sushi[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sushi.zip
Size

1.6MB
MD5

783079852ce3146f70f1aa2a6ab7a7af
SHA1

a284e707a4d652f9ce752013e60d0237e480b81d
SHA256

a2e8bc403a5538730879d16b4a98686cf5562b822a431d40fffa7ab7f923bafd
SHA512

25b56dd9939608f26056e92d33eb29329876a34771932441ef8d73a07995c6700652e4e7e5a1117ef8ef3fe619b27e451dfa8780480e4fa59552ff4f0ebfb5f5
SSDEEP

49152:Sn+pQs8DpeSPGBl+V2YTKg7Pn0etBZxRgd:SlLDsiRu+La

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sushi/Classes/account.exe

Files

sushi.zip
.zip
sushi/AccountManager.Designer.cs
sushi/AccountManager.cs
.js
sushi/AccountManager.resx
.vbs
sushi/App.config
sushi/Classes/1obf.bat
sushi/Classes/Account.cs
.js
sushi/Classes/AccountBrowser.cs
.js
sushi/Classes/AccountRenderer.cs
sushi/Classes/Avatar.cs
sushi/Classes/AvatarControl.Designer.cs
sushi/Classes/AvatarControl.cs
.js
sushi/Classes/AvatarControl.resx
.vbs
sushi/Classes/Batch.cs
.js
sushi/Classes/BorderedRichTextBox.cs
.js
sushi/Classes/BorderedTextBox.cs
.js
sushi/Classes/ClientSettingsPatcher.cs
sushi/Classes/Cryptography.cs
.js
sushi/Classes/Field.Designer.cs
sushi/Classes/Field.cs
sushi/Classes/Field.resx
.vbs
sushi/Classes/GameClass.cs
sushi/Classes/GameControl.Designer.cs
sushi/Classes/GameControl.cs
sushi/Classes/GameControl.resx
.vbs
sushi/Classes/GameInstance.cs
sushi/Classes/GameInstancesCollection.cs
sushi/Classes/GamePlayer.cs
sushi/Classes/IniFile.cs
.js
sushi/Classes/MenuButton.cs
sushi/Classes/MissingAssetControl.Designer.cs
sushi/Classes/MissingAssetControl.cs
.js
sushi/Classes/MissingAssetControl.resx
.vbs
sushi/Classes/NBTabControl.cs
.vbs
sushi/Classes/Presence.cs
.js
sushi/Classes/ProductInfo.cs
sushi/Classes/Program.cs
.js
sushi/Classes/RobloxProcess.cs
.js
sushi/Classes/RobloxWatcher.cs
.js
sushi/Classes/Server.cs
sushi/Classes/Utilities.cs
.js
sushi/Classes/WM.cs
sushi/Classes/WebServer.cs
.js
sushi/Classes/account.exe
.exe windows:6 windows x86 arch:x86

40ab50289f7ef5fae60801f88d4541fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
QueryPerformanceFrequency
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVolumeInformationW
GetVersion
GetDriveTypeW
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
RegCloseKey

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sushi/Classes/avatar.bat
sushi/FodyWeavers.xml
sushi/FodyWeavers.xsd
sushi/Forms/AccountFields.Designer.cs
sushi/Forms/AccountFields.cs
sushi/Forms/AccountFields.resx
.vbs
sushi/Forms/AccountUtils.Designer.cs
sushi/Forms/AccountUtils.cs
.js
sushi/Forms/AccountUtils.resx
.vbs
sushi/Forms/ArgumentsForm.Designer.cs
sushi/Forms/ArgumentsForm.cs
sushi/Forms/ArgumentsForm.resx
.vbs
sushi/Forms/ImportForm.Designer.cs
sushi/Forms/ImportForm.cs
sushi/Forms/ImportForm.resx
.vbs
sushi/Forms/MissingAssets.Designer.cs
sushi/Forms/MissingAssets.cs
sushi/Forms/MissingAssets.resx
.vbs
sushi/Forms/RecentGamesForm.Designer.cs
sushi/Forms/RecentGamesForm.cs
sushi/Forms/RecentGamesForm.resx
.vbs
sushi/Forms/ServerList.Designer.cs
sushi/Forms/ServerList.cs
.js
sushi/Forms/ServerList.resx
.vbs
sushi/Forms/SettingsForm.Designer.cs
sushi/Forms/SettingsForm.cs
sushi/Forms/SettingsForm.resx
.vbs
sushi/Forms/ThemeEditor.Designer.cs
sushi/Forms/ThemeEditor.cs
sushi/Forms/ThemeEditor.resx
.vbs
sushi/Forms/Updater.Designer.cs
sushi/Forms/Updater.cs
.js
sushi/Forms/Updater.resx
.vbs
sushi/Installer.bat
sushi/Nexus/AccountControl.Designer.cs
sushi/Nexus/AccountControl.cs
.js
sushi/Nexus/AccountControl.resx
.vbs
sushi/Nexus/AccountStatus.cs
sushi/Nexus/Command.cs
sushi/Nexus/ControlledAccount.cs
sushi/Nexus/Nexus.lua
.js
sushi/Nexus/NexusDocs.md
sushi/Nexus/WebsocketServer.cs
sushi/Properties/AssemblyInfo.cs
sushi/Properties/Resources.Designer.cs
.vbs
sushi/Properties/Resources.resx
.js
sushi/Properties/Settings.Designer.cs
sushi/Properties/Settings.settings
sushi/Resources/SaveIconSmall.png
.png
sushi/Resources/ShuffleIcon.png
.png
sushi/Resources/WatcherRegexMatches.txt
sushi/Resources/configIcon.png
.png
sushi/Resources/disc.png
.png
sushi/Resources/donation.png
.png
sushi/Resources/icons8-history-32.png
.png
sushi/Resources/libsodium.dll
.dll windows:6 windows x86 arch:x86

c85c1c96a17417feb77f58eddec50e0b

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-07-2016 17:27

Not After

07-07-2017 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67
Signer

Actual PE Digest

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\msys64\home\Frank\src\libsodium\bin\Win32\Release\v140\dynamic\libsodium.pdb

Imports

kernel32

LeaveCriticalSection
Sleep
GetSystemInfo
VirtualAlloc
EnterCriticalSection
VirtualProtect
VirtualLock
VirtualUnlock
VirtualFree
InitializeCriticalSection
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

SystemFunction036

vcruntime140

strchr
memcpy
memset
_except_handler4_common
memchr
memmove
strrchr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_errno
abort
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
raise

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-time-l1-1-0

_ftime64

Exports

Exports

crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_macbytes
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_sign
crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_open
crypto_sign_ed25519_pk_to_curve25519
crypto_sign_ed25519_publickeybytes
crypto_sign_ed25519_secretkeybytes
crypto_sign_ed25519_seed_keypair
crypto_sign_ed25519_seedbytes
crypto_sign_ed25519_sk_to_curve25519
crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_edwards25519sha512batch
crypto_sign_edwards25519sha512batch_keypair
crypto_sign_edwards25519sha512batch_open
crypto_sign_keypair
crypto_sign_open
crypto_sign_primitive
crypto_sign_publickeybytes
crypto_sign_secretkeybytes
crypto_sign_seed_keypair
crypto_sign_seedbytes
crypto_sign_verify_detached
crypto_stream
crypto_stream_aes128ctr
crypto_stream_aes128ctr_afternm
crypto_stream_aes128ctr_beforenm
crypto_stream_aes128ctr_beforenmbytes
crypto_stream_aes128ctr_keybytes
crypto_stream_aes128ctr_noncebytes
crypto_stream_aes128ctr_xor
crypto_stream_aes128ctr_xor_afternm
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_stream_keybytes
crypto_stream_noncebytes
crypto_stream_primitive
crypto_stream_salsa20
crypto_stream_salsa2012
crypto_stream_salsa2012_keybytes
crypto_stream_salsa2012_noncebytes
crypto_stream_salsa2012_xor
crypto_stream_salsa208
crypto_stream_salsa208_keybytes
crypto_stream_salsa208_noncebytes
crypto_stream_salsa208_xor
crypto_stream_salsa20_keybytes
crypto_stream_salsa20_noncebytes
crypto_stream_salsa20_xor
crypto_stream_salsa20_xor_ic
crypto_stream_xor
crypto_stream_xsalsa20
crypto_stream_xsalsa20_keybytes
crypto_stream_xsalsa20_noncebytes
crypto_stream_xsalsa20_xor
crypto_stream_xsalsa20_xor_ic
crypto_verify_16
crypto_verify_16_bytes
crypto_verify_32
crypto_verify_32_bytes
crypto_verify_64
crypto_verify_64_bytes
randombytes
randombytes_buf
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_salsa20_implementation
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_init
sodium_is_zero
sodium_library_version_major
sodium_library_version_minor
sodium_malloc
sodium_memcmp
sodium_memzero
sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_munlock
sodium_runtime_has_aesni
sodium_runtime_has_avx
sodium_runtime_has_avx2
sodium_runtime_has_neon
sodium_runtime_has_pclmul
sodium_runtime_has_sse2
sodium_runtime_has_sse3
sodium_runtime_has_sse41
sodium_runtime_has_ssse3
sodium_version_string

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sushi/Resources/offline.png
.png
sushi/Resources/online.png
.png
sushi/Resources/server_icon.ico
sushi/Resources/server_icon_white.ico
sushi/Resources/shuffle-crossing-arrows.png
.png
sushi/Resources/team_KX4_icon.ico
sushi/Resources/team_KX4_icon_white.ico
sushi/app1.manifest
sushi/log4.config
sushi/packages.config
.xml

Sharing

General

Malware Config

Signatures

Files

40ab50289f7ef5fae60801f88d4541fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 662KB - Virtual size: 661KB

.itext Size: 7KB - Virtual size: 6KB

.data Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 113B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 68KB - Virtual size: 67KB

.rsrc Size: 68KB - Virtual size: 68KB

c85c1c96a17417feb77f58eddec50e0b

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bfCertificate

Extended Key Usages

Key Usages

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 662KB - Virtual size: 661KB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 113B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 68KB - Virtual size: 68KB

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67
Signer

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB