Overview

overview

7

Static

static

7

Atlantis.exe

windows7-x64

3

Atlantis.exe

windows10-2004-x64

6

bin/Injector.exe

windows7-x64

7

bin/Injector.exe

windows10-2004-x64

7

bin/VMProt...64.dll

windows7-x64

1

bin/VMProt...64.dll

windows10-2004-x64

1

bin/amdxx64.dll

windows7-x64

1

bin/amdxx64.dll

windows10-2004-x64

1

workspace/...che.js

windows7-x64

3

workspace/...che.js

windows10-2004-x64

3

workspace/...sal.js

windows7-x64

3

workspace/...sal.js

windows10-2004-x64

3

workspace/...new.js

windows7-x64

3

workspace/...new.js

windows10-2004-x64

3

workspace/...ity.js

windows7-x64

3

workspace/...ity.js

windows10-2004-x64

3

workspace/...ash.js

windows7-x64

3

workspace/...ash.js

windows10-2004-x64

3

workspace/...ain.js

windows7-x64

3

workspace/...ain.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Build.zip

  • Size

    13.2MB

  • MD5

    dc27a05bca028fdea32ce70deb829e30

  • SHA1

    87df8d8884a8119651a881d3a3d2d66bc42e845c

  • SHA256

    99b421b433eae70d9b28445cfcfee2185de5511a0c98355f817ba63e65b842c1

  • SHA512

    e7721c9872a20c0646fe2d5a64e6edc730dab3b4105a04a7768331f16fd45f10976e250123a2c1d35b155658407ddbe9775fa3522deca9affcf4b7f96f05ea97

  • SSDEEP

    393216:IilLgkSGJ2ErGI1uV7PfmL04PSQQ2ZgvhR2Essh:IiirZIona08IhR/sU

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • Build.zip
    .zip
  • Atlantis.exe
    .exe windows:6 windows x64 arch:x64

    48179d4801024f7b6e9d9f729fcbb9be


    Headers

    Imports

    Sections

  • bin/Injector.exe
    .exe windows:6 windows x64 arch:x64

    62a3e17fb27cb763359f1e14520f2a5e


    Headers

    Imports

    Sections

  • bin/VMProtectSDK64.dll
    .dll windows:5 windows x64 arch:x64

    1851ff453adce0cef5274e320d5bed3c


    Headers

    Imports

    Exports

    Sections

  • bin/amdxx64.dll
    .dll windows:6 windows x64 arch:x64

    258493f6842b953cf9e315dfac5c0d9f


    Headers

    Imports

    Sections

  • workspace/.tests/appendfile.txt
  • workspace/.tests/getcustomasset.txt
  • workspace/.tests/isfile.txt
  • workspace/.tests/listfiles/test_1.txt
  • workspace/.tests/listfiles/test_2.txt
  • workspace/.tests/loadfile.txt
  • workspace/.tests/readfile.txt
  • workspace/.tests/writefile
  • workspace/.tests/writefile.txt
  • workspace/CMD-X.lua
  • workspace/IY_FE.iy
  • workspace/SimpleSpy/Settings.json
  • workspace/__oh_version.txt
  • workspace/_orca/options.json
  • workspace/dex/deps_version.dat
  • workspace/dex/rbx_api.dat
  • workspace/dex/rbx_rmd.dat
  • workspace/f42f3746fb3eb60f837d3673581c14a5-cache.lua
    .js
  • workspace/hydroxide/user/Upbolt/methods/environment.lua
  • workspace/hydroxide/user/Upbolt/methods/string.lua
  • workspace/hydroxide/user/Upbolt/methods/table.lua
  • workspace/hydroxide/user/Upbolt/methods/userdata.lua
  • workspace/hydroxide/user/Upbolt/modules/ClosureSpy.lua
  • workspace/hydroxide/user/Upbolt/modules/ConstantScanner.lua
  • workspace/hydroxide/user/Upbolt/modules/ModuleScanner.lua
  • workspace/hydroxide/user/Upbolt/modules/RemoteSpy.lua
  • workspace/hydroxide/user/Upbolt/modules/ScriptScanner.lua
  • workspace/hydroxide/user/Upbolt/modules/UpvalueScanner.lua
  • workspace/hydroxide/user/Upbolt/objects/Closure.lua
  • workspace/hydroxide/user/Upbolt/objects/Constant.lua
  • workspace/hydroxide/user/Upbolt/objects/LocalScript.lua
  • workspace/hydroxide/user/Upbolt/objects/ModuleScript.lua
  • workspace/hydroxide/user/Upbolt/objects/Remote.lua
  • workspace/hydroxide/user/Upbolt/objects/Upvalue.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/CheckBox.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/ContextMenu.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/Dropdown.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/List.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/MessageBox.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/Prompt.lua
  • workspace/hydroxide/user/Upbolt/ui/controls/TabSelector.lua
  • workspace/hydroxide/user/Upbolt/ui/modules/ClosureSpy.lua
  • workspace/hydroxide/user/Upbolt/ui/modules/ModuleScanner.lua
  • workspace/hydroxide/user/Upbolt/ui/modules/RemoteSpy.lua
  • workspace/hydroxide/user/Upbolt/ui/modules/ScriptScanner.lua
  • workspace/newvape/assets/new/add.png
    .png
  • workspace/newvape/assets/new/allowedicon.png
    .png
  • workspace/newvape/assets/new/allowedtab.png
    .png
  • workspace/newvape/assets/new/back.png
    .png
  • workspace/newvape/assets/new/bind.png
    .png
  • workspace/newvape/assets/new/bindbkg.png
    .png
  • workspace/newvape/assets/new/blatanticon.png
    .png
  • workspace/newvape/assets/new/blockedicon.png
    .png
  • workspace/newvape/assets/new/blockedtab.png
    .png
  • workspace/newvape/assets/new/blur.png
    .png
  • workspace/newvape/assets/new/blurnotif.png
    .png
  • workspace/newvape/assets/new/close.png
    .png
  • workspace/newvape/assets/new/colorpreview.png
    .png
  • workspace/newvape/assets/new/combaticon.png
    .png
  • workspace/newvape/assets/new/customsettings.png
    .png
  • workspace/newvape/assets/new/dots.png
    .png
  • workspace/newvape/assets/new/expandicon.png
    .png
  • workspace/newvape/assets/new/expandright.png
    .png
  • workspace/newvape/assets/new/expandup.png
    .png
  • workspace/newvape/assets/new/friendstab.png
    .png
  • workspace/newvape/assets/new/guisettings.png
    .png
  • workspace/newvape/assets/new/guislider.png
    .png
  • workspace/newvape/assets/new/guisliderrain.png
    .png
  • workspace/newvape/assets/new/guiv4.png
    .png
  • workspace/newvape/assets/new/guivape.png
    .png
  • workspace/newvape/assets/new/info.png
    .png
  • workspace/newvape/assets/new/inventoryicon.png
    .png
  • workspace/newvape/assets/new/legit.png
    .png
  • workspace/newvape/assets/new/legittab.png
    .png
  • workspace/newvape/assets/new/miniicon.png
    .png
  • workspace/newvape/assets/new/notification.png
    .png
  • workspace/newvape/assets/new/overlaysicon.png
    .png
  • workspace/newvape/assets/new/overlaystab.png
    .png
  • workspace/newvape/assets/new/pin.png
    .png
  • workspace/newvape/assets/new/profilesicon.png
    .png
  • workspace/newvape/assets/new/radaricon.png
    .png
  • workspace/newvape/assets/new/rainbow_1.png
    .png
  • workspace/newvape/assets/new/rainbow_2.png
    .png
  • workspace/newvape/assets/new/rainbow_3.png
    .png
  • workspace/newvape/assets/new/rainbow_4.png
    .png
  • workspace/newvape/assets/new/range.png
    .png
  • workspace/newvape/assets/new/rangearrow.png
    .png
  • workspace/newvape/assets/new/rendericon.png
    .png
  • workspace/newvape/assets/new/search.png
    .png
  • workspace/newvape/assets/new/targetinfoicon.png
    .png
  • workspace/newvape/assets/new/targetnpc1.png
    .png
  • workspace/newvape/assets/new/targetnpc2.png
    .png
  • workspace/newvape/assets/new/targetplayers1.png
    .png
  • workspace/newvape/assets/new/targetplayers2.png
    .png
  • workspace/newvape/assets/new/targetstab.png
    .png
  • workspace/newvape/assets/new/textguiicon.png
    .png
  • workspace/newvape/assets/new/textv4.png
    .png
  • workspace/newvape/assets/new/textvape.png
    .png
  • workspace/newvape/assets/new/utilityicon.png
    .png
  • workspace/newvape/assets/new/worldicon.png
    .png
  • workspace/newvape/games/universal.lua
    .js
  • workspace/newvape/guis/new.lua
    .js
  • workspace/newvape/libraries/entity.lua
    .js
  • workspace/newvape/libraries/hash.lua
    .js
  • workspace/newvape/libraries/prediction.lua
  • workspace/newvape/main.lua
    .js
  • workspace/newvape/profiles/1430993116.gui.txt
  • workspace/newvape/profiles/commit.txt
  • workspace/newvape/profiles/default4483381587.txt
  • workspace/newvape/profiles/gui.txt
  • workspace/newvape/profiles/whitelist.json