warzonerat | WARZONE RAT 2[.]70 POISON[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

WARZONE RAT 2.70 POISON.7z
Size

13.5MB
MD5

c31e616eac7651fa5ce64f8fe44e5102
SHA1

d54f2bea426e14a123d60f0416a21bac68a564d2
SHA256

110e664addd90770d63021a5c3eb1f10f4a419272b9b135327918284952785bb
SHA512

2ecc0b19e521f40d3778c53047074668f3f3667202b92f06d5c5cb33faebd95fce6eb3dd4634149ccc3b69779f70594efd264838b1fee58335f51f7fd2647a8c
SSDEEP

393216:VEOTG9k/ix5TepFyo5S0gHTq3v6Jwc3QX5+vpw1CEv:VbTG6oNepFyydUe/ceAhw8C

Score

10^/10

rat warzonerat

Malware Config

Signatures

Warzone RAT payload 2 IoCs

rat

resource	yara_rule
static1/unpack001/WARZONE RAT 2.70 POISON/cratclient.bin	warzonerat
static1/unpack001/WARZONE RAT 2.70 POISON/cratclientd.bin	warzonerat

Warzonerat family
warzonerat

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WARZONE RAT 2.70 POISON/Datas/ServerManager.dll
unpack001/WARZONE RAT 2.70 POISON/Datas/SocksManager.exe
unpack001/WARZONE RAT 2.70 POISON/Datas/rdpwrap32.dll
unpack001/WARZONE RAT 2.70 POISON/Datas/rdpwrap64.dll
unpack001/WARZONE RAT 2.70 POISON/Datas/sqlite3.dll
unpack001/WARZONE RAT 2.70 POISON/Datas/vncviewer.exe
unpack001/WARZONE RAT 2.70 POISON/Injector/0Harmony.dll
unpack001/WARZONE RAT 2.70 POISON/Injector/Bootstrap.dll
unpack001/WARZONE RAT 2.70 POISON/Injector/Inject.exe
unpack001/WARZONE RAT 2.70 POISON/Injector/Warzone.Loader.dll
unpack001/WARZONE RAT 2.70 POISON/License.dll
unpack001/WARZONE RAT 2.70 POISON/MaterialSkin.dll
unpack001/WARZONE RAT 2.70 POISON/PETools.dll
unpack001/WARZONE RAT 2.70 POISON/WARZONE Password Viewer 1.0.exe
unpack001/WARZONE RAT 2.70 POISON/WARZONE RAT - HIDDEN POISON 2.70.exe
unpack001/WARZONE RAT 2.70 POISON/Warzone Cracked.exe
unpack001/WARZONE RAT 2.70 POISON/cratclient.bin
unpack001/WARZONE RAT 2.70 POISON/cratclientd.bin

Files

WARZONE RAT 2.70 POISON.7z
.7z

Password: infected
WARZONE RAT 2.70 POISON/Datas/ServerManager.dll
.dll windows:5 windows x86 arch:x86

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ioctlsocket
accept
bind
closesocket
listen
WSAStartup
getpeername
getsockname
send
socket
ntohs
inet_ntoa
recv
htons
WSAGetLastError

user32

MessageBoxA

kernel32

RaiseException
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapReAlloc
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStringTypeW
GetProcessHeap
Sleep
AllocConsole
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

?lst@@YAXH@Z

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/SocksManager.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\W7H64\source\repos\Socks5 Normal + Reverse CRAT\TCP proxy socks5\obj\Release\TCP proxy socks5.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/firefox.dlls
.dll windows:6 windows x86 arch:x86

2c54251b196d9e0cc804a7061f60558c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-06-2017 00:00

Not After

28-06-2019 12:00

Subject

CN=Mozilla Corporation,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d
Signer

Actual PE Digest

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

z:\task_1538344561\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb

Imports

nss3

PORT_GetError_Util
PR_NewLock
PR_DestroyLock
PR_Lock
PR_Unlock
SECITEM_FreeItem_Util
SECITEM_ZfreeItem_Util
SECITEM_CopyItem_Util
PR_NotifyCondVar
NSS_SecureMemcmpZero
PORT_ZAllocAlignedOffset_Util
SECITEM_CompareItem_Util
PR_NewCondVar
PR_DestroyCondVar
PR_WaitCondVar
PORT_ZAlloc_Util
SECITEM_AllocItem_Util
PR_NotifyAllCondVar
SECOID_FindOIDTag_Util
PORT_ArenaAlloc_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_NewArena_Util
NSS_SecureMemcmp
PR_GetEnvSecure
PR_CallOnce
PORT_SetError_Util
PORT_ZFree_Util
PORT_Free_Util
PORT_Alloc_Util

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetLogicalDrives
GetVolumeInformationA
QueryPerformanceCounter
GetCurrentProcess
GetDiskFreeSpaceA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetComputerNameA
GlobalMemoryStatus
GetTickCount
GetCurrentThreadId

advapi32

SystemFunction036

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
abort

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

FREEBL_GetVector

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/geoip/GeoIP.dat
WARZONE RAT 2.70 POISON/Datas/options.vnc
WARZONE RAT 2.70 POISON/Datas/rV.bsp1
WARZONE RAT 2.70 POISON/Datas/rV2.bsp1
WARZONE RAT 2.70 POISON/Datas/rdpwrap.ini
WARZONE RAT 2.70 POISON/Datas/rdpwrap32.dll
.dll windows:5 windows x86 arch:x86

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
GetSystemMetrics
CharUpperBuffW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteProcessMemory
WaitForSingleObject
SuspendThread
SignalObjectAndWait
SetEvent
ResumeThread
ResetEvent
ReadProcessMemory
MultiByteToWideChar
LoadResource
LoadLibraryW
GetVersionExW
GetThreadLocale
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFileAttributesW
GetDiskFreeSpaceW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
CreateEventW
CloseHandle
GetModuleHandleExW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenThread

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/rdpwrap64.dll
.dll windows:6 windows x64 arch:x64

53a3dacee6717ddc12074523c645029b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
ReadFile
SetLastError
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleExW
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
GetModuleHandleW
FindResourceW
LoadResource
LoadLibraryExW
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ReadProcessMemory
SetFilePointerEx
SetStdHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

wsprintfA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/rvncviewer.exe
.exe windows:5 windows x86 arch:x86

213323ecaf46aa001703061e2c7c72be

Code Sign

52:31:09:fd:26:76:d2:5c:b3:d4:57:c9:a3:48:53:ee
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-08-2016 00:00

Not After

22-11-2019 23:59

Subject

CN=uvnc bvba,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6
Signer

Actual PE Digest

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
WSACleanup
WSAStartup
connect
inet_addr
select
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindClose
LoadLibraryA
FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FindFirstFileA
RtlUnwind
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
CopyFileA
InterlockedExchange
GetDriveTypeW
LCMapStringW
HeapSize
GetConsoleMode
GetConsoleCP
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
HeapCreate
IsProcessorFeaturePresent
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FindFirstFileExA
ExitProcess
GetModuleHandleW
GetFullPathNameA
HeapAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapFree
TlsAlloc
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
CreateSemaphoreA
TlsSetValue
GetCurrentThread
GetCurrentProcess
TlsGetValue
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
RemoveDirectoryA
CloseHandle
GetModuleFileNameA
ResetEvent
GetLastError
Beep
GetFileAttributesA
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
lstrcatA
DosDateTimeToFileTime
GetVolumeInformationA
GetVersion
LocalFileTimeToFileTime
lstrcpynA
CreateMutexA
ReleaseMutex
SetVolumeLabelA
SetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
GetStringTypeW

user32

IsDlgButtonChecked
LoadKeyboardLayoutA
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
LoadBitmapA
PtInRect
GetDesktopWindow
GetMenuStringA
ScreenToClient
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
PeekMessageA
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
SetCapture
GetScrollInfo
SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
SetRect
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
SendMessageA
GetWindowTextA
GetWindowLongA
GetDlgItem
SetWindowTextA
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
CharToOemA
OemToCharA
wvsprintfA
GetMenuItemCount

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

OpenProcessToken
GetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorLength
AdjustTokenPrivileges
IsValidAcl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/sqlite3.dll
.dll windows:5 windows x86 arch:x86

1b1a70babde0a2663fcc833b56850660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Tim\documents\visual studio 2010\Projects\sqlite\Release\sqlite3.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EncodePointer
GetTimeZoneInformation
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Datas/vncviewer.exe
.exe windows:4 windows x86 arch:x86

40269abf5b1cb28ac007eed117b0b2c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

comctl32

_TrackMouseEvent

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
PFXImportCertStore

gdi32

Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateEnhMetaFileA
CreateFontA
CreatePalette
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteEnhMetaFile
DeleteObject
EqualRgn
ExtCreatePen
ExtCreateRegion
GdiFlush
GetCharacterPlacementW
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetGlyphOutlineW
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetWindowOrgEx
LPtoDP
LineTo
MoveToEx
Pie
PlayEnhMetaFile
PolyPolygon
Polygon
Polyline
RealizePalette
RectInRegion
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBitsToDevice
SetPixel
SetTextAlign
SetTextColor
SetWindowOrgEx
StretchDIBits
TextOutW
UpdateColors

kernel32

AllocConsole
CloseHandle
CreateEventA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetComputerNameA
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte

msimg32

AlphaBlend

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_close
_errno
_execvp
_exit
_findclose
_findfirst
_fmode
_fstati64
_fullpath
_initterm
_iob
_lock
_mkdir
_onexit
_open
_open_osfhandle
_putenv
_setjmp3
_snwprintf
time
localtime
gmtime
ctime
_stati64
_strdup
_stricmp
_strnicmp
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
rand
realloc
remove
rename
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
_unlock
_vsnwprintf
_waccess
_wchmod
_wfopen
_wgetcwd
_wgetenv
_wmkdir
_wopen
_wrename
_wrmdir
_wstat
_wunlink
abort
acos
atof
atoi
system
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcschr
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_vsnprintf
_findnext
longjmp
_write
_strdup
_read
_open
_getpid
_getcwd
_fileno
_fdopen
_close

ole32

DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium

shell32

DragQueryFileW
SHGetSpecialFolderPathA

user32

AdjustWindowRectEx
BringWindowToTop
CallNextHookEx
ChangeClipboardChain
ClientToScreen
CloseClipboard
CopyIcon
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
FillRect
GetAsyncKeyState
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowInfo
GetWindowLongA
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindow
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageA
PeekMessageW
PostMessageA
PostThreadMessageA
RegisterClassExA
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetForegroundWindow
SetRect
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
ToUnicode
TranslateMessage
UnhookWindowsHookEx
ValidateRgn
WindowFromPoint

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/105
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Injector/0Harmony.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Injector/0Harmony.xml
.js .xml polyglot
WARZONE RAT 2.70 POISON/Injector/Bootstrap.dll
.dll windows:6 windows x86 arch:x86

4addccdd6e35c67b841b2cc543186bd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\hussa\Desktop\inject\Release\Bootstrap.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPBD@Z

mscoree

CLRCreateInstance

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove
memcpy
memset
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

Exports

Exports

ImplantDotNetAssembly

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Injector/Bootstrap.exp
WARZONE RAT 2.70 POISON/Injector/Bootstrap.lib
WARZONE RAT 2.70 POISON/Injector/Inject.exe
.exe windows:6 windows x86 arch:x86

80282bbabc201caca6ec787bc31e91c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hussa\Desktop\inject\Release\Inject.pdb

Imports

kernel32

SetConsoleMode
GetModuleFileNameW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
GetConsoleMode
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
Module32FirstW
GetStdHandle
VirtualAllocEx
GetModuleHandleW
FreeLibrary
GetConsoleWindow
CreateRemoteThread
Module32NextW
VirtualFreeEx
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcess
WriteProcessMemory
SetConsoleTextAttribute
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter

user32

ShowWindow

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

msvcp140

?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathRemoveFileSpecW
PathAppendW

vcruntime140

memcpy
_except_handler4_common
memset
__current_exception_context
memmove
__current_exception
_CxxThrowException
__std_exception_copy
__CxxFrameHandler3
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

wcsnlen

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
__stdio_common_vfwprintf_s
_set_fmode

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_initterm
_get_initial_wide_environment
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
terminate
_set_app_type
_controlfp_s
_seh_filter_exe
_cexit
_crt_atexit
__p___argc
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Injector/Warzone.Loader.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\hussa\Desktop\a\WarzoneLoader\WarzoneLoader Slient Builder\WarzoneLoader\bin\Release\Warzone.Loader.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/License.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

if{sg
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/MaterialSkin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\W7H64\Desktop\MaterialSkin-master\MaterialSkin\obj\Release\MaterialSkin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/PETools.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Workspace\Projects\MiscProjects\PETools-master\obj\Release\PETools.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/WARZONE Password Viewer 1.0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\PV\Password Viewer CRAT\Password Viewer CRAT\obj\Release\WARZONE Password Viewer 1.0.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/WARZONE RAT - HIDDEN POISON 2.70.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

5m1h<s(
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/WARZONE RAT - HIDDEN POISON 2.70.exe.config
.xml
WARZONE RAT 2.70 POISON/Warzone Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hussa\Desktop\a\WarzoneLoader\Warzone Cracked\bin\Release\Warzone Cracked.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/Warzone Cracked.exe.config
.xml
WARZONE RAT 2.70 POISON/cracked by cortexnet.cc.txt
WARZONE RAT 2.70 POISON/cratclient.bin
.exe windows:5 windows x86 arch:x86

b9494f92817e4dfbe294ad842e8f1988

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

ntdll

NtQueryInformationProcess
RtlInitUnicodeString
RtlEqualUnicodeString

kernel32

GetModuleHandleA
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateProcessA
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
LocalAlloc
lstrcmpW
WaitForSingleObject
CreateProcessW
VirtualProtect
SetFilePointer
ReadProcessMemory
VirtualQueryEx
GetModuleHandleW
IsWow64Process
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
ExitProcess
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WinExec
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
Process32First
Process32Next
SizeofResource
GetTempPathA
LockResource
lstrcpyW
WideCharToMultiByte
lstrcpyA
Sleep
MultiByteToWideChar
lstrcatA
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
lstrcatW
GetLastError
VirtualFree
SetLastError
GetModuleFileNameA
CreateDirectoryW
GetProcAddress
LoadLibraryA
GetProcessHeap
CreateEventA
HeapAlloc
LocalFree
LeaveCriticalSection

user32

CreateDesktopW
CharLowerW
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
wsprintfA
GetKeyNameTextW
PostQuitMessage
MessageBoxA
GetLastInputInfo
GetForegroundWindow
GetWindowTextW
ToUnicode
wsprintfW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
LookupAccountSidW
GetTokenInformation
QueryServiceStatusEx
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
RegCreateKeyExW
RegSetValueExA
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
RegDeleteKeyW

shell32

SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetKnownFolderPath
ShellExecuteExA
SHGetFolderPathW

urlmon

URLDownloadToFileW

ws2_32

getaddrinfo
setsockopt
freeaddrinfo
htons
recv
connect
socket
send
WSAStartup
shutdown
closesocket
WSACleanup
InetNtopW
gethostbyname
inet_addr

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree

shlwapi

PathFileExistsW
PathFindExtensionW
StrStrW
PathRemoveFileSpecA
StrStrA
PathCombineA
PathFindFileNameW
AssocQueryStringW

netapi32

NetLocalGroupAddMembers
NetUserAdd

oleaut32

VariantInit

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptStringToBinaryW

psapi

GetModuleFileNameExW

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WARZONE RAT 2.70 POISON/cratclientd.bin
.dll windows:5 windows x86 arch:x86

6ca4e37881335afe15e1e9973115556d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlEqualUnicodeString
RtlInitUnicodeString
NtQueryInformationProcess

kernel32

HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateProcessA
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
LocalAlloc
LocalFree
WaitForSingleObject
CreateProcessW
VirtualProtect
SetFilePointer
ExitProcess
VirtualQueryEx
GetModuleHandleW
IsWow64Process
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
VirtualAlloc
SetEvent
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WinExec
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
GetProcAddress
Process32First
Process32Next
SizeofResource
GetTempPathA
LockResource
LoadLibraryA
GetProcessHeap
HeapAlloc
lstrcmpW
GetTickCount
lstrcpyW
WideCharToMultiByte
lstrcpyA
HeapFree
GetStartupInfoA
GetCommandLineA
DuplicateHandle
Sleep
MultiByteToWideChar
lstrcatA
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
lstrcatW
GetLastError
VirtualFree
GetModuleHandleA
SetLastError
GetModuleFileNameA
CreateDirectoryW
ReadProcessMemory

user32

CreateDesktopW
CharLowerW
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
RegisterClassW
GetRawInputData
wsprintfW
PostQuitMessage
wsprintfA
GetWindowTextW
MapVirtualKeyA
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
ToUnicode
GetKeyNameTextW
GetLastInputInfo
MessageBoxA
GetForegroundWindow

advapi32

InitializeSecurityDescriptor
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExA
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegDeleteKeyA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteExA
SHFileOperationW
ShellExecuteExW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

connect
socket
send
WSAStartup
htons
closesocket
WSACleanup
inet_addr
gethostbyname
recv
freeaddrinfo
setsockopt
getaddrinfo
shutdown
InetNtopW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize

shlwapi

StrStrA
PathFileExistsW
StrStrW
PathRemoveFileSpecA
PathFindExtensionW
PathFindFileNameW
PathCombineA
AssocQueryStringW

netapi32

NetUserAdd
NetLocalGroupAddMembers

oleaut32

VariantInit

crypt32

CryptUnprotectData
CryptStringToBinaryA
CryptStringToBinaryW

psapi

GetModuleFileNameExW

bcrypt

BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

43276e2555cc844cac1ebf1c83657e18

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

kernel32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

2c54251b196d9e0cc804a7061f60558c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

kernel32

advapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 1024B - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 6KB - Virtual size: 5KB

4ed84fc157e2a47dbff1bafdc889324d

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:53:96:dc:b2:94:9c:70:fa:c4:8a:b0:8a:07:33:8e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b1:34:fd:d7:ab:fc:0b:9c:09:fc:69:df:be:b3:c7:4b:8f:32:bb:3d
Signer

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 1024B - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 57KB - Virtual size: 56KB

.itext
Size: 512B - Virtual size: 408B

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 110B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

52:31:09:fd:26:76:d2:5c:b3:d4:57:c9:a3:48:53:ee
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e1:9a:88:94:9b:12:69:7c:2c:7e:30:6e:94:70:39:4f:fa:20:ea:b9:93:b1:c8:b2:c8:88:56:c9:72:66:95:d6
Signer

.text
Size: 722KB - Virtual size: 722KB

.rdata
Size: 173KB - Virtual size: 173KB

.data
Size: 10KB - Virtual size: 346KB

.rsrc
Size: 474KB - Virtual size: 474KB

.reloc
Size: 37KB - Virtual size: 37KB