4c7081148a218b609dca62b2ce1106e4a2e075671b0fb64352056cd6e58e7873

Sharing

Copy URL

Twitter E-mail

General

Target

4c7081148a218b609dca62b2ce1106e4a2e075671b0fb64352056cd6e58e7873
Size

18.7MB
MD5

108f04f34103c17df326ed15796773af
SHA1

cfe188485d181f32a411bf74480d367776e79143
SHA256

4c7081148a218b609dca62b2ce1106e4a2e075671b0fb64352056cd6e58e7873
SHA512

5cfe0a93c161cb0b1ddb1fe4296b5bccca41d1d450988b21fe3c925128f2e24d4b781c849d442325d849f2ab31187f9b5749a475e072b2ceb7a70d2f09f879e1
SSDEEP

393216:It2dL3J4poAWVA+3v0djDRlzlear0T5MmkoDHl7fAH//M75bv13O:IEdL3J2WgxlzQaroj1bl74H/Y5bv1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/infected/Furk Ultra_10298.exe
unpack001/infected/RobloxSynapceX Cracked.exe
unpack001/infected/Setup x64.exe
unpack001/infected/best-setup_FLc4rckO.exe

Files

4c7081148a218b609dca62b2ce1106e4a2e075671b0fb64352056cd6e58e7873
.zip
infected/Furk Ultra_10298.exe
.exe windows:6 windows x86 arch:x86

5a54bb5ed8b8908dadbf6ee4a14eeaf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
DeleteFileW
GetVolumeInformationW
CreateProcessW
CloseHandle
Process32FirstW
Process32NextW
Sleep
CreateToolhelp32Snapshot
GetFileAttributesW
CreateFileW
GetTempPathW
GetModuleFileNameW
WriteFile
LocalFree
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetCommandLineW
SizeofResource
ReadDirectoryChangesW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
FillConsoleOutputAttribute
WriteConsoleInputW
CreateFileA
ReadConsoleInputW
FillConsoleOutputCharacterW
SetConsoleCursorInfo
GetConsoleCursorInfo
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
MultiByteToWideChar
GetLastError
FormatMessageW
WideCharToMultiByte
GetStringTypeW
GetCurrentThreadId
WaitForSingleObjectEx
SwitchToThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateThread
SetThreadPriority
GetThreadPriority
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
DuplicateHandle
ReleaseSemaphore
UnregisterWaitEx
LoadLibraryW
WaitForSingleObject
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
GetStdHandle
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
GetFileSizeEx
SetFilePointerEx
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
GetFileAttributesExW
ReadFile
SetConsoleCtrlHandler
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
GlobalUnlock
GlobalLock
GlobalSize
MulDiv
GlobalFree
GlobalAlloc
LocalAlloc
lstrlenW
LocalSize
GetModuleFileNameA
LoadLibraryExA
GetEnvironmentVariableW
InitializeCriticalSectionEx
GetTempPathA
GetTempFileNameA
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
VerSetConditionMask
GetComputerNameW
VerifyVersionInfoW
FindFirstFileW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetFilePointer
UnmapViewOfFile
FlushViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
AllocConsole
lstrcmpW
InitializeCriticalSection
WaitForMultipleObjects
CreateSemaphoreA
CreateEventA
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
SetHandleInformation
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
GetNamedPipeHandleStateA
WaitNamedPipeW
ConnectNamedPipe
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileInformationByHandle
MoveFileExW
CopyFileW
LoadLibraryA
FormatMessageA
DebugBreak

user32

PeekMessageW
TranslateMessage
MessageBoxW
DispatchMessageW
PostMessageW
GetMessageW
IsWindowVisible
AnimateWindow
SetWindowPos
GetWindowRect
SetWindowLongW
GetWindowLongW
UpdateLayeredWindow
SetCursor
MapWindowPoints
UpdateWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
DestroyIcon
KillTimer
GetParent
IsWindow
SendMessageW
InvalidateRect
GetClientRect
GetSystemMetrics
AdjustWindowRectEx
CreateWindowExW
DestroyWindow
GetWindow
EnableWindow
SetActiveWindow
LoadIconW
LoadCursorW
RegisterClassExW
PostQuitMessage
DefWindowProcW
GetCursorPos
GetDesktopWindow
MoveWindow
IsWindowEnabled
RegisterClassW
RedrawWindow
WindowFromPoint
GetWindowThreadProcessId
GetWindowTextW
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
IsWindowUnicode
SystemParametersInfoW
GetClassLongW
SetWindowsHookExW
EnumThreadWindows
EndDeferWindowPos
SetCapture
GetUpdateRect
IsRectEmpty
GetMessageTime
UnhookWindowsHookEx
GetSysColor
GetDoubleClickTime
CallMsgFilterW
IsChild
ClientToScreen
GetMonitorInfoW
SetTimer
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
SetClassLongW
GetActiveWindow
GetScrollInfo
NotifyWinEvent
SetWindowTextW
CallNextHookEx
ScreenToClient
MonitorFromWindow
GetDC
MonitorFromPoint
GetMessageExtraInfo
GetKeyState
DeferWindowPos
SetScrollInfo
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyCaret
FindWindowW
GetKeyboardLayout
CreateCaret
SetCaretPos
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
CloseClipboard
CountClipboardFormats
EnumClipboardFormats
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
LoadStringW
MessageBeep
DestroyCursor
LoadCursorFromFileA
CreateIconIndirect
GetIconInfo
DrawIconEx
MessageBoxA
GetQueueStatus
PostThreadMessageW
MsgWaitForMultipleObjects
SetWinEventHook
DispatchMessageA
MapVirtualKeyW
GetMessageA
ShowWindow
GetWindowPlacement

shell32

ord74
SHGetFileInfoW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
ord727
ShellExecuteExW

ole32

ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
OleUninitialize
OleInitialize
CoTaskMemAlloc

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetSetOptionW
HttpSendRequestA
InternetErrorDlg
InternetQueryOptionW
HttpOpenRequestA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpQueryInfoW

urlmon

FindMimeFromData

oleacc

LresultFromObject
AccessibleObjectFromWindow

uxtheme

IsThemeBackgroundPartiallyTransparent
CloseThemeData
DrawThemeBackground
GetThemePartSize
SetWindowTheme
OpenThemeData

imm32

ImmAssociateContextEx
ImmGetContext
ImmIsIME
ImmNotifyIME
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmReleaseContext

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy

ws2_32

WSASocketW
listen
shutdown
WSASend
socket
bind
select
WSARecvFrom
getsockopt
htons
WSAIoctl
ioctlsocket
FreeAddrInfoW
GetAddrInfoW
closesocket
WSAGetLastError
setsockopt
WSARecv
WSAStartup
WSASetLastError

winmm

timeKillEvent
timeGetTime
timeEndPeriod
timeBeginPeriod
timeSetEvent
PlaySoundW

usp10

ScriptApplyDigitSubstitution
ScriptBreak
ScriptItemize
ScriptShape
ScriptPlace
ScriptFreeCache

gdi32

RestoreDC
SetViewportOrgEx
SaveDC
GetClipBox
SetLayout
StartDocW
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
StartPage
SetMapMode
BitBlt
EndPage
GetDeviceCaps
CreateCompatibleDC
GetStockObject
CreateDCW
GetFontUnicodeRanges
EnumFontFamiliesExW
CreateFontW
GetObjectA
GetGlyphIndicesW
CreateBitmap
GetDIBits
GetObjectW
AddFontMemResourceEx
EndDoc

winspool.drv

ord203

comdlg32

GetSaveFileNameW
PrintDlgW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

oleaut32

SafeArrayDestroy
SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen

gdiplus

GdipGetWorldTransform
GdipDrawDriverString
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipCreateBitmapFromGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFont
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipSetPenDashOffset
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipDrawPath
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipGetCellAscent
GdipGetFontSize
GdipGetEmHeight
GdipGetCellDescent
GdipDrawString
GdipAddPathString
GdipGetFontStyle
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1000KB - Virtual size: 999KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected/Installer.exe
.exe windows:10 windows x64 arch:x64

4cea7ae85c87ddc7295d39ff9cda31d1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

22-12-2014 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2
Certificate

Issuer

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24-06-2016 00:00

Not After

30-05-2020 23:59

Subject

CN=NetSetMan GmbH,O=NetSetMan GmbH,POSTALCODE=76227,STREET=Oberwaldstr. 22,L=Karlsruhe,ST=BW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

22-12-2014 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2
Certificate

Issuer

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24-06-2016 00:00

Not After

30-05-2020 23:59

Subject

CN=NetSetMan GmbH,O=NetSetMan GmbH,POSTALCODE=76227,STREET=Oberwaldstr. 22,L=Karlsruhe,ST=BW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:09:f8:d9:2f:1d:93:63:91:05:f9:8f:41:a6:3b:b3:66:b0:a7:ca:f0:1b:db:22:9d:07:17:08:86:43:10:cc
Signer

Actual PE Digest

b3:09:f8:d9:2f:1d:93:63:91:05:f9:8f:41:a6:3b:b3:66:b0:a7:ca:f0:1b:db:22:9d:07:17:08:86:43:10:cc

Digest Algorithm

sha256

PE Digest Matches

false

b7:51:41:0a:ac:20:26:08:c9:8c:a5:8b:73:51:0b:6b:46:8a:73:93
Signer

Actual PE Digest

b7:51:41:0a:ac:20:26:08:c9:8c:a5:8b:73:51:0b:6b:46:8a:73:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
LoadLibraryExA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalAlloc
lstrcmpA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetShortPathNameA
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
FindClose

gdi32

GetDeviceCaps

user32

ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetSystemMetrics
CallWindowProcA
SetWindowTextA
MessageBoxA
SendDlgItemMessageA
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
GetWindowLongPtrA
SetWindowLongPtrA
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
LoadStringA
CharPrevA
EndDialog
MessageBeep
ExitWindowsEx
SetDlgItemTextA
CharUpperA
GetDesktopWindow
PeekMessageA
GetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memset
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnprintf
_initterm
memcpy

comctl32

ord17

cabinet

ord20
ord21
ord23
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected/RobloxSynapceX Cracked.exe
.exe windows:6 windows x86 arch:x86

aa48afbaed2c82eff98301a694f0b05c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowCursor

advapi32

AuditFree

kernel32

CreateFileW
GetProcAddress
GetCurrentProcess
FreeConsole
VirtualProtectEx
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
WriteConsoleW
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
ReadConsoleW

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected/Setup x64.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

a5./*`{S
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected/best-setup_FLc4rckO.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a54bb5ed8b8908dadbf6ee4a14eeaf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

wininet

urlmon

oleacc

uxtheme

imm32

comctl32

ws2_32

winmm

usp10

gdi32

winspool.drv

comdlg32

advapi32

oleaut32

gdiplus

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1000KB - Virtual size: 999KB

.data Size: 143KB - Virtual size: 168KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 298KB - Virtual size: 298KB

4cea7ae85c87ddc7295d39ff9cda31d1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1fCertificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2Certificate

Extended Key Usages

Key Usages

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1fCertificate

Extended Key Usages

Key Usages

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b3:09:f8:d9:2f:1d:93:63:91:05:f9:8f:41:a6:3b:b3:66:b0:a7:ca:f0:1b:db:22:9d:07:17:08:86:43:10:ccSigner

b7:51:41:0a:ac:20:26:08:c9:8c:a5:8b:73:51:0b:6b:46:8a:73:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 31KB - Virtual size: 30KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1000KB - Virtual size: 999KB

.data
Size: 143KB - Virtual size: 168KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 298KB - Virtual size: 298KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2
Certificate

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

a7:9f:f2:92:2c:60:88:d9:fc:e5:61:ee:dc:83:c3:f2
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b3:09:f8:d9:2f:1d:93:63:91:05:f9:8f:41:a6:3b:b3:66:b0:a7:ca:f0:1b:db:22:9d:07:17:08:86:43:10:cc
Signer

b7:51:41:0a:ac:20:26:08:c9:8c:a5:8b:73:51:0b:6b:46:8a:73:93
Signer

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 793KB - Virtual size: 793KB

.reloc
Size: 512B - Virtual size: 32B

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 181KB - Virtual size: 184KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

a5./*`{S
Size: 3.2MB - Virtual size: 3.2MB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rsrc
Size: 111KB - Virtual size: 110KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 8KB