddy.com Checker Cracked.exe
unpack001/Godaddy Checker Cracked/MetroFramework.Design.dll
unpack001/Godaddy Checker Cracked/MetroFramework.Fonts.dll
unpack001/Godaddy Checker Cracked/MetroFramework.dll
unpack001/Godaddy Checker Cracked/data/Godaddy.com Checker Cracked.exe
unpack001/Godaddy Checker Cracked/data/Ionic.Zip.dll
unpack001/Godaddy Checker Cracked/data/Launcher.exe
unpack001/Godaddy Checker Cracked/data/MetroFramework.Design.dll
unpack001/Godaddy Checker Cracked/data/MetroFramework.Fonts.dll
unpack001/Godaddy Checker Cracked/data/MetroFramework.dll
unpack001/Godaddy Checker Cracked/data/log.exe
unpack001/Godaddy Checker Cracked/data/xNet.dll
unpack001/Godaddy Checker Cracked/xNet.dll

Files

15793586c3009951f5629e509728de4bb42a5bab16ff5ee69c50f60264f90d01
.rar
Godaddy Checker Cracked/Godaddy Checker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/Godaddy.com Checker Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SioVer\Desktop\Crackers\Godaddy.com Checker\Godaddy.com Checker\obj\Debug\Godaddy.com Checker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/Godaddy.com Checker.exe.CodeAnalysisLog.xml
Godaddy Checker Cracked/Godaddy.com Checker.exe.config
Godaddy Checker Cracked/Godaddy.com Checker.pdb
Godaddy Checker Cracked/Godaddy.com Checker.xml
Godaddy Checker Cracked/MetroFramework.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VB\winforms-modernui-master\MetroFramework.Design\obj\Release\MetroFramework.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/MetroFramework.Fonts.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VB\winforms-modernui-master\MetroFramework.Fonts\obj\Release\MetroFramework.Fonts.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/MetroFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/RESULT-FOLDER/ALL.txt
Godaddy Checker Cracked/RESULT-FOLDER/REAL1.txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[00_15_24].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[01_04_44].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[01_05_27].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[01_15_25].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[02_18_13].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[02_20_59].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[02_51_50].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[08_40_25].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[12_14_07].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[14_13_11].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[15_00_06].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[15_09_11].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[15_26_51].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[16_07_07].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[16_07_47].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[16_10_59].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[16_45_30].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[18_22_46].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[19_07_31].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[21_32_05].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[21_32_13].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[23_49_37].txt
Godaddy Checker Cracked/RESULT-FOLDER/good_bal.txt[23_50_34].txt
Godaddy Checker Cracked/data/Godaddy.com Checker Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SioVer\Desktop\Crackers\Godaddy.com Checker\Godaddy.com Checker\obj\Debug\Godaddy.com Checker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/Godaddy.com Checker.exe.CodeAnalysisLog.xml
Godaddy Checker Cracked/data/Godaddy.com Checker.exe.config
Godaddy Checker Cracked/data/Godaddy.com Checker.pdb
Godaddy Checker Cracked/data/Godaddy.com Checker.xml
Godaddy Checker Cracked/data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/LICENCE.dat
.zip
Godaddy Checker Cracked/data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/MetroFramework.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VB\winforms-modernui-master\MetroFramework.Design\obj\Release\MetroFramework.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/MetroFramework.Fonts.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VB\winforms-modernui-master\MetroFramework.Fonts\obj\Release\MetroFramework.Fonts.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/MetroFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/RESULT-FOLDER/ALL.txt
Godaddy Checker Cracked/data/RESULT-FOLDER/REAL1.txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[00_15_24].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[01_04_44].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[01_05_27].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[01_15_25].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[02_18_13].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[02_20_59].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[02_51_50].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[08_40_25].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[12_14_07].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[14_13_11].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[15_00_06].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[15_09_11].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[15_26_51].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[16_07_07].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[16_07_47].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[16_10_59].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[16_45_30].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[18_22_46].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[19_07_31].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[21_32_05].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[21_32_13].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[23_49_37].txt
Godaddy Checker Cracked/data/RESULT-FOLDER/good_bal.txt[23_50_34].txt
Godaddy Checker Cracked/data/log.exe
.exe windows:4 windows x86 arch:x86

d3a62971944197f0701c7049a9c739d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetLongPathNameA
CreateMutexA
OpenMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
Process32NextW
Process32FirstW
lstrlenA
GetDriveTypeA
CreateProcessA
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
WinExec
GetCurrentProcessId
CreateDirectoryW
CopyFileA
GetFileAttributesW
GetLogicalDriveStringsA
GetCurrentProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualAlloc
GlobalFree
LocalAlloc
TerminateProcess
ReadFile
PeekNamedPipe
GetStdHandle
CreatePipe
OpenProcess
DuplicateHandle
GetCurrentThread
lstrcpynA
ExitProcess
AllocConsole
GetStartupInfoA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetLastError
LoadLibraryA
GetProcAddress
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
RemoveDirectoryA
CloseHandle
GetFileAttributesA
SetFileAttributesA
SetEvent
TerminateThread
FindFirstFileW
FindNextFileW
FindClose
GetLocalTime
CreateEventA
WaitForSingleObject
CreateDirectoryA
ExitThread
Sleep
GetModuleHandleA
DeleteFileW
CreateThread

user32

GetWindowTextLengthA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutNameA
GetWindowThreadProcessId
ShowWindow
CloseWindow
GetWindowTextA
GetWindowTextW
EnumWindows
SendInput
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetMessageA
TranslateMessage
GetKeyboardLayout
FindWindowA
DispatchMessageA
IsWindowVisible

gdi32

CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
StretchBlt
GetObjectA
GetDIBits
DeleteObject
DeleteDC

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
GetUserNameW

shell32

ShellExecuteA
ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW

msvcp60

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Bios_base@std@@QBEPAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcrt

_wrename
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_iob
freopen
srand
rand
mbstowcs
realloc
_itoa
sprintf
getenv
toupper
tolower
wcscmp
printf
strncmp
malloc
free
_EH_prolog
__CxxFrameHandler
time
localtime
strftime
puts
atoi
_ftol
??2@YAPAXI@Z
_except_handler3
exit
??0exception@@QAE@ABV0@@Z
_CxxThrowException

winmm

waveInOpen
waveInStop
waveInClose
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInStart

shlwapi

PathFileExistsA

ws2_32

htons
gethostbyname
closesocket
socket
send
WSAGetLastError
connect
recv
WSAStartup

urlmon

URLDownloadToFileA

gdiplus

GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdipSaveImageToFile
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipGetImageEncodersSize

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/data/xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Developper\Contacts\Downloads\Desktop\xNet-master\xNet-master\obj\Debug\xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Godaddy Checker Cracked/xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Developper\Contacts\Downloads\Desktop\xNet-master\xNet-master\obj\Debug\xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 225KB - Virtual size: 224KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 654KB - Virtual size: 653KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 311KB - Virtual size: 310KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 478KB - Virtual size: 477KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 225KB - Virtual size: 224KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 654KB - Virtual size: 653KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 654KB - Virtual size: 653KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB