LOADING[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LOADING.zip
Size

4.0MB
MD5

2cf9b1aab7c7aa470f457fc2ed2f3bb5
SHA1

2292344958f96c51ad03c5b98f8275dd3efccb0c
SHA256

ed0bf97c230319da73af8d5e8f1bcb6be6bd414e2493bf86ee0b392279c69bfd
SHA512

69e255b66472cec68f9a5519d5fc963ce0561bda237b42ad7244bf1d32790d368f251bfb1e6b907ed09d7663e4cca79495fab75b49798ab6bbbd4e0d534bd9d4
SSDEEP

98304:nDCg7bX3w9FCvi3HowyeTL8cMMOB6xO8FxAsqnBRwyeTL8cMMOB6xO8FQVuHx7al:nGOn0cviXJnf8cMMiYzKMnf8cMMiYz8N

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LOADING/bin/Debug/CeleryIn.bin
unpack001/LOADING/bin/Debug/CeleryInject.exe
unpack001/LOADING/bin/Debug/FastColoredTextBox.dll
unpack001/LOADING/bin/Debug/LOADING.exe
unpack001/LOADING/bin/Debug/NiggaSploit.dll
unpack001/LOADING/obj/Debug/LOADING.exe
unpack001/LOADING/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll

Files

LOADING.zip
.zip
LOADING.sln
LOADING/App.config
LOADING/Fix.Designer.cs
LOADING/Fix.cs
LOADING/Fix.resx
.vbs
LOADING/Form1.Designer.cs
LOADING/Form1.cs
LOADING/Form1.resx
.vbs
LOADING/Form2.Designer.cs
LOADING/Form2.cs
LOADING/Form2.resx
.vbs
LOADING/Form3.Designer.cs
LOADING/Form3.cs
LOADING/Form3.resx
.vbs
LOADING/Functions.cs
LOADING/Home.Designer.cs
LOADING/Home.cs
LOADING/Home.resx
.vbs
LOADING/LOADING.csproj
LOADING/Program.cs
LOADING/Properties/AssemblyInfo.cs
LOADING/Properties/Resources.Designer.cs
.vbs
LOADING/Properties/Resources.resx
.vbs
LOADING/Properties/Settings.Designer.cs
LOADING/Properties/Settings.settings
LOADING/Resources/5361112.jpg
.jpg
LOADING/Resources/icons8-attach-21.png
.png
LOADING/Resources/icons8-blur-56.png
.png
LOADING/Resources/icons8-knife-21.png
.png
LOADING/Resources/icons8-open-file-21.png
.png
LOADING/Resources/icons8-save-file-21.png
.png
LOADING/Resources/icons8-trash-21.png
.png
LOADING/Scriptshub.Designer.cs
LOADING/Scriptshub.cs
LOADING/Scriptshub.resx
.vbs
LOADING/bin/Debug/CeleryIn.bin
.dll windows:6 windows x64 arch:x64

fe78118d64d767d704fee2343d26ea59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeaps
HeapWalk
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
memcpy

api-ms-win-crt-string-l1-1-0

tolower
strlen

api-ms-win-crt-convert-l1-1-0

_ui64toa_s
_gcvt_s
_itoa_s
_itoa

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
exit
_initialize_narrow_environment
_cexit
_configure_narrow_argv
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

celerycmd
icallback
init
test

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/bin/Debug/CeleryInject.exe
.exe windows:6 windows x64 arch:x64

46310f9cc3d737e79880b9e8a77b58ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Javan\Desktop\Projects\Release\CeleryInject.pdb

Imports

kernel32

GetThreadContext
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
lstrcpynW
lstrcpyW
lstrcatW
lstrlenW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32EnumProcessModules
K32GetModuleFileNameExW
K32QueryWorkingSetEx
GetCurrentProcess
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQueryEx
OpenProcess
lstrcmpiW
Process32FirstW
Process32NextW
SuspendThread
GetThreadPriority
OpenThread
GetLastError
CloseHandle
GetTempPathW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
lstrlenA
Sleep
TerminateProcess
InitializeSListHead
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

FindWindowA
FindWindowW

msvcp140

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?fail@ios_base@std@@QEBA_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Lockit@std@@QEAA@XZ

urlmon

URLOpenBlockingStreamA

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryInformationProcess

shlwapi

PathRemoveFileSpecW

vcruntime140

memmove
memchr
memcmp
__std_exception_destroy
__std_exception_copy
_purecall
strchr
memset
__current_exception
__current_exception_context
_CxxThrowException
__C_specific_handler
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_set_app_type
__p___argv
_seh_filter_exe
_cexit
_crt_atexit
system
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
terminate
_configure_narrow_argv
_errno
_invalid_parameter_noinfo_noreturn
exit
__p___argc

api-ms-win-crt-string-l1-1-0

isupper
strnlen
strpbrk
toupper
_memicmp
isdigit
strspn
tolower
strncat
strncpy
strncmp
strcspn
islower
isalpha
isalnum
iscntrl
isxdigit
isspace
isgraph
ispunct

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_get_stream_buffer_pointers
_set_fmode
setvbuf
__stdio_common_vsnprintf_s
fwrite
_fseeki64
fsetpos
fread
__p__commode
fputc
__stdio_common_vfwprintf
fgetpos
__acrt_iob_func
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
fflush
ungetc
fgetc
_wfopen

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
atoi
strtod

api-ms-win-crt-filesystem-l1-1-0

_waccess_s
_unlock_file
_lock_file
_wstat64

api-ms-win-crt-time-l1-1-0

clock
_difftime64
_gmtime64_s
_localtime64_s
strftime
_time64

api-ms-win-crt-math-l1-1-0

tanh
_dsign
cosh
sqrt
floor
frexp
modf
sinh
round
floorf
acos
sin
cos
pow
asin
atan
tan
atan2
log2
log10
ldexp
log
fmod
__setusermatherr
ceil
exp
ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/bin/Debug/FastColoredTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\wrk\github\FastColoredTextBox\FastColoredTextBox\obj\Release\FastColoredTextBox.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/bin/Debug/LOADING.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Behser\source\repos\LOADING\LOADING\obj\Debug\LOADING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/bin/Debug/LOADING.exe.config
LOADING/bin/Debug/LOADING.pdb
LOADING/bin/Debug/NiggaSploit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\White Cat\Downloads\km\EvolveAPI\obj\Release\NiggaSploit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/bin/Debug/Scripts/Btools.txt
LOADING/bin/Debug/Scripts/Explor.txt
LOADING/bin/Debug/Scripts/F3x.txt
LOADING/bin/Debug/Scripts/Fling.txt
LOADING/bin/Debug/Scripts/Fly script.txt
LOADING/bin/Debug/Scripts/MoreUnc.txt
.js
LOADING/bin/Debug/Scripts/Print Soon.txt
LOADING/bin/Debug/Scripts/UncTest.txt
.js
LOADING/bin/Debug/Scripts/inf Yiel script.txt
LOADING/favicon.ico
LOADING/obj/Debug/.NETFramework,Version=v4.8.AssemblyAttributes.cs
LOADING/obj/Debug/DesignTimeResolveAssemblyReferences.cache
LOADING/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
LOADING/obj/Debug/LOADING.Fix.resources
LOADING/obj/Debug/LOADING.Form1.resources
LOADING/obj/Debug/LOADING.Form2.resources
LOADING/obj/Debug/LOADING.Form3.resources
LOADING/obj/Debug/LOADING.Home.resources
LOADING/obj/Debug/LOADING.Properties.Resources.resources
LOADING/obj/Debug/LOADING.Scriptshub.resources
LOADING/obj/Debug/LOADING.csproj.AssemblyReference.cache
LOADING/obj/Debug/LOADING.csproj.CoreCompileInputs.cache
LOADING/obj/Debug/LOADING.csproj.FileListAbsolute.txt
LOADING/obj/Debug/LOADING.csproj.GenerateResource.cache
LOADING/obj/Debug/LOADING.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Behser\source\repos\LOADING\LOADING\obj\Debug\LOADING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOADING/obj/Debug/LOADING.pdb
LOADING/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe78118d64d767d704fee2343d26ea59

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 40B

46310f9cc3d737e79880b9e8a77b58ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

urlmon

ntdll

shlwapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 735KB - Virtual size: 734KB

.data Size: 100KB - Virtual size: 107KB

.pdata Size: 133KB - Virtual size: 133KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 295KB - Virtual size: 295KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 819KB - Virtual size: 819KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 40B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 735KB - Virtual size: 734KB

.data
Size: 100KB - Virtual size: 107KB

.pdata
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 295KB - Virtual size: 295KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 819KB - Virtual size: 819KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 141KB - Virtual size: 141KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 819KB - Virtual size: 819KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B