C:\Users\jakob\source\repos\Bypass\x64\Release\Bypass.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
Bypass.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Bypass.exe
Resource
win10v2004-20241007-en
General
-
Target
Bypass.exe
-
Size
26KB
-
MD5
013de7f78f864fd37c6e4a6503caaba6
-
SHA1
fcbfb8e566db0790911cd846829618657ba86956
-
SHA256
2b34f81fac75313c6db5a80b7b560f303f4714adb6e2392c9c01d7146c022e5d
-
SHA512
f25f83ffd2b9f7bcbd437f71ce0acd8949f9a65c5cd7906d23f9e1ef83db3add165fc977947a35ae8fc577d72a8689f534115267f6a984f8339ed24baeacede3
-
SSDEEP
384:GURtRE9c7d/bMct1vOVislkIPNUfc04tNXGQ3XgeYWo/r5If92oopgqQBcpFhh/X:GM8hDlZBhKWU+9bWgqTFb/wxMX
Malware Config
Signatures
-
Detects RedTiger Stealer 7 IoCs
resource yara_rule sample redtigerv122 sample redtigerv22 sample redtiger_stealer_detection sample redtiger_stealer_detection_v2 sample staticSred sample staticred sample redtiger_stealer_detection_v1 -
Redtiger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Bypass.exe
Files
-
Bypass.exe.exe windows:6 windows x64 arch:x64
5aa8233f49eec9e7afdbd2c8fea96cb8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
CreateProcessA
GetModuleFileNameA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlCaptureContext
advapi32
RegCloseKey
RegDeleteKeyA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCreateKeyExA
RegSetValueExA
msvcp140
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?good@ios_base@std@@QEBA_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
memmove
_CxxThrowException
__C_specific_handler
memcpy
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
memset
api-ms-win-crt-runtime-l1-1-0
_register_onexit_function
_crt_atexit
terminate
_cexit
_initialize_onexit_table
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
system
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
_callnewh
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ