Xeno1[.]05[.]rar

Resubmissions

04-10-2024 22:34

241004-2hba4avbnb 3

04-10-2024 22:33

241004-2gmmqsvbla 3

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno1.05.rar
Size

952KB
MD5

636ea2ffa721057fabe293d1aaad71e5
SHA1

026fffac61ab83cc3b5d543d52c35e0d9003c207
SHA256

2c93c44d9ccf3d71a788303b1f33dd332b7ed220af689bdbb83c34360835c7ba
SHA512

8bdb899b68776f73eb3cdb29c461bf650995902c96bf989da93baa72bbe7743756148a574d6111b52993d33b1d90e0fb8d956b79d4955c5534099fe552c0ee63
SSDEEP

24576:vhCKvMahOMblqzxo968PREUCGZnPYoCAie:gKvMiOM8V+6cKUlgoCAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Colorful.Console.dll
unpack001/Xeno1.05.exe

Files

Xeno1.05.rar
.rar

Password: Xeno
Colorful.Console.dll
.dll windows:4 windows x86 arch:x86

Password: Xeno

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\colorful-console\src\Colorful.Console\obj\Debug\netstandard2.0\Colorful.Console.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xeno1.05.exe
.exe windows:6 windows x64 arch:x64

Password: Xeno

f0ad05b45bceef9c9aba787180225192

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

bcrypt

BCryptGenRandom

iphlpapi

GetNetworkParams
GetPerAdapterInfo
GetAdaptersAddresses

kernel32

TlsSetValue
TlsFree
SetLastError
FormatMessageW
GetLastError
GetCPInfoExW
GetConsoleMode
GetFileType
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetExitCodeProcess
CreateProcessW
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
QueryFullProcessImageNameW
CreatePipe
GetCurrentProcess
GetConsoleCP
CloseThreadpoolIo
RaiseFailFastException
GetTickCount64
GetCurrentThread
WaitForSingleObject
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
QueryPerformanceCounter
InitializeCriticalSection
InitializeConditionVariable
WaitForMultipleObjectsEx
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
CreateIoCompletionPort
CreateDirectoryW
CreateFileW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetCurrentProcessorNumberEx
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
InitializeSListHead
GetCurrentProcessId

ole32

CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateGuid
CoInitializeEx
CoUninitialize

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc
calloc

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcsncmp
strcmp
_stricmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

abort
_get_initial_wide_environment
terminate
_crt_atexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_register_onexit_function
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
files/viaversion/config.yml
files/viaversion/viaversion.yml
options.txt
optionsof.txt
optionsshaders.txt
servers.dat
servers.dat_old

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: Xeno

Password: Xeno

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 12B

Password: Xeno

f0ad05b45bceef9c9aba787180225192

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

iphlpapi

kernel32

ole32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 405KB - Virtual size: 404KB

.managed Size: 739KB - Virtual size: 738KB

hydrated Size: - Virtual size: 1.1MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 7KB - Virtual size: 64KB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 405KB - Virtual size: 404KB

.managed
Size: 739KB - Virtual size: 738KB

hydrated
Size: - Virtual size: 1.1MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 7KB - Virtual size: 64KB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB