zeppelin | Qu1cksc0pe-master[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Qu1cksc0pe-master.zip
Size

14.8MB
MD5

44390763f5efc1870be2a5515c69520b
SHA1

603dedc87cc34de86ccad1e120b08f82d8d1b930
SHA256

94cf07c8355ae5bf81fcb8e064b1423af657c216318b25c2938bfa03832c45c9
SHA512

97ae8329393355b69d1db5ed4c1f54a0019b2b6c8f42ad547a75fc79f49648527e4b7c4a43e0c44e02e70887133fcdf1d6fb7267299295ce5c9d4fdc8485c15a
SSDEEP

393216:Mmr5sPWUQS+eFgGGH10dsUl9Y8rfgvm+OY7Yyvvu/aDxu9Vcq:Mmr5sWSRUKdsb8rxsbvYDT

Score

10^/10

miner zeppelin masslogger mountlocker xmrig

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

resource	yara_rule
static1/unpack001/Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/detection.yara	RANSOM_mountlocker

Detects Zeppelin payload 1 IoCs

resource	yara_rule
static1/unpack001/Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/detection.yara	family_zeppelin

MassLogger log file 1 IoCs

Detects a log file produced by MassLogger.

resource	yara_rule
static1/unpack001/Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/detection.yara	masslogger_log_file

Masslogger family
masslogger
Mountlocker family
mountlocker

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/detection.yara	family_xmrig

Xmrig family
xmrig
Zeppelin family
zeppelin

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Qu1cksc0pe-master/Systems/Windows/dnlib.dll

Files

Qu1cksc0pe-master.zip
.zip
Qu1cksc0pe-master/.animations/emulate.gif
.gif
Qu1cksc0pe-master/.dockerignore
Qu1cksc0pe-master/.github/FUNDING.yml
Qu1cksc0pe-master/.gitignore
Qu1cksc0pe-master/Dockerfile
Qu1cksc0pe-master/LICENSE
Qu1cksc0pe-master/Modules/VTwrapper.py
.py .sh linux
Qu1cksc0pe-master/Modules/__init__.py
Qu1cksc0pe-master/Modules/andro_familydetect.py
.py .sh linux
Qu1cksc0pe-master/Modules/android_dynamic_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/apkAnalyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/apkSecCheck.py
.py .sh linux
Qu1cksc0pe-master/Modules/apple_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/archiveAnalyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/banners.py
.py .sh linux
Qu1cksc0pe-master/Modules/console.py
.py .sh linux
Qu1cksc0pe-master/Modules/document_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/domainCatcher.py
.py .sh linux
Qu1cksc0pe-master/Modules/email_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/emulator.py
.py .sh linux
Qu1cksc0pe-master/Modules/go_binary_parser.py
Qu1cksc0pe-master/Modules/hashScanner.py
.py .sh linux
Qu1cksc0pe-master/Modules/installer.sh
.sh linux
Qu1cksc0pe-master/Modules/languageDetect.py
.py .sh linux
Qu1cksc0pe-master/Modules/linux_dynamic_analyzer.py
Qu1cksc0pe-master/Modules/linux_static_analyzer.py
Qu1cksc0pe-master/Modules/mitre.py
.py .sh linux
Qu1cksc0pe-master/Modules/packerAnalyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/pcap_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/powershell_analyzer.py
.py .sh linux
Qu1cksc0pe-master/Modules/resourceChecker.py
.py .sh linux
Qu1cksc0pe-master/Modules/sigChecker.py
.py .sh linux
Qu1cksc0pe-master/Modules/utils.py
Qu1cksc0pe-master/Modules/windows_dynamic_analyzer.py
Qu1cksc0pe-master/Modules/windows_process_reader.py
Qu1cksc0pe-master/Modules/windows_static_analyzer.py
.py .sh linux
Qu1cksc0pe-master/README.md
Qu1cksc0pe-master/Systems/Android/FridaScripts/sc0pe_android_enumeration.js
.js
Qu1cksc0pe-master/Systems/Android/YaraRules/MALW_Mailers.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adfraud.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/advobfuscator.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adware-adpath.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adware-assd.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adware-snake_recipes.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adware_detect.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adwarech_ccm.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/adwo_adware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/agent_variant.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/airpush-adware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/airpush_adware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/airpush_rocking.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/amtrckr.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/andr_spynote.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android-buhsam.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android-cerberus.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android-coinhive.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android-spywaller.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android_banker_tordow.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android_bankosy.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/android_pegasus.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/androrat.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/anti_debugging.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/anti_reversing.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/anubis-variant.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/anubis_v3.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/appdome_obfuscator.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/auto-whatsapp-responder.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/backdoor.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bangcle-packer.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bangcle-packer1.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot1.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot2.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot3.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot4.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot5.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot6.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankbot_overlaytrojan.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker-anubis.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker_blackrock.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker_cosmetiq.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker_gugi.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/banker_redalert.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/bankingapps.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/btc-eth-address_detection.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/chrome-trojan.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/cloudsota.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/coudw.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/cryptowallets.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/dexguard_apkid.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/dexguard_detect.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/dresscode_trojan.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fake-cleaner.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fake_avg.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fake_german_bankingapps.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakecop_smsFraud.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst-certs.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst-offers_xmls.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst_domains.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst_v2.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst_v3.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/fakeinst_v4.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/frida-detection.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/hackingteam.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/itau_banker-trojan.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/java_native_interface.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/joker-malware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/kazachstan.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/kemoge.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/legu-packer.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/libyan_scorpions.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/location.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/lotsofads.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/malware_banker_sec.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/marcher-obfuscated.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/mazain_banker.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/mazainrule.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/misusing_accessibility.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/mobidash-adware_installer.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/mopub_aggr_adware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/native-code.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/phonecaller.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/pytm_sdk_tracker.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/ransomware1.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/razorpay_tracker.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/russian_playstore-phishing.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/saveme-spyware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/simp-locker.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/sms-sender.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/sms-thief.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/spyware-sms.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/spyware_libraries.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/telerat.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/tiktok-malware.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/towelhacking_ransom.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan-anubis.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan-anubis_variant.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan-banker_marcher.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan-cajino.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan-eventbot.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojan_smsboxer.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/trojansms.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/vikingbotnet.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/virbox_packer_detection.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/wormhole.yara
Qu1cksc0pe-master/Systems/Android/YaraRules/xmrig-detection.yara
Qu1cksc0pe-master/Systems/Android/blacklist_patterns.txt
Qu1cksc0pe-master/Systems/Android/detections.json
Qu1cksc0pe-master/Systems/Android/family.json
Qu1cksc0pe-master/Systems/Android/libScanner.conf
Qu1cksc0pe-master/Systems/Android/perms.json
Qu1cksc0pe-master/Systems/Linux/FridaScripts/sc0pe_linux_dynamic.js
.js
Qu1cksc0pe-master/Systems/Linux/YaraRules_Linux/Linux.Virus.Vit.yara
Qu1cksc0pe-master/Systems/Linux/YaraRules_Linux/MALW_Mirai_Satori_ELF.yara
Qu1cksc0pe-master/Systems/Linux/YaraRules_Linux/crime_mirai.yara
Qu1cksc0pe-master/Systems/Linux/YaraRules_Linux/custom_mirai_mx.yara
Qu1cksc0pe-master/Systems/Linux/YaraRules_Linux/gen_gobfuscate.yar
Qu1cksc0pe-master/Systems/Linux/linux.conf
Qu1cksc0pe-master/Systems/Linux/linux_func_categories.json
Qu1cksc0pe-master/Systems/Linux/linux_trace_list.json
Qu1cksc0pe-master/Systems/Multiple/Packer_Rules/packer.yara
Qu1cksc0pe-master/Systems/Multiple/Packer_Rules/packer_compiler_signatures.yara
Qu1cksc0pe-master/Systems/Multiple/Packer_Rules/peid.yara
Qu1cksc0pe-master/Systems/Multiple/Packer_Rules/peid_to_remove.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/CVE-2017-11882.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/MALWARE_Emotet_OneNote_Delivery_vbs_Mar23.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/MALWARE_OneNote_Delivery_Jan23.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/Maldoc_Suspicious_OLE_target.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/Maldoc_UserForm.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/Maldoc_VBA_macro_code.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/Maldoc_malrtf_ole2link.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/OneNote_EmbeddedFiles_NoPictures.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/QakBot_OneNote_Loader.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/Suspicious_Macro_Presence.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/gen_rtf_malver_objects.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/gen_susp_office_dropper.yara
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/indicator_office.yar
Qu1cksc0pe-master/Systems/Multiple/YaraRules_Multiple/pump_and_dump.yara
Qu1cksc0pe-master/Systems/Multiple/blacklist_domains.txt
Qu1cksc0pe-master/Systems/Multiple/file_sigs.json
Qu1cksc0pe-master/Systems/Multiple/golang_categories.json
Qu1cksc0pe-master/Systems/Multiple/ja3_fingerprints.lst
Qu1cksc0pe-master/Systems/Multiple/malicious_html_codes.json
Qu1cksc0pe-master/Systems/Multiple/malicious_rtf_codes.json
Qu1cksc0pe-master/Systems/Multiple/multiple.conf
Qu1cksc0pe-master/Systems/Multiple/special_artifact_patterns.json
Qu1cksc0pe-master/Systems/Multiple/whitelist_domains.txt
Qu1cksc0pe-master/Systems/OSX/osx_sym_categories.json
Qu1cksc0pe-master/Systems/Windows/FridaScripts/sc0pe_windows_dynamic.js
.js
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/APT_APT1.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/APT_RedLeaves.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/APT_Stuxnet.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_AgentTesla.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_AsyncRat.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_CobaltStrikeBeacon.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_Emotet.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_GetTickCountAntiVM.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_Ryuk.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/CAPE_SingleStepAntiHook.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/ClamAV_Emotet_String_Aggregrate.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Embedded_PE.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Hunting_Rule_ShikataGaNai.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/IQY_File_With_Suspicious_URL.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/MALW_Surtr.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/MALW_cobaltstrike.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/MINER_Monero.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/RAT_Ratdecoders.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/STEALER_Lokibot.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/STEALER_credstealer.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/TOOLKIT_Redteam_Tools_by_GUID.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/TOOLKIT_Solarwinds_credential_stealer.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/WIN32_MALWR_POSSIBLE_EMOTET_07_20.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.CaddyWiper.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.Dridex.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.Emotet.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.HermeticWiper.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.IsaacWiper.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/Win32.Trojan.TrickBot.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/antidebug_antivm.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/bumblebeeloader.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/bumblebeeloader1.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/capabilities.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/crypto_signatures.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/detection.yara
.js
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/dotnet_hidden_executables_detect.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/gen_gobfuscate.yar
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/image.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/mal_msil_typhon_logger.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/msil_mal_niximports_loader.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/msil_susp_obf_antidump.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/msil_susp_obf_xorstringsnet.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/msil_suspicious_use_of_strreverse.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/rusty_stealer.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/sfx_pdb_winrar_restrict.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/shellcode.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/urls.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win.lumma_auto.yar
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_Eternity.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_amadey_a9f4.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_aurora_stealer_a_706a.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_colibriloader_unpacked.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_isfb_auto.yara
.ps1
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_modern_loader_v1_01_1edf.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_phorpiex_a_84fc.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_qakbot_malped.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_stealc_w0.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_strelastealer.yara
Qu1cksc0pe-master/Systems/Windows/YaraRules_Windows/win_xwormmm_s1_6f74.yara
Qu1cksc0pe-master/Systems/Windows/dnlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

M:\dnlib\src\obj\Release\netstandard2.0\dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Qu1cksc0pe-master/Systems/Windows/dotnet_blacklisted_methods.txt
Qu1cksc0pe-master/Systems/Windows/dotnet_malware_patterns.json
Qu1cksc0pe-master/Systems/Windows/mitre_for_windows.json
Qu1cksc0pe-master/Systems/Windows/powershell_code_patterns.json
Qu1cksc0pe-master/Systems/Windows/suspicious_registry_keys.txt
Qu1cksc0pe-master/Systems/Windows/windows.conf
Qu1cksc0pe-master/Systems/Windows/windows_api_categories.json
Qu1cksc0pe-master/Systems/Windows/windows_api_trace_list.txt
Qu1cksc0pe-master/Systems/Windows/windows_debug_signatures
Qu1cksc0pe-master/qu1cksc0pe.py
.py .sh linux
Qu1cksc0pe-master/requirements.txt
Qu1cksc0pe-master/setup.ps1
.ps1
Qu1cksc0pe-master/setup.sh
.sh linux

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B