t-(t[.]zip | Triage

Resubmissions

09-11-2024 21:35

241109-1fk7vasgme 10

09-11-2024 21:32

241109-1dwkssvrbj 10

Sharing

Copy URL

Twitter E-mail

General

Target

t-(t.zip
Size

10.1MB
MD5

a8ae0866553a3ce40f8e11cc6af47445
SHA1

b21684104e7c435d3b4ff4385d404574fc314176
SHA256

9cb690e7cebbc6bf80e2ad11a2013331a4908bbb88fd83012fe5e5c7df9cb511
SHA512

601723a2a8459d6dcdcb23ecdee137938afea13a91009539538bf2c763807bc5ed9d56867f0214ab49a92b7cd128a96ebfa271e8b5097aaed5cfe250a400f1b1
SSDEEP

196608:KvT+jIQTUEZ87/QdkgswrVLxQopKwnSfcLM6Yae8u+dE9WzPgSBLtO72:KvqHTZ8jSs6Vi/fcLvYaRFd908tO72

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/t-(t/BLTools v2.9 [PRO].exe	vmprotect

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/t-(t/AlphaFS.dll
unpack001/t-(t/BLTools v2.9 [PRO].exe
unpack001/t-(t/CookiesCreator.exe
unpack001/t-(t/Extreme.Net.dll
unpack001/t-(t/MaterialDesignColors.dll
unpack001/t-(t/MaterialDesignThemes.Wpf.dll
unpack001/t-(t/Ookii.Dialogs.Wpf.dll

Files

t-(t.zip
.zip
t-(t/AlphaFS.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jjangli\Documents\GitHub\AlphaFS\AlphaFS\obj\Net452\AlphaFS.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/BLTools v2.9 [PRO].exe
.exe windows:6 windows x64 arch:x64

2df38a1ae5759eca19cd2d1b1cc4e208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

DecryptMessage
AcceptSecurityContext
EncryptMessage
ApplyControlToken
DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW
InitializeSecurityContextW
AcquireCredentialsHandleA
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeCredentialsHandle
LsaEnumerateLogonSessions

kernel32

GetModuleHandleA
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
CreateThread
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
DuplicateHandle
CopyFileExW
SetHandleInformation
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
GetSystemInfo
VirtualQueryEx
OpenProcess
GlobalMemoryStatusEx
GetQueuedCompletionStatusEx
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
Sleep
GetSystemDirectoryA
GetEnvironmentVariableA
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
MoveFileExA
CreateFileA
GetFileSizeEx
ReadFile
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
WakeConditionVariable
SetFileCompletionNotificationModes
CreateIoCompletionPort
CancelIoEx
PostQueuedCompletionStatus
SleepConditionVariableSRW
SwitchToThread
GetModuleHandleW
HeapReAlloc
HeapFree
SetThreadStackGuarantee
AddVectoredExceptionHandler
DeleteFileW
GetFileInformationByHandleEx
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
GetLogicalDrives
GetTickCount64
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserPreferredUILanguages
ReleaseSRWLockExclusive
GetLastError
GetFileInformationByHandle
AcquireSRWLockExclusive
WakeAllConditionVariable
CloseHandle
IsDebuggerPresent
ReadProcessMemory
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

SystemFunction036
GetLengthSid
CopySid
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
IsValidSid

ws2_32

WSACloseEvent
recv
getpeername
shutdown
getsockopt
ioctlsocket
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSAEnumNetworkEvents
WSASocketW
WSAIoctl
WSASend
setsockopt
WSAEventSelect
recvfrom
WSAGetLastError
closesocket
send
getsockname
WSACreateEvent
WSAResetEvent
WSASetLastError
WSAWaitForMultipleEvents
htons
socket
ntohs
listen
htonl
accept
select
__WSAFDIsSet
bind
connect
WSARecv
WSAGetOverlappedResult

crypt32

CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CryptStringToBinaryA
CryptUnprotectData
CertFindCertificateInStore
CertFindExtension

oleaut32

SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysFreeString
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayAccessData

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCloseQuery

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable
GetAdaptersAddresses

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree
NetUserEnum

user32

GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

DeleteDC
CreateDCW
CreateCompatibleDC
DeleteObject
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemFree

bcrypt

BCryptGenRandom

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCreateFile
RtlGetVersion
NtQueryInformationProcess
NtQuerySystemInformation

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

memset
__CxxFrameHandler3
memmove
memcmp
strchr
strrchr
strstr
memchr
__C_specific_handler
__current_exception
__current_exception_context
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
strncpy
strcpy
wcslen
isupper
strpbrk
tolower
strncmp
strlen
strspn
strcspn

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
free
_msize
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
__p___argc
__sys_errlist
_exit
exit
_register_onexit_function
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_c_exit
__sys_nerr
_set_app_type
_seh_filter_exe
_endthreadex
_register_thread_local_exe_atexit_callback
_errno
_wassert
abort
_crt_atexit
terminate
_configure_narrow_argv
_beginthreadex
_initterm_e
__p___argv

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
atoi
strtoul
wcstombs

api-ms-win-crt-stdio-l1-1-0

_open
_lseeki64
fopen
fflush
fgets
feof
_read
__stdio_common_vsscanf
ftell
_set_fmode
__p__commode
fclose
__acrt_iob_func
fread
fseek
_close
fputs
_write
fwrite
fputc
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_stat64
_fstat64

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

!��I��e*��o{��c�I'ն1��ͭH�Q��1p�\��S��J�2��{�'�=@�v��Ǎۧ.rz�$��)��>�_�kӷ��iC;{KLY��f_��yd��r��#�ϵ4ۗA��r��J�t1ad��|�x�)��!�^�3��.��c(�PwWf��>�7��^��5��:]=V��SmCV��ɹ��D40 Sa9i��)��R��K'Y� �t�C��ۛ�ou(�+�p� �HfT�0�.�'6+�Oy��#��83��m�Pt\��M�R�|_��ֲʜw"*��p�/�C��?f�͐�߬��6�p2�Z�T��!�̑�f�}\@>P7�>B�l�ܚSB\��y-�@G�\��߼��$$�*5��fE�6+h�� d��_T��-Sl3��rA�tɧX��唆#{��AQe�8�x�j�^O�.�#��_��Hw^*�h U�(��J��fD��&d>7�5r��d8��T�ܺL�GR.�;�E6��1_Z��<�/�Gv�"�-X�$��C��g ��`�N^h��T]3*��PDf�k��"0蹶��J�W�l�� Uo��R |��G鶮xJ�!��Ǆ�B�{S�� :'սt��>�ZFM^��O��9m��Wް�9 ��A��՞��8᾿D�=��j�3Ħ��^\��w��P�2�'�tk0�$Jgũ?Izĸ��^X�32�]w�`<VɁV_uҖ�8��4.=SR��7Lqtr��Tm��3L�ص��Y/��7��9��oLO9tx��ꛅ��F.�'�:��U|/�aM�&�!G�)�J&�7��֝~WTTp8t�Y�"4)�BL� ��5�ן;\n!%�eGn�,%��自.�ѕ5�AA�M�ސ8�:��3��b�둍� �&-Iׄ2��G�3�,��s�V��Ǝ��_��n<b%fN�UƦ�s�g�6RV֬�1܊�4�{[C�I�]|��1� �W�@K��#g+�:�%��(�F�|ײ�Ş;��Y��d+!��N�j��)y�VUͤÙh� =:�8~sщKX�%>w��;_p�]��=�s��Bi �r��&�� 7Rml��qC��(��qp�I��#��* �R:��N�1]-��zG��'��۫"�?qo��&�o�=��7S�t'�x_��*�^ҧqy�Ǚ�v �� ̔��g+#��~��QJ��y�+��`L<o��s��O"/��<��fO�﷙'��)�� &�#��M�ꁤK�h�e7��h��a̞��X��p(��sv�܃ �% �v>�_ߐ@��G*.gFą��m� ��<@+��s��AW��B�Ҽ��.T"5��o�_X<H5&k\��iv�� H��Qʀ�|fEXǡ~� ��\��m$�G�1;u�z��0�y7��vT|�NL}�j��o �%E�-�l�Pt�ק>� ��z��G��;�O��r��\P��\�&�)ې��KǕ<K>P�4��ͮ-OTso��n&fE�q��Q��B��y!^��e� r+��ʝ�>��|�D)�"��>_��<�מnk`��Jr\�Z�e�w��P�t� `Uw�Ք.b]��T��k��g �x�C��yu��8��0�j1ĭ��p�r��&/��i�w��g ͆��H�Y]��a۫P�"��-,T��V�(/(b&"��P#V��[{�( �U��4��'d i\��M ��PcA�>�g�,w!A�>y� ��C��J��,�F��,�*�?gs�۬AY��W�+&�[���\"s�|+Q3��%��O�$�H�N��:H(��URSAl�n��4T�� %�u� �|E��E8��jtĞ�P��u��ji-Ҧ]pk >�Z<��dĵ .l�6Ԇb��h��s�@��,��.J�|��S)��y)"V ��=��i��7F4Ni�B+l~�L��`��v[�� ʰ4��N_��Z<Ʃǻ��]�i�u��C�qg�n�q��-�wc�?H�3��e0�2$#��C�R=��gO��B�Cy=:�ԔRI�!��5�kE��~r�ЛC-.��!ܩj��XGD��>��Ҧ��TV>I�L��T�N�#�t�C� ��!竀'�P`7`�5��e��K��]L��"��N�"Vt�|�p�+�"́��b�յk�J}9N��B�#(��v��V��ha�q*��D��(ܱ��Yq��j��Aq�jKh=>lt��a/�oj�R8�k�,�0��o�C��A<G6�6_Z�,��!�ys��_�G6#^Ma�(�+�f��Qp�C7�>\c��<��"��[��7Ĩ�d#�� M�$��-��G�� ~GKI�6c��s�Եʾ��j/LA�'ԏ�(�5H�Hy�D�� ǣ��Zrn�d��8�3Ylzݥ��sPP�oIN͕C��/��L�&��y0`�O��N��'�H��^�#��Q$��ᰜ#��U٨ �Z�I}��Q��u��*�;��~�7��V�kԲFD>pv�<az �T@9a(V2�H_2r,��V27��1E�e��W��y�)��8�ex�΅Bu�-2+v�b�e��z�ґɐ�crq�/�<xKb�铌��șO`]Cj��l��OIV��D*�4��."]Ǉ��<��aA��Qu�{��"��k��⺷��5g�W�j��X�B�< $��ϧ"A1�G�0p��XRƭ�G�p.�q��㼬�O�Cg��}��Aȥ��Bt��x�GCaw8&a�]{

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/CookiesCreator.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/Extreme.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\scarf\source\repos\Extreme.Net\obj\Debug\Extreme.Net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/License.dll
t-(t/MaterialDesignColors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\MaterialDesignInXamlToolkit\MaterialDesignInXamlToolkit\MaterialDesignColors.Wpf\obj\Release\net462\MaterialDesignColors.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/MaterialDesignThemes.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\MaterialDesignInXamlToolkit\MaterialDesignInXamlToolkit\MaterialDesignThemes.Wpf\obj\Release\net462\MaterialDesignThemes.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/Microsoft.Xaml.Behaviors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:63:8a:cb:ae:08:38:57:4d:ee:95:eb:a6:58:3b:10:80:3d:86:3e:1c:8f:0d:12:62:f5:87:f8:01:ae:17:30
Signer

Actual PE Digest

b2:63:8a:cb:ae:08:38:57:4d:ee:95:eb:a6:58:3b:10:80:3d:86:3e:1c:8f:0d:12:62:f5:87:f8:01:ae:17:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\src\Microsoft.Xaml.Behaviors\obj\Release\net462\Microsoft.Xaml.Behaviors.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/Ookii.Dialogs.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\ookii-dialogs-wpf\ookii-dialogs-wpf\src\Ookii.Dialogs.Wpf\obj\Release\net462\Ookii.Dialogs.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
t-(t/Projects/2Captcha.proj
t-(t/Projects/2dehands.be.proj
t-(t/Projects/2ememain.be.proj
t-(t/Projects/7BitCasino.proj
t-(t/Projects/AIRBNB.proj
t-(t/Projects/AOL Inbox Mail.proj
t-(t/Projects/Ahrefs @Cash_Out_Gang1337.proj
t-(t/Projects/AirBNB payment.proj
t-(t/Projects/Aliexpress.proj
t-(t/Projects/Altenens.is.proj
t-(t/Projects/Azure.com.proj
t-(t/Projects/BING AI @CashOutGang_Chat.proj
t-(t/Projects/Bitcoin Casino.proj
t-(t/Projects/Booking.proj
t-(t/Projects/Brightdata.proj
t-(t/Projects/Carbonite.proj
t-(t/Projects/Cash.App Capture.proj
t-(t/Projects/CashApp.proj
t-(t/Projects/Chaturbate.proj
t-(t/Projects/Codecanyon@Cash_Out_Gang1337.proj
t-(t/Projects/Cracked.io.proj
t-(t/Projects/CrackedIO.proj
t-(t/Projects/Crax Shop.proj
t-(t/Projects/CreativeMarket@Cash_Out_Gang1337.proj
t-(t/Projects/CrowdCube.proj
t-(t/Projects/Crown Office - Net30 Payments.proj
t-(t/Projects/DH Gate.proj
t-(t/Projects/DemonForums - Username Capture.proj
t-(t/Projects/Designs.Ai.proj
t-(t/Projects/Dropbox.proj
t-(t/Projects/Ebay Kaz.proj
t-(t/Projects/Ebay.proj
t-(t/Projects/EbayCheck.proj
t-(t/Projects/Eneba.proj
t-(t/Projects/Envato Elements with Capture.proj
t-(t/Projects/Envato Elements.proj
t-(t/Projects/Epic Games.proj
t-(t/Projects/Escrow.com.proj
t-(t/Projects/Etsy.proj
t-(t/Projects/FIVERR Payment Method.proj
t-(t/Projects/FIVERR 💸.proj
t-(t/Projects/FIVERR.proj
t-(t/Projects/Facebook with Geo.proj
t-(t/Projects/FacebookADS.proj
t-(t/Projects/Figma.proj
t-(t/Projects/Fiverr Capture.proj
t-(t/Projects/Flipkart.proj
t-(t/Projects/Flippa.com.proj
t-(t/Projects/Fourshared.proj
t-(t/Projects/Freecash Com.proj
t-(t/Projects/Gamestop.proj
t-(t/Projects/Gammaapp.proj
t-(t/Projects/GenerateDeps.proj
t-(t/Projects/GitHub.proj
t-(t/Projects/Godaddy Login.proj
t-(t/Projects/Godaddy Shopper ID.proj
t-(t/Projects/Godaddy.proj
t-(t/Projects/Google Ads.proj
t-(t/Projects/Gumroad Balance.proj
.js
t-(t/Projects/Hulu.proj
t-(t/Projects/ICloud.proj
t-(t/Projects/Indiedigo.proj
t-(t/Projects/InfinityFree@Cash_Out_Gang1337.proj
t-(t/Projects/Instacart.proj
t-(t/Projects/Jyriqad.proj
t-(t/Projects/KICK 🎵.proj
t-(t/Projects/KOHO.proj
t-(t/Projects/KRAKEN.proj
t-(t/Projects/Kickstarter.com @Cash_Out_Gang1337.proj
t-(t/Projects/Kinguin.net.proj
t-(t/Projects/Ko-fi.proj
t-(t/Projects/Kohls.proj
t-(t/Projects/LegalZoom.proj
t-(t/Projects/Marriott.proj
t-(t/Projects/Microsoft Office 365 @Cash_Out_Gang1337.proj
t-(t/Projects/Microsoft365.proj
t-(t/Projects/Midasbuy.proj
t-(t/Projects/Monday.com.proj
t-(t/Projects/Motion Array.proj
t-(t/Projects/Mubi.proj
t-(t/Projects/Mukipyf.proj
t-(t/Projects/Niflheim World.proj
t-(t/Projects/Nulled.to.proj
t-(t/Projects/Office365.proj
t-(t/Projects/Ok RU.proj
t-(t/Projects/OnlineSIM.proj
t-(t/Projects/Outlook Mail.proj
t-(t/Projects/PIAPRoxy.proj
t-(t/Projects/POF @CashOutGang_Chat.proj
t-(t/Projects/Paramount.proj
t-(t/Projects/Patreon.proj
t-(t/Projects/Paxful @Cash_Out_Gang1337.proj
t-(t/Projects/Paypal with Capture @CashOutGang_Chat.proj
t-(t/Projects/Paypal.proj
t-(t/Projects/Perplexity.proj
t-(t/Projects/Petsmart.com.proj
t-(t/Projects/Postmates.proj
t-(t/Projects/Proxyscrape.proj
t-(t/Projects/Proxystore.proj
t-(t/Projects/Replit.proj
t-(t/Projects/Rplt.proj
t-(t/Projects/SEM-Rush.proj
t-(t/Projects/SIP Station VOIP.proj
t-(t/Projects/Samsung Payment Method.proj
t-(t/Projects/Samsung Points.proj
t-(t/Projects/Shein.proj
t-(t/Projects/Snapchat @Cash_Out_Gang1337.proj
t-(t/Projects/SoundCloud.proj
t-(t/Projects/Spotify.proj
t-(t/Projects/StockX.proj
t-(t/Projects/TRENDYOL.proj
t-(t/Projects/Temu CC Capture.proj
t-(t/Projects/Temu Products Captured.proj
t-(t/Projects/Temu.proj
t-(t/Projects/TextNow.proj
t-(t/Projects/Trucksmarter.proj
t-(t/Projects/Tumbler.proj
t-(t/Projects/Uber.proj
t-(t/Projects/Ulta.proj
t-(t/Projects/UltraVPN2.proj
t-(t/Projects/Upwork.proj
t-(t/Projects/Vendor Mercuryvmp.proj
t-(t/Projects/VidPros.proj
t-(t/Projects/Vimeo Videos.proj
t-(t/Projects/WISE.proj
t-(t/Projects/Walmart - Full Capture.proj
t-(t/Projects/WalmartCAN.proj
t-(t/Projects/Watyzyg.proj
t-(t/Projects/Wayfair.proj
t-(t/Projects/Willhaben.proj
t-(t/Projects/WinTube.proj
t-(t/Projects/XVideos.proj
t-(t/Projects/Xnxx.proj
t-(t/Projects/ZIllow.proj
t-(t/Projects/Zelenka.proj
t-(t/Projects/Zoho.proj
t-(t/Projects/ZoomInfo.proj
t-(t/Projects/account.xbox.com.proj
t-(t/Projects/amateur.tv.proj
t-(t/Projects/att.proj
t-(t/Projects/capmonster.cloud.proj
t-(t/Projects/carousell_MY.proj
t-(t/Projects/carousell_SG.proj
t-(t/Projects/dba.dk.proj
t-(t/Projects/finn.no.proj
t-(t/Projects/formswift.proj
t-(t/Projects/freelancer.proj
t-(t/Projects/indiegogo.proj
t-(t/Projects/linkedin @Cash_Out_Gang1337.proj
t-(t/Projects/marktplaats.nl.proj
t-(t/Projects/mullvad.net.proj
t-(t/Projects/nebenan.de.proj
t-(t/Projects/njuskalo.hr.proj
t-(t/Projects/office.com.proj
t-(t/Projects/olx.br.proj
t-(t/Projects/otto.de.proj
t-(t/Projects/output.txt
t-(t/Projects/poshmark.com.proj
t-(t/Projects/rucaptcha.com.proj
t-(t/Projects/sexlog.proj
t-(t/Projects/shpock.com.proj
t-(t/Projects/stubhub.proj
t-(t/Projects/subito.it.proj
t-(t/Projects/t.py
t-(t/Projects/xss.proj
t-(t/Projects/zalando.de2.proj
t-(t/Projects/zelenka.guru.proj
.js
t-(t/Projects/zoosk.proj
.js
t-(t/Settings.ini
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube Cookies/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Se unió el 20 ene 2021] [UCQr_OHpZMK0iLFaTO9I127A].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube Cookies/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Дата регистрации 20 нояб. 2023 г.] [UCfdJa1nYUFiArizYsJ5iTPw].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube Cookies/[11 sub] [4 videos] [47 views] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015] [UChLCZbm6sRD7CWwtpgHfDtA].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoBrand.txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoBrand/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Se unió el 20 ene 2021].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoBrand/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Дата регистрации 20 нояб. 2023 г.].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoBrand/[11 sub] [4 videos] [47 views] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoSubscribers.txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoSubscribers/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Se unió el 20 ene 2021].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/NoSubscribers/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Дата регистрации 20 нояб. 2023 г.].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Sorted by Year/2015/[11 sub] [4 videos] [47 views] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Sorted by Year/2021/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Se unió el 20 ene 2021].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Sorted by Year/2023/[0 sub] [0 videos] [0 views] [monetize false] [brand false] [1 channels] [Дата регистрации 20 нояб. 2023 г.].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Subscribers.txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Subscribers/[11 sub] [4 videos] [47 views] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Videos.txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Videos/[4 videos] [11 sub] [47 views] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015].txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Views.txt
t-(t/[Results] Cookies Checker/[16.04.2024] [12.42.58]LOGI 2/YouTube/Views/[47 views] [11 sub] [4 videos] [monetize false] [brand false] [1 channels] [Joined Jan 24, 2015].txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 356KB - Virtual size: 356KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

2df38a1ae5759eca19cd2d1b1cc4e208

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

oleaut32

pdh

iphlpapi

netapi32

user32

gdi32

ole32

bcrypt

shell32

ntdll

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 2.9MB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 30KB

.pdata Size: - Virtual size: 88KB

.vmp0 Size: - Virtual size: 3.5MB

.vmp1 Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 512B - Virtual size: 224B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 118KB - Virtual size: 118KB

.text
Size: 356KB - Virtual size: 356KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 2.9MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 30KB

.pdata
Size: - Virtual size: 88KB

.vmp0
Size: - Virtual size: 3.5MB

.vmp1
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 512B - Virtual size: 224B

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 118KB - Virtual size: 118KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 293KB - Virtual size: 292KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9.1MB - Virtual size: 9.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b2:63:8a:cb:ae:08:38:57:4d:ee:95:eb:a6:58:3b:10:80:3d:86:3e:1c:8f:0d:12:62:f5:87:f8:01:ae:17:30
Signer

.text
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B