VixenFree[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

VixenFree.zip
Size

6.1MB
MD5

5b0b9a3d4fea9f5cd38893a4008c8f8b
SHA1

01540c164b277580b532635f221b98661676b333
SHA256

eb81582d27467985a916367f7de86e77c62634e18aaf154f4b0580abce1a644b
SHA512

bce910eec207a2dcce3bc873f9d0791a4f244194434cbb4cbfb59e9fc0a16156c5a4c3b5bdb6f3039b05bdeb33000df4090239fe10f4163b3aa4e53ef21620eb
SSDEEP

98304:rnpcErCCLkn3imVgjovjZsKHyVx/NToGvs47hsaq60mCZf7npKt58eya:rpcEnLkn3bVgjWDHqPvn+c0mC97g38Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Driver/DrvLdr.exe
unpack001/Driver/Taigei64.dll
unpack001/Driver/VixenFree.exe
unpack001/Driver/driver.sys
unpack001/Driver/drv64.dll

Files

VixenFree.zip
.zip

Password: discord.gg/vixen
Driver/DrvLdr.exe
.exe windows:6 windows x64 arch:x64

Password: discord.gg/vixen

d7343acd8a08117f394fbb4463115abc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Devtop1\source\repos\KDU\Source\Hamakaze\output\x64\Release\kdu.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
LoadLibraryExW
HeapCreate
HeapAlloc
HeapDestroy
GetStartupInfoW
WriteProcessMemory
ResumeThread
UnmapViewOfFile
DeleteFileW
CreateProcessW
GetModuleHandleW
GetCurrentProcessId
ReadFile
WriteFile
SetFilePointer
TerminateProcess
Sleep
VirtualUnlock
VirtualLock
TerminateThread
CreateThread
HeapSetInformation
GetSystemDirectoryW
CreateFileW
VirtualFree
CreateEventW
GetProcessHeap
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
GetModuleFileNameW
FormatMessageW
GetSystemInfo
VirtualAllocEx
ReadProcessMemory
GetSystemTimeAsFileTime
VirtualFreeEx
CreateFileMappingW
MapViewOfFile
GetFirmwareEnvironmentVariableW
GetConsoleMode
ExpandEnvironmentStringsW
LoadLibraryW
GetCurrentDirectoryW
WriteConsoleW
RtlCompareMemory
CloseHandle
WaitForSingleObject
GetLastError
GetCurrentProcess
VirtualAlloc
SetDllDirectoryW
SetLastError
HeapReAlloc
HeapSize
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleOutputCP
FlushFileBuffers
GetFileType
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
GetCommandLineA
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ntdll

NtSetInformationProcess
LdrLockLoaderLock
RtlTimeToSecondsSince1970
NtLoadDriver
NtTerminateProcess
LdrUnlockLoaderLock
NtSetValueKey
NtOpenSection
NtQueryObject
LdrFindEntryForAddress
NtOpenFile
NtWaitForSingleObject
NtFsControlFile
RtlLengthRequiredSid
NtUnloadDriver
RtlEqualUnicodeString
LdrGetProcedureAddress
RtlNtdllName
NtDuplicateObject
NtSetSecurityObject
RtlDoesFileExists_U
NtCreateMutant
RtlGetVersion
LdrUnloadDll
NtAlpcDisconnectPort
RtlCreateSecurityDescriptor
NtAlpcCreatePort
RtlCreateAcl
NtAlpcAcceptConnectPort
RtlLengthSid
NtReplyWaitReceivePort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
NtDeviceIoControlFile
NtOpenKey
NtMapViewOfSection
NtUnmapViewOfSection
LdrLoadDll
NtCreateSection
LdrAccessResource
RtlSetLastWin32Error
NtCreateFile
RtlNtStatusToDosError
RtlEqualSid
RtlInitString
RtlFreeHeap
NtQueryDirectoryObject
RtlFreeSid
RtlExpandEnvironmentStrings
NtOpenDirectoryObject
NtFlushBuffersFile
RtlUnicodeStringToAnsiString
NtClose
NtQueryInformationToken
RtlAllocateAndInitializeSid
LdrFindResource_U
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtOpenProcess
RtlFreeUnicodeString
NtQueryInformationProcess
NtWriteFile
NtQuerySystemInformation
RtlAllocateHeap
NtOpenThread
NtFreeVirtualMemory
NtOpenProcessToken
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
NtAdjustPrivilegesToken
RtlImageNtHeader
RtlAddAccessAllowedAce

rpcrt4

UuidCreate

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiRemoveDevice

newdev

UpdateDriverForPlugAndPlayDevicesW

bcrypt

BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider

msdelta

DeltaFree
ApplyDeltaB

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver/Taigei64.dll
.dll windows:6 windows x64 arch:x64

Password: discord.gg/vixen

5fdb5e4b32ad7ee52dcb35ca36fae4bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
Sleep
GetCommandLineW
LocalFree
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
EncodePointer
InterlockedFlushSList
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile

shell32

CommandLineToArgvW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtConnectPort
NtRequestWaitReplyPort
RtlVirtualUnwind
NtCreateFile
NtDeviceIoControlFile
NtDelayExecution
RtlInitUnicodeString
NtQueryInformationProcess
RtlPcToFileHeader
RtlUnwindEx
NtClose

Exports

Exports

RegisterForProvider
RegisterForProvider2
SB_SMS_GetCtrlCountEx
SB_SMS_QuickCommandEx
SB_SMS_ReadBlockEx
SB_SMS_ReadByteEx
SB_SMS_ReadWordEx
SB_SMS_WriteBlockEx
SB_SMS_WriteByteEx
SB_SMS_WriteWordEx

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver/VixenFree.exe
.exe windows:6 windows x64 arch:x64

Password: discord.gg/vixen

0a82e4b2062ce84249d05f40239c8ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

imm32

ImmReleaseContext

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-string-l1-1-0

isprint

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

asin

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

��nA%�E��#z(�*:1�L6��- W��"�u�F��ߔ<p0�qǞp��M��U=!�{Ͱ[y~_�IKm1L�\��QS��"��bO��հ��Բ1��W)敔��C@�]c��l��k�2��b��C%��D�ף� 8N�6�� =g��n6�O_�=�t�a��Q�%O�d� [=��:,�̑�jS��ݻ5m��|�Y��rsWK?-4�"�P��D� � ��N�RD�?X�EKfy�tV�l#��b�Y^�}��-��F�>u")��Nv��Z�md�W�X��<<�j{?T�z +��Ӳ��)��Ө&ʏL�ާ�+7��h�-1��`�$*�.j�(�ȩƁ�p��Pœ�.-*&�*k��?y��x1��B��?�a�Gql�am��:$-kNҰ��}��u�'��z'�/�`��z2�[Ve��X��twu>Pt�ږn�(~��a�l�}��͖��d(�*�[10'��ѐr�S�Lh�m��֝�D�Â�}�"!��Y<��J��]Ҡ�cp:3vI�r��oeq}��jB�a��b��`o��Z�#��D�h��G3g�E�l�(d< ?��ч��?�G ��TĦ��@k��%��}�8�b��|�X_�5�B��Cn+z}`��6��Vց#)��;;�A��+[��A-��cA�ѫD��C~_��CS��|Ņ�g�X~��>+}��.�8]�p��N��.�[��3�1`i��ep��8..��GY�@��n~��d��e��8�CMɵ��HX"!r�Rn�>̞�)$q�z2A��nS��}�ʹ�"`g�T�O�?1 �ls��i\�l��: ��D'/��]خ��#��9��g��95�O��D��{A@T�^d��sRɜJ�k`��F:��}��5i4E��=$ 9:�ȍ��|3��B/��_ 6k,�5��p>]G:��[��n�< Y��T�ӡ��G�ѓ/y0E9��5�z��Þe�orjsZd�^l\,D��ʛ�"��Q��Ӿ7 *T~�<_��jǈ�Y��.~Q��I��j<!�0>�Ew ��=@,��8��g(�J��n��kj�j(B8�I��l�4P�L��e�z!;��.��r�nH�k�jn�F�8�s��hַ��@��N��rJ�.�m3Q�d��8|�N?��Ib��+k@��vX&��O}-��̅k ڗ��k�1�E��ap(�t�� j�ꌞU��^!W.9� �F��͈�RkcSO��,��h�I��K6[z��,�k��n=�m�BZΪ��|T�0��2�1Ä�ɧŕ��1��Z|��!R+S 9&�q�0��>�thg�S�l�&��o��l>��w��Y!A)� ��[��\�S��}�_��D��BV��!�NR6(zôP�[nM~ &�$LK�J��i œW6C��C��{Eט�gj��Sk�ӌ��'��yk��]�� G�ɚ�v2��9�mk:Uh=��K^8��(}�sRN�ߛ�Q��UR�&�*�_� Z�.5]R��u슲Պ|�� N��m�s��ȌsqY��`g -��;؁�*%��4�s��5��f�"��$��#%�2�Ug\�y�=��s�H�d:��}Io�`X� v�]6�4m�wnks+��^��x��G��Ι"�}͕7M:� #-��|�"y3:FՎet��i�.q��l6u!�8��)]��)��'!��|��v��D�&�c$<��]�xҏ�t��?1��$6s��~��CJ�n34sQ+V+&��.��?~�� 0cXͻ�XPK�_��T'$A~HF2i�]��A<�n0s�H�}��V=p��X��vp�OW�{Z�;Q� �D�y��t��p�$�;��a(��+"V>Qk_�?d��i��G`��#mk�� nXɹ� ��u��h�B�jH��J��s��6�=/�_��N��X��5�|�>��L��y5��e��u��D�.�.!Ց��KG&�[U��iO��+D$ĭ��'��h�]t�Ʀ�q��,��h��t��!:� 0]�o��B��K٢1�m��~��|3̓ʓ��;�ߦIK?�9k�pn)I�^?Y��Z?��hY'�Y��e�FTc�~Ul�8��ug��32�҇�8��!��4�w:>�A��1"B� �Ae� ��f�R6"��!ߺe��G4p��u��5��\_�0�S,�w�\��3��[�A��af��bi�ե/f@�#Zf�ñ9��+tEĵ�#��%��'JR@̴W��L<��q�.0.�?�b�%n��:^�po�d�� I�lXy*iS}7�z1l�� ǥ|k�S�]BKv.��2O��ZS�*ʱ-Kt .��';��prl��QS�U�~�n�q��z�}{�{�t^2�s]�!x�ѣ��J�ܤ�MQ��M��u'(�y2�K{�-8c�4��h}0�C%n]��)�ٖ�j��>��0��:ʨ�[��>�Ia��P�5"��A��Z�N��"(5��ك6Bs׈�!��C!0ˉ�m��6C6�!��tz��H0�Vxd ZW�A6&Cg�׿�lͱ��J5N��I�X��g(��߯�c�rԼVLK|5��Zޝ�ڮ}Qz/袯�l�q�[+t�u�)J��ڥsZe-i\'z�M�c��$�g*v��0Go��rk ��n��E��`��{��u��.bw�Km)&�8Ldr�-��ai�EI��~��Ηጹ�&/1�0K�3��8�u;��꼀��h:5GA�7#��%��y��/;�pA��2� �Gf5|F�LDv�o��p��v�

Sections

.text
Size: - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vixen0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Driver/driver.sys
.sys windows:10 windows x64 arch:x64

e7e980a616f80f51ead95462ea818d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Psychoware 1.4\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
MmIsAddressValid
PsLookupProcessByProcessId
PsGetProcessSectionBaseAddress
IoCreateDriver
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Driver/drv64.dll
.dll windows:6 windows x64 arch:x64

Password: discord.gg/vixen

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

gProvTable

Sections

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Startup.bat

Sharing

General

Malware Config

Signatures

Files

Password: discord.gg/vixen

Password: discord.gg/vixen

d7343acd8a08117f394fbb4463115abc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

rpcrt4

setupapi

newdev

bcrypt

msdelta

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 76KB - Virtual size: 75KB

.reloc Size: 3KB - Virtual size: 2KB

Password: discord.gg/vixen

5fdb5e4b32ad7ee52dcb35ca36fae4bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ntdll

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 2KB - Virtual size: 1KB

Password: discord.gg/vixen

0a82e4b2062ce84249d05f40239c8ab3

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

imm32

msvcp140

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 235KB

.rdata Size: - Virtual size: 46KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 9KB

.vixen0 Size: - Virtual size: 3.2MB

.vixen1 Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 512B - Virtual size: 480B

e7e980a616f80f51ead95462ea818d68

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 235KB

.rdata
Size: - Virtual size: 46KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 9KB

.vixen0
Size: - Virtual size: 3.2MB

.vixen1
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 864B

.data
Size: - Virtual size: 152B

.pdata
Size: 512B - Virtual size: 180B

INIT
Size: 1024B - Virtual size: 678B

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 428B