19156341828[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

19156341828.zip
Size

31.4MB
MD5

96b1da0001997281ec4b7afae40955c0
SHA1

04e7abc31a20cf6eadd99cad59a9cdf389f5efec
SHA256

7b910986acb469f33ca92e0d29740f1f99163bcbfa0490c800f90614d5e33c33
SHA512

bc5a2a89dbdcc1a1c5a576d56fb543b166364ff4733308397e25cacd7098adf42964bbdc49ad500cfaa69dc9551f7f7cabb5b5ba6b4ab40c8ce2f87de5f3be23
SSDEEP

786432:3Qdi/mcZIj1vZIRLwZIXlJn6tNJn6H5W5Q7sLcbf/rhP9v:AjcujZulwuXr656A5Q7sLIVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23
unpack001/13c98ff5f10a059a1b3096d4cc62bbac10a4fe9f4bbf2ddabad006d05dbbb382
unpack001/1510c94c0e5ca38447a54cb9957d70efaa649542cc8c7ff78998119dd8062fda
unpack001/188f4a191b85011772485f080ca0899c8c2da3c83155b0d0adec3a28754c9417
unpack001/357c12ac0083f8d9560e36fe92a1df4b514271755e2e6f8098a4a2084caae20c
unpack001/7a3916ebf838bea2063dd1ac9f44c92d49ac1e4cc5bbbe33406bcc94aae0e43f
unpack001/95609e1d54945cc987f01daf24b834dc070da9b1293b6d07fc5000e2e3dea5be
unpack001/bb33720a6f6027c61f024586d542204035b02db0e460196b6948eca61574e2bc
unpack001/cd3cd03d12e9fe14a99bd40d5218e035a4cedbcbb6c0f759ed042d26a90f466c
unpack001/e73c4ef0f4aee5f9d19c00794bf97593a26f76b1c6ebecccc7d478c2f422ee63
unpack001/fd150cee7ab1ea8ec38fc623ae268d2a8c19647075620d6b0ae153014810cfaf

Files

19156341828.zip
.zip

Password: infected
058b831099c93ba59538362b762940a18b0cf89d82ab0c166855f73150054b23
.exe windows:6 windows x64 arch:x64

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\4\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
SetHandleInformation
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

accept
listen
connect
bind
WSASocketW
getpeername
getsockname
getaddrinfo
getsockopt
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
socket
WSAGetLastError
freeaddrinfo
shutdown
ioctlsocket
recv
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SystemFunction036
ConvertSidToStringSidA
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegQueryValueExW

psapi

GetModuleFileNameExA

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
13c98ff5f10a059a1b3096d4cc62bbac10a4fe9f4bbf2ddabad006d05dbbb382
.exe windows:6 windows x64 arch:x64

6597d01edeba223d70085e41a07a7220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\2\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
CreateMutexW
MoveFileExA
GetModuleFileNameW
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

connect
bind
shutdown
getsockname
getpeername
accept
recv
getaddrinfo
listen
freeaddrinfo
WSACleanup
WSAStartup
send
socket
WSAGetLastError
WSASend
setsockopt
WSAIoctl
ioctlsocket
getsockopt
WSASocketW
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
ConvertSidToStringSidA
RegCloseKey
SystemFunction036
GetUserNameW
RegOpenKeyExW

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

ntdll

NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1510c94c0e5ca38447a54cb9957d70efaa649542cc8c7ff78998119dd8062fda
.exe windows:6 windows x64 arch:x64

c3e4744bca21f5b79c2c9e1e3c7da22d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\1\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
AcquireSRWLockShared
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

connect
bind
shutdown
getsockname
getpeername
accept
recv
getaddrinfo
listen
freeaddrinfo
WSACleanup
WSAStartup
send
socket
WSAGetLastError
WSASend
setsockopt
WSAIoctl
ioctlsocket
getsockopt
WSASocketW
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
ConvertSidToStringSidA
RegCloseKey
SystemFunction036
GetUserNameW
RegOpenKeyExW

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

ntdll

NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
188f4a191b85011772485f080ca0899c8c2da3c83155b0d0adec3a28754c9417
.exe windows:6 windows x64 arch:x64

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\4\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
SetHandleInformation
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

accept
listen
connect
bind
WSASocketW
getpeername
getsockname
getaddrinfo
getsockopt
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
socket
WSAGetLastError
freeaddrinfo
shutdown
ioctlsocket
recv
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SystemFunction036
ConvertSidToStringSidA
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegQueryValueExW

psapi

GetModuleFileNameExA

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
357c12ac0083f8d9560e36fe92a1df4b514271755e2e6f8098a4a2084caae20c
.exe windows:6 windows x64 arch:x64

35eabc6f89523114f8116b19ba9c2b72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Gitlab-Runner\builds\jg8GxWak\0\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
AcquireSRWLockShared
ReleaseSRWLockShared
CreateProcessA
GetModuleFileNameA
GetCurrentProcessId
MoveFileExA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
ReadProcessMemory
GetProcessId
GetSystemInfo
OpenThread
SuspendThread
GetCurrentThreadId
GetThreadContext
ResumeThread
VirtualQueryEx
SetStdHandle
VirtualProtect
CreateMailslotW
CreateFileW
CreateEventW
GetMailslotInfo
ReadFile
GetStdHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcessHeap
HeapFree
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetFileType
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead

mscoree

CLRCreateInstance

advapi32

GetUserNameW
ConvertSidToStringSidA
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

psapi

GetModuleFileNameExW
GetModuleFileNameExA

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation
NtQueryInformationThread
NtWriteFile
NtReadFile
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile

dbghelp

EnumerateLoadedModulesW64

oleaut32

SafeArrayUnlock
SysStringLen
VariantChangeType
GetErrorInfo
SafeArrayDestroy
VariantClear
SafeArrayCreateVector
SysFreeString
SafeArrayLock
VariantInit
SafeArrayPutElement

propsys

InitVariantFromStringArray

ws2_32

closesocket
setsockopt
WSAIoctl
recv
send
getsockopt
getpeername
WSASocketW
WSAGetLastError
shutdown
getaddrinfo
WSASend
ioctlsocket
freeaddrinfo
WSACleanup
connect
WSAStartup
getsockname
bind

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7a3916ebf838bea2063dd1ac9f44c92d49ac1e4cc5bbbe33406bcc94aae0e43f
.dll windows:6 windows x64 arch:x64

2de4f46c32b35868ff69b586cde68d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\1\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_dll.pdb

Imports

kernel32

ReleaseSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
AcquireSRWLockShared
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
SetLastError
CreateMutexA
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
SetStdHandle
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
GetProcAddress
RtlCaptureContext
GetCurrentProcess
ReleaseMutex
RtlLookupFunctionEntry
TerminateThread
GetCurrentThread
CloseHandle
ReleaseSRWLockExclusive
GetCurrentDirectoryW
AcquireSRWLockExclusive
HeapSize
GetStringTypeW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidA
GetUserNameW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
NtCancelIoFileEx

ws2_32

WSASend
WSACleanup
recv
WSAIoctl
getsockopt
listen
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
accept
closesocket
WSAGetLastError
setsockopt
socket
shutdown
WSAStartup
getaddrinfo
send
freeaddrinfo

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

Exports

Exports

DllMain
StartMyServer

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
95609e1d54945cc987f01daf24b834dc070da9b1293b6d07fc5000e2e3dea5be
.exe windows:6 windows x64 arch:x64

07ca5a0669ac84767784433080743075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\0\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

connect
bind
shutdown
getsockname
getpeername
accept
recv
getaddrinfo
listen
freeaddrinfo
WSACleanup
WSAStartup
send
socket
WSAGetLastError
WSASend
setsockopt
WSAIoctl
ioctlsocket
getsockopt
WSASocketW
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
ConvertSidToStringSidA
RegCloseKey
SystemFunction036
GetUserNameW
RegOpenKeyExW

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

ntdll

NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bb33720a6f6027c61f024586d542204035b02db0e460196b6948eca61574e2bc
.exe windows:6 windows x64 arch:x64

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\4\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
SetHandleInformation
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

accept
listen
connect
bind
WSASocketW
getpeername
getsockname
getaddrinfo
getsockopt
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
socket
WSAGetLastError
freeaddrinfo
shutdown
ioctlsocket
recv
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
SystemFunction036
ConvertSidToStringSidA
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegQueryValueExW

psapi

GetModuleFileNameExA

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cd3cd03d12e9fe14a99bd40d5218e035a4cedbcbb6c0f759ed042d26a90f466c
.exe windows:6 windows x64 arch:x64

35eabc6f89523114f8116b19ba9c2b72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Gitlab-Runner\builds\jg8GxWak\0\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
AcquireSRWLockShared
ReleaseSRWLockShared
CreateProcessA
GetModuleFileNameA
GetCurrentProcessId
MoveFileExA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
ReadProcessMemory
GetProcessId
GetSystemInfo
OpenThread
SuspendThread
GetCurrentThreadId
GetThreadContext
ResumeThread
VirtualQueryEx
SetStdHandle
VirtualProtect
CreateMailslotW
CreateFileW
CreateEventW
GetMailslotInfo
ReadFile
GetStdHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcessHeap
HeapFree
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
RtlVirtualUnwind
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetFileType
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead

mscoree

CLRCreateInstance

advapi32

GetUserNameW
ConvertSidToStringSidA
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

psapi

GetModuleFileNameExW
GetModuleFileNameExA

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation
NtQueryInformationThread
NtWriteFile
NtReadFile
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile

dbghelp

EnumerateLoadedModulesW64

oleaut32

SafeArrayUnlock
SysStringLen
VariantChangeType
GetErrorInfo
SafeArrayDestroy
VariantClear
SafeArrayCreateVector
SysFreeString
SafeArrayLock
VariantInit
SafeArrayPutElement

propsys

InitVariantFromStringArray

ws2_32

closesocket
setsockopt
WSAIoctl
recv
send
getsockopt
getpeername
WSASocketW
WSAGetLastError
shutdown
getaddrinfo
WSASend
ioctlsocket
freeaddrinfo
WSACleanup
connect
WSAStartup
getsockname
bind

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e73c4ef0f4aee5f9d19c00794bf97593a26f76b1c6ebecccc7d478c2f422ee63
.exe windows:6 windows x64 arch:x64

6597d01edeba223d70085e41a07a7220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\2\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
CreateMutexW
MoveFileExA
GetModuleFileNameW
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

connect
bind
shutdown
getsockname
getpeername
accept
recv
getaddrinfo
listen
freeaddrinfo
WSACleanup
WSAStartup
send
socket
WSAGetLastError
WSASend
setsockopt
WSAIoctl
ioctlsocket
getsockopt
WSASocketW
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
ConvertSidToStringSidA
RegCloseKey
SystemFunction036
GetUserNameW
RegOpenKeyExW

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

ntdll

NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd150cee7ab1ea8ec38fc623ae268d2a8c19647075620d6b0ae153014810cfaf
.exe windows:6 windows x64 arch:x64

07ca5a0669ac84767784433080743075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\gitlab-runner\builds\_fUzhMf8i\0\h3upperbounds\red-team\implant\splinter_core\target\release\deps\implant_exe.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
GetLastError
CreateMutexW
MoveFileExA
GetModuleFileNameW
CreateProcessA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetProcessHeap
HeapFree
LoadLibraryExA
FreeLibrary
HeapAlloc
FormatMessageW
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
RtlVirtualUnwind
DuplicateHandle
GetSystemInfo
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WriteFile
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

ws2_32

connect
bind
shutdown
getsockname
getpeername
accept
recv
getaddrinfo
listen
freeaddrinfo
WSACleanup
WSAStartup
send
socket
WSAGetLastError
WSASend
setsockopt
WSAIoctl
ioctlsocket
getsockopt
WSASocketW
closesocket

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
ConvertSidToStringSidA
RegCloseKey
SystemFunction036
GetUserNameW
RegOpenKeyExW

psapi

GetModuleFileNameExA

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

ntdll

NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

psapi

oleaut32

bcrypt

ntdll

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 16KB - Virtual size: 22KB

.pdata Size: 219KB - Virtual size: 219KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 53KB - Virtual size: 52KB

6597d01edeba223d70085e41a07a7220

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

psapi

oleaut32

bcrypt

ntdll

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 17KB - Virtual size: 30KB

.pdata Size: 227KB - Virtual size: 226KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 55KB - Virtual size: 54KB

c3e4744bca21f5b79c2c9e1e3c7da22d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

psapi

oleaut32

bcrypt

ntdll

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 17KB - Virtual size: 30KB

.pdata Size: 231KB - Virtual size: 231KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 55KB - Virtual size: 55KB

3372e98fa3717ad4887f97d0b20116db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

psapi

oleaut32

bcrypt

ntdll

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 219KB - Virtual size: 219KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 53KB - Virtual size: 52KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 17KB - Virtual size: 30KB

.pdata
Size: 227KB - Virtual size: 226KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 55KB - Virtual size: 54KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 17KB - Virtual size: 30KB

.pdata
Size: 231KB - Virtual size: 231KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 55KB - Virtual size: 55KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 219KB - Virtual size: 219KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 53KB - Virtual size: 52KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 214KB - Virtual size: 213KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 53KB - Virtual size: 52KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 17KB - Virtual size: 30KB

.pdata
Size: 231KB - Virtual size: 230KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 55KB - Virtual size: 55KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 17KB - Virtual size: 30KB

.pdata
Size: 228KB - Virtual size: 227KB

_RDATA
Size: 512B - Virtual size: 348B