Retarded Nigger 2024[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Retarded Nigger 2024.zip
Size

21.7MB
MD5

77c232adb4ab9f4919d82a3a2cc72246
SHA1

994efdf00f2f89ae57833de378c17a66ce94e643
SHA256

bd7a853e20ec918539038278bb788fea3314d1da09e7f75608d13a8cd2436362
SHA512

c939c5ad357ce18882c21b205d5fbcba20f7deaad6556229cdc5e265416168b74e6ebe214e2edfc91c6f248c88c436893eb215ce5e081d14bc96bccf91ad8057
SSDEEP

393216:aKiW0JS2OD2FNeBBEfxVKfcX5Vi+D2vXs2Ju8aDAGHimE//suXiYuX+wzsyrVG:aENbeNMqvDzF2Ju1AGHNjuXif+wzTw

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tmpfile-main/0000000r00d000r3.exe
unpack001/tmpfile-main/Exterm.exe
unpack001/tmpfile-main/Gaming Chair.exe
unpack001/tmpfile-main/Node32.exe
unpack001/tmpfile-main/Node63.exe
unpack001/tmpfile-main/Node64.exe
unpack001/tmpfile-main/Sobfox.exe
unpack001/tmpfile-main/stTfuo7I.exe
unpack001/tmpfile-main/stTfuo8I.exe

Files

Retarded Nigger 2024.zip
.zip
tmpfile-main/0000000r00d000r3.exe
.exe windows:6 windows x64 arch:x64

3283db44436f9cda0258af37cca51bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

ntdll

NtQuerySystemInformation

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

��h��z��D~�h"��- ��)�D�u��s�Y��D�� -��t��T��o"1Q!�>@YT�~s�X'�!�z<�h��vrw��z�)��M1��Y��J&�Ƨ��N�H=0�%Z��B�RsS��~��*��-�Ys�} O� ��1�Rt�A��c�ťgdKK�W��hGPᙚ��>��D��>��vn'�)>�4��V�N��v�o� �� x��2V�A�4~�ԍ6m=g(?��{\"s��S|�� Ϟ�1S�=:ٮx��+֌>pJ�-��% �݇��1�ظlGMYi��5��:җ �tǨ��z�#��+�HR�H�~��w@�HE`�h�F�%��",�/�`L��,�Ó��[ ��n?7GR�[r�' ��w�wy�KS��7�cC��?&��zc��!*R��Ҽĭ< z�}�1]�y@[1��Y�e�5)�0DP/W��#5��E1`�R�q��ܐ�Bl�7�/�}��JW��`�هY�4F�}�Ѫ֓-i��&��h!�P��`�iL>�w[�A��3+�j"��[<ϊj�X�J��c�V@�:�O+ev��z1�"��M �s�ĳ��G�5��s�F��]7fzS�敖s@��m3��X�?��-D9��~��F`�� i}{��sa��2��N��1��i��WW^C=��xL��j�zK��ofQ�XJ��p��uԥ�`x6A"�V}�3��#fݬ��I�>��a&��,�6��z�`bC߰_�^n��Wj� i��)�L��`=1y�"x��T��u�o�RV�&��hH'p�o ��>�蕲U��)f��Q� �4�e�^�k�'�J��s��P��_uԄ:��1��I��KS��ӕ�QW��)c]ay'�m�f��L�� *@�~�6|��σ!0G�r5t[�y*8�Z�}�E��ȞB�1ĻMD�~��E=B: P1g-��\ޡ��U��U��]�!m�UG��í�0��r�vٙذt��jd��c�&��$�_"K��s�p�q�K��"iC��%Bس�G|�؀��P��K��T�U��~��:gJ'=f P��3�'�QkR�ϠRɖ��^�k��CX�~~�Sq�<�p�kqo��K��K��RZ�fx\�^Wcb-�-pZ(mS[��Vq�J��'�9P��J@=r#o�R\��S�y��a ��#��h��f�J��ܒ��ߍQ̻�� DG6_�.�uyUM)Y��X��N%�)�.Ni0>*�b(�F�9�7R�f��c|��`��|��x�̹��=�G�QIU>O�x��]�֤�`r9�DZ��v��h�KRki��[��{�wI*BH��J/Z?}U�uc��8[�O��{-��N��?�M��\�j-��|���0����<=�vf��谲ƅm\DmH?d�U�S�<)q��7/p7w��C��6�;~��*1�`7;P��봧��.��u�מ��_7��&Xy��-'�{03*ڃ �f�1��죬ug��Q��j�獿X� 8��,�/4��q�MJ�,�8�%+7+hM�K/#mK=��X��> �=�e�-�Z��c��F� �Qx�� %Ӡ�[G� ��8�0^)�ȃ�mi��TL�� >_Bo9�z�G�> ��f. �j�R�Q��Pb*�ث.��E�z��I>xήYk�vŋ��%�hE�Z�V��M�V6/��ך�j�"�%��i$��2��yk$��F��0�B��ӑ�胤ň}9G�gO }�S��L+��VlZ��E�u�~�;�d��ō��u��¸�%�W��:��:�nj� �¤��q��\r�=�}��T:W��q6 ��n��]��vrA� L�ه�q�J��X�{��{�:��f�(��r�P��+�U^Q�Q��r �$��d�_�S5�456�t��#�0�;io 6�m=��Z�Q�Y��m��K}��( lڀ��G靚�(��SQ��М�ܡ7;̹�}�'4��S��&�H��lhI@��*��Z>��Q4IT�-;��Yw�OD�}�� ۆ�� Gm��"y�Nk7;��j� �I7�ڏ9{o@�$��"��k�ݙ0��9:�-C��gdFͷ��EMN��"�7t]��[�5(��~�[��i��]a��{�e4��_�\=�9��#6��7��zr��nB��>s�|��_�9��N��ȉ`u�fd�}��`f�{�� ;�+Q]�� N@�le��97�74�GcJ0 |s��h��d��%L�c��1y3��i$��,�J�E�dL�l�ƽ�r ��%@#C�y�G9X7N�@:�7��{��:�Bm�D��%�Ict�Fʽ��se� ��vy��#t��P3Li��!�*��ҳ�nJb��-�"e�~O^��H��M��iiI��|:\�n�� c�B��c��F�"/B� ��:ZQy��HîS�Sd�Y��f�QG ʱv�FV��.��@DC4:��t�P!Q4do�08H+ߟ4��|�[��H��?lR+��<�� W�]o�ɴ�OR)��s��S� M��)�2l$J��n��|k��r锏RA*��h,S1�]׼�cja�ث�_=�T��&��O0�d �n�� ސw�^Q�h��d=%q��1o�D�T�ł��6�7�2arc�N;o�ɟ�$J"��r��@�%H5�� P�l�E*�-ܤ/v��2B��'O@�{��I*y��~��G�(��@��N��O)t(��E�

Sections

.gala
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xys23
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prom
Size: - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ax512
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_gbit_
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2024
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tiko
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.limco
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dino
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tmpfile-main/Exterm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmpfile-main/Gaming Chair.exe
.exe windows:6 windows x86 arch:x86

6b7988a683630b777528ba0ecd834ddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\My Source\AbuserMTA-Injector\Release\AbuserMTA-Injector.pdb

Imports

kernel32

GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
GetConsoleCursorInfo
InitializeCriticalSectionEx
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
SetConsoleCursorInfo
Process32Next
CloseHandle
DeleteCriticalSection
ExitProcess
SetConsoleTitleA
GetConsoleWindow
lstrcmpiA
WriteProcessMemory
LoadLibraryA
VirtualProtectEx
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
IsDebuggerPresent
OutputDebugStringW
GetConsoleScreenBufferInfo
Process32First
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

MoveWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SetLayeredWindowAttributes

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcp140

?good@ios_base@std@@QBE_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__CxxFrameHandler3
__std_terminate
__std_exception_copy
memset
_CxxThrowException
__current_exception
_except_handler4_common
__current_exception_context
__std_exception_destroy
memcpy

api-ms-win-crt-runtime-l1-1-0

system
_register_thread_local_exe_atexit_callback
__p___argv
terminate
_controlfp_s
_beginthreadex
_get_initial_narrow_environment
__p___argc
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_c_exit
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�!�T�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tmpfile-main/Node32.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmpfile-main/Node63.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Unknown\Desktop\Malware\Malware\obj\Debug\Malware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmpfile-main/Node64.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmpfile-main/Sobfox.exe
.exe windows:5 windows x64 arch:x64

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tmpfile-main/stTfuo7I.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

text
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tmpfile-main/stTfuo8I.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3283db44436f9cda0258af37cca51bae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

wtsapi32

user32

Exports

Exports

Sections

.gala Size: - Virtual size: 185KB

.xys23 Size: - Virtual size: 100KB

.prom Size: - Virtual size: 889KB

.ax512 Size: - Virtual size: 10KB

_gbit_ Size: - Virtual size: 348B

.2024 Size: - Virtual size: 2.5MB

.tiko Size: 4.9MB - Virtual size: 4.9MB

.limco Size: 512B - Virtual size: 224B

.dino Size: 512B - Virtual size: 480B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 827KB - Virtual size: 827KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

6b7988a683630b777528ba0ecd834ddc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 944B

�!�T�u� Size: 16KB - Virtual size: 20KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 304KB - Virtual size: 304KB

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.gala
Size: - Virtual size: 185KB

.xys23
Size: - Virtual size: 100KB

.prom
Size: - Virtual size: 889KB

.ax512
Size: - Virtual size: 10KB

_gbit_
Size: - Virtual size: 348B

.2024
Size: - Virtual size: 2.5MB

.tiko
Size: 4.9MB - Virtual size: 4.9MB

.limco
Size: 512B - Virtual size: 224B

.dino
Size: 512B - Virtual size: 480B

.text
Size: 827KB - Virtual size: 827KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 944B

�!�T�u�
Size: 16KB - Virtual size: 20KB

.text
Size: 304KB - Virtual size: 304KB

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 306KB - Virtual size: 306KB

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 57KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 864B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 2KB - Virtual size: 2KB

text
Size: - Virtual size: 232KB

data
Size: 4.9MB - Virtual size: 4.9MB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B