R[.]3[.]L[.]E[.]$[.]E-1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

R.3.L.E.$.E-1.zip
Size

2.4MB
MD5

53bbe83009cfcb949480bd34ab4bd6ee
SHA1

b12a44ebef54226ddd149a531b58c3caec0e4682
SHA256

7cef706bc97b302f19b60a3f13709abbbafa4e31644ee9b1ca88d5a02a5ebb2a
SHA512

7e3372ebcbbea836bc4916d1b50a9efe0a9b9c08a2ae8fbfe961820f3a2d96bcbcc6f925db65708870347aa259f8321418af5debeaff95272e6cdd99733adf28
SSDEEP

49152:ob8jYt9NBqDsg4hagduhQrwlKZizCWSE8ScyXbsrEHlKyqn+8yXQLR:gy0/fP0hQHiztPpXbsrk5ALR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rel3aseUi/libcares-2.dll

Files

R.3.L.E.$.E-1.zip
.zip

Password: ryos
README.txt
Rel3aseUi/ReleaseUi.exe
.exe windows:4 windows x64 arch:x64

Password: ryos

5e0af64c3e9a49e104c9c45fdab56d68

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/06/2024, 00:00

Not After

03/06/2025, 23:59

Subject

SERIALNUMBER=3380475,CN=GitKraken (AXOSOFT\, LLC),O=GitKraken (AXOSOFT\, LLC),L=Scottsdale,ST=Arizona,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:03:df:96:b8:fa:75:df:c4:3b:eb:ce:9b:ae:f1:bc:ea:5d:57:db:a7:36:03:5e:39:56:bd:c3:46:48:ea:2d
Signer

Actual PE Digest

e1:03:df:96:b8:fa:75:df:c4:3b:eb:ce:9b:ae:f1:bc:ea:5d:57:db:a7:36:03:5e:39:56:bd:c3:46:48:ea:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_strdup
_unlock
_write
abort
atexit
atoi
calloc
exit
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
memset
putchar
puts
signal
strchr
strerror
strlen
strncmp
strtoul
vfprintf
wcslen

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
select

libcares-2

ares_buf_create
ares_buf_destroy
ares_buf_load_file
ares_buf_split_str
ares_destroy
ares_dns_addr_to_ptr
ares_dns_class_fromstr
ares_dns_class_tostr
ares_dns_opcode_tostr
ares_dns_opt_get_datatype
ares_dns_opt_get_name
ares_dns_pton
ares_dns_rcode_tostr
ares_dns_rec_type_fromstr
ares_dns_rec_type_tostr
ares_dns_record_create
ares_dns_record_destroy
ares_dns_record_get_flags
ares_dns_record_get_id
ares_dns_record_get_opcode
ares_dns_record_get_rcode
ares_dns_record_query_add
ares_dns_record_query_cnt
ares_dns_record_query_get
ares_dns_record_rr_add
ares_dns_record_rr_cnt
ares_dns_record_rr_get_const
ares_dns_rr_get_abin
ares_dns_rr_get_abin_cnt
ares_dns_rr_get_addr
ares_dns_rr_get_addr6
ares_dns_rr_get_bin
ares_dns_rr_get_class
ares_dns_rr_get_keys
ares_dns_rr_get_name
ares_dns_rr_get_opt
ares_dns_rr_get_opt_byid
ares_dns_rr_get_opt_cnt
ares_dns_rr_get_str
ares_dns_rr_get_ttl
ares_dns_rr_get_type
ares_dns_rr_get_u16
ares_dns_rr_get_u32
ares_dns_rr_get_u8
ares_dns_rr_key_datatype
ares_dns_rr_set_u16
ares_dns_rr_set_u8
ares_dns_section_tostr
ares_dns_write
ares_expand_name
ares_expand_string
ares_fds
ares_free
ares_free_array
ares_free_string
ares_inet_ntop
ares_init_options
ares_is_hostname
ares_library_cleanup
ares_library_init
ares_process
ares_search_dnsrec
ares_send_dnsrec
ares_set_servers_ports_csv
ares_str_isnum
ares_streq_max
ares_strerror
ares_strlen
ares_timeout
ares_version

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rel3aseUi/libcares-2.dll
.dll windows:6 windows x64 arch:x64

Password: ryos

69331c1d0fd9da1b6773cea279048fb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
DeregisterEventSource
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW

bcrypt

BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptGenRandom
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CreateDirectoryW
CreateEventExW
CreateFileW
CreatePipe
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoExEx
EnumTimeFormatsEx
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfoExW
GetCalendarInfoEx
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemTime
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserPreferredUILanguages
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
IsWow64Process
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
OpenThread
QueryPerformanceCounter
QueryPerformanceFrequency
QueryUnbiasedInterruptTime
RaiseFailFastException
ReadConsoleW
ReadFile
ResetEvent
ResolveLocaleName
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadErrorMode
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
LocateXStateFeature
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
SleepEx
DebugBreak
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
CoCreateGuid
CoGetApartmentType

user32

LoadStringW

api-ms-win-crt-math-l1-1-0

pow
tan
floor
cos
ceil
sin
modf

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s
wcsncmp
_stricmp
strcmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_crt_atexit
_initterm
_cexit
_seh_filter_dll
_register_onexit_function
abort
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
terminate

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf

Exports

Exports

1ITe1p2k1R3Ytz9GXNcBXQRWyFmlHkI
WaNX1JcJRRS3
ares_array_at
ares_array_at_const
ares_array_claim_at
ares_array_create
ares_array_destroy
ares_array_finish
ares_array_first
ares_array_first_const
ares_array_insert_at
ares_array_insert_first
ares_array_insert_last
ares_array_insertdata_at
ares_array_insertdata_first
ares_array_insertdata_last
ares_array_last
ares_array_last_const
ares_array_len
ares_array_remove_at
ares_array_remove_first
ares_array_remove_last
ares_array_set_size
ares_array_sort
ares_buf_append
ares_buf_append_be16
ares_buf_append_be32
ares_buf_append_byte
ares_buf_append_finish
ares_buf_append_num_dec
ares_buf_append_num_hex
ares_buf_append_start
ares_buf_append_str
ares_buf_begins_with
ares_buf_consume
ares_buf_consume_charset
ares_buf_consume_line
ares_buf_consume_nonwhitespace
ares_buf_consume_until_charset
ares_buf_consume_until_seq
ares_buf_consume_whitespace
ares_buf_create
ares_buf_create_const
ares_buf_destroy
ares_buf_fetch_be16
ares_buf_fetch_be32
ares_buf_fetch_bytes
ares_buf_fetch_bytes_dup
ares_buf_fetch_bytes_into_buf
ares_buf_fetch_str_dup
ares_buf_finish_bin
ares_buf_finish_str
ares_buf_get_position
ares_buf_hexdump
ares_buf_len
ares_buf_load_file
ares_buf_parse_dns_binstr
ares_buf_parse_dns_str
ares_buf_peek
ares_buf_peek_byte
ares_buf_reclaim
ares_buf_set_length
ares_buf_set_position
ares_buf_split
ares_buf_split_str
ares_buf_split_str_array
ares_buf_tag
ares_buf_tag_clear
ares_buf_tag_fetch
ares_buf_tag_fetch_bytes
ares_buf_tag_fetch_constbuf
ares_buf_tag_fetch_strdup
ares_buf_tag_fetch_string
ares_buf_tag_length
ares_buf_tag_rollback
ares_cancel
ares_create_query
ares_destroy
ares_destroy_options
ares_dns_addr_to_ptr
ares_dns_class_fromstr
ares_dns_class_tostr
ares_dns_opcode_tostr
ares_dns_opt_get_datatype
ares_dns_opt_get_name
ares_dns_parse
ares_dns_pton
ares_dns_rcode_tostr
ares_dns_rec_type_fromstr
ares_dns_rec_type_tostr
ares_dns_record_create
ares_dns_record_destroy
ares_dns_record_duplicate
ares_dns_record_get_flags
ares_dns_record_get_id
ares_dns_record_get_opcode
ares_dns_record_get_rcode
ares_dns_record_query_add
ares_dns_record_query_cnt
ares_dns_record_query_get
ares_dns_record_query_set_name
ares_dns_record_query_set_type
ares_dns_record_rr_add
ares_dns_record_rr_cnt
ares_dns_record_rr_del
ares_dns_record_rr_get
ares_dns_record_rr_get_const
ares_dns_record_set_id
ares_dns_rr_add_abin
ares_dns_rr_del_abin
ares_dns_rr_del_opt_byid
ares_dns_rr_get_abin
ares_dns_rr_get_abin_cnt
ares_dns_rr_get_addr
ares_dns_rr_get_addr6
ares_dns_rr_get_bin
ares_dns_rr_get_class
ares_dns_rr_get_keys
ares_dns_rr_get_name
ares_dns_rr_get_opt
ares_dns_rr_get_opt_byid
ares_dns_rr_get_opt_cnt
ares_dns_rr_get_str
ares_dns_rr_get_ttl
ares_dns_rr_get_type
ares_dns_rr_get_u16
ares_dns_rr_get_u32
ares_dns_rr_get_u8
ares_dns_rr_key_datatype
ares_dns_rr_key_to_rec_type
ares_dns_rr_key_tostr
ares_dns_rr_set_addr
ares_dns_rr_set_addr6
ares_dns_rr_set_bin
ares_dns_rr_set_opt
ares_dns_rr_set_str
ares_dns_rr_set_u16
ares_dns_rr_set_u32
ares_dns_rr_set_u8
ares_dns_section_tostr
ares_dns_write
ares_dup
ares_expand_name
ares_expand_string
ares_fds
ares_free
ares_free_array
ares_free_data
ares_free_hostent
ares_free_string
ares_freeaddrinfo
ares_get_servers
ares_get_servers_csv
ares_get_servers_ports
ares_getaddrinfo
ares_gethostbyaddr
ares_gethostbyname
ares_gethostbyname_file
ares_getnameinfo
ares_getsock
ares_htable_asvp_create
ares_htable_asvp_destroy
ares_htable_asvp_get
ares_htable_asvp_get_direct
ares_htable_asvp_insert
ares_htable_asvp_keys
ares_htable_asvp_num_keys
ares_htable_asvp_remove
ares_htable_dict_create
ares_htable_dict_destroy
ares_htable_dict_get
ares_htable_dict_get_direct
ares_htable_dict_insert
ares_htable_dict_keys
ares_htable_dict_num_keys
ares_htable_dict_remove
ares_htable_strvp_claim
ares_htable_strvp_create
ares_htable_strvp_destroy
ares_htable_strvp_get
ares_htable_strvp_get_direct
ares_htable_strvp_insert
ares_htable_strvp_num_keys
ares_htable_strvp_remove
ares_htable_szvp_create
ares_htable_szvp_destroy
ares_htable_szvp_get
ares_htable_szvp_get_direct
ares_htable_szvp_insert
ares_htable_szvp_num_keys
ares_htable_szvp_remove
ares_htable_vpstr_create
ares_htable_vpstr_destroy
ares_htable_vpstr_get
ares_htable_vpstr_get_direct
ares_htable_vpstr_insert
ares_htable_vpstr_num_keys
ares_htable_vpstr_remove
ares_htable_vpvp_create
ares_htable_vpvp_destroy
ares_htable_vpvp_get
ares_htable_vpvp_get_direct
ares_htable_vpvp_insert
ares_htable_vpvp_num_keys
ares_htable_vpvp_remove
ares_inet_ntop
ares_inet_pton
ares_init
ares_init_options
ares_is_hostname
ares_library_cleanup
ares_library_init
ares_library_init_mem
ares_library_initialized
ares_llist_clear
ares_llist_create
ares_llist_destroy
ares_llist_first_val
ares_llist_insert_after
ares_llist_insert_before
ares_llist_insert_first
ares_llist_insert_last
ares_llist_last_val
ares_llist_len
ares_llist_node_claim
ares_llist_node_destroy
ares_llist_node_first
ares_llist_node_idx
ares_llist_node_last
ares_llist_node_mvparent_first
ares_llist_node_mvparent_last
ares_llist_node_next
ares_llist_node_parent
ares_llist_node_prev
ares_llist_node_replace
ares_llist_node_val
ares_llist_replace_destructor
ares_malloc
ares_malloc_zero
ares_memeq
ares_memeq_ci
ares_memmem
ares_mkquery
ares_parse_a_reply
ares_parse_aaaa_reply
ares_parse_caa_reply
ares_parse_mx_reply
ares_parse_naptr_reply
ares_parse_ns_reply
ares_parse_ptr_reply
ares_parse_soa_reply
ares_parse_srv_reply
ares_parse_txt_reply
ares_parse_txt_reply_ext
ares_parse_uri_reply
ares_process
ares_process_fd
ares_process_fds
ares_process_pending_write
ares_query
ares_query_dnsrec
ares_queue_active_queries
ares_queue_wait_empty
ares_realloc
ares_realloc_zero
ares_reinit
ares_save_options
ares_search
ares_search_dnsrec
ares_send
ares_send_dnsrec
ares_set_local_dev
ares_set_local_ip4
ares_set_local_ip6
ares_set_pending_write_cb
ares_set_server_state_callback
ares_set_servers
ares_set_servers_csv
ares_set_servers_ports
ares_set_servers_ports_csv
ares_set_socket_callback
ares_set_socket_configure_callback
ares_set_socket_functions
ares_set_socket_functions_ex
ares_set_sortlist
ares_str_isalnum
ares_str_isnum
ares_str_isprint
ares_str_lower
ares_str_ltrim
ares_str_rtrim
ares_str_trim
ares_strcasecmp
ares_strcaseeq
ares_strcaseeq_max
ares_strcmp
ares_strcpy
ares_strdup
ares_streq
ares_streq_max
ares_strerror
ares_strlen
ares_strncasecmp
ares_strncmp
ares_threadsafety
ares_timeout
ares_tolower
ares_version
gogZLPQ9
guj4cA3KMH

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rel3aseUi/scripts/Alchemy Hub.txt
Rel3aseUi/scripts/BlueLockRivals.txt
Rel3aseUi/scripts/Dex.lua
.js
Rel3aseUi/scripts/IY.txt
.js
Rel3aseUi/scripts/Infinite Yield.lua
.js
Rel3aseUi/scripts/Native Hub.txt
Rel3aseUi/scripts/Orca.txt
Rel3aseUi/scripts/Ronix Hub.txt
Rel3aseUi/scripts/Sine Wave.lua
Rel3aseUi/scripts/Spinning Donut.lua
Rel3aseUi/scripts/UNC Check.txt
.js
Rel3aseUi/scripts/UNCCheckEnv.lua
.js
Rel3aseUi/scripts/Zenith Hub.lua
Rel3aseUi/workspace/.tests/appendfile.txt
Rel3aseUi/workspace/.tests/getcustomasset.txt
Rel3aseUi/workspace/.tests/isfile.txt
Rel3aseUi/workspace/.tests/listfiles/test_1.txt
Rel3aseUi/workspace/.tests/listfiles/test_2.txt
Rel3aseUi/workspace/.tests/loadfile.txt
Rel3aseUi/workspace/.tests/readfile.txt
Rel3aseUi/workspace/.tests/writefile
Rel3aseUi/workspace/.tests/writefile.txt
Rel3aseUi/workspace/IY_FE.iy

Sharing

General

Malware Config

Signatures

Files

Password: ryos

Password: ryos

5e0af64c3e9a49e104c9c45fdab56d68

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6fCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e1:03:df:96:b8:fa:75:df:c4:3b:eb:ce:9b:ae:f1:bc:ea:5d:57:db:a7:36:03:5e:39:56:bd:c3:46:48:ea:2dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ws2_32

libcares-2

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 12KB - Virtual size: 11KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 452B

Password: ryos

69331c1d0fd9da1b6773cea279048fb0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 14KB - Virtual size: 1.1MB

.pdata Size: 185KB - Virtual size: 184KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6f
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e1:03:df:96:b8:fa:75:df:c4:3b:eb:ce:9b:ae:f1:bc:ea:5d:57:db:a7:36:03:5e:39:56:bd:c3:46:48:ea:2d
Signer

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 12KB - Virtual size: 11KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 452B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 14KB - Virtual size: 1.1MB

.pdata
Size: 185KB - Virtual size: 184KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB