diff options
| author | Raghuram Subramani <raghus2247@gmail.com> | 2022-03-01 17:41:34 +0530 |
|---|---|---|
| committer | Raghuram Subramani <raghus2247@gmail.com> | 2022-03-01 17:41:34 +0530 |
| commit | aa73be39e29f2972ecec745823ec1585b534e9c6 (patch) | |
| tree | 6fc809a91e81fc2e1aaa91b3a6de8fc3497ca65d | |
| parent | 71dd1dc672fb230428ed3662f59b552eac70d215 (diff) | |
add rooms
49 files changed, 84 insertions, 0 deletions
diff --git a/basicMalwareRE/basicMalwareRE.gpr b/basicMalwareRE/basicMalwareRE.gpr new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.gpr diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp new file mode 100644 index 0000000..4413750 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FILE_INFO> + <BASIC_INFO> + <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" /> + <STATE NAME="PARENT" TYPE="string" VALUE="/" /> + <STATE NAME="FILE_ID" TYPE="string" VALUE="7f011b2bb85315458192030" /> + <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" /> + <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" /> + <STATE NAME="NAME" TYPE="string" VALUE="strings1.exe" /> + </BASIC_INFO> +</FILE_INFO> diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp new file mode 100644 index 0000000..4b26c3a --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FILE_INFO> + <BASIC_INFO> + <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" /> + <STATE NAME="PARENT" TYPE="string" VALUE="/" /> + <STATE NAME="FILE_ID" TYPE="string" VALUE="7f0118fad85503306225532" /> + <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" /> + <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" /> + <STATE NAME="NAME" TYPE="string" VALUE="strings2.exe" /> + </BASIC_INFO> +</FILE_INFO> diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp new file mode 100644 index 0000000..de8ba0a --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FILE_INFO> + <BASIC_INFO> + <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" /> + <STATE NAME="PARENT" TYPE="string" VALUE="/" /> + <STATE NAME="FILE_ID" TYPE="string" VALUE="7f011825185934088184598" /> + <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" /> + <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" /> + <STATE NAME="NAME" TYPE="string" VALUE="strings3.exe" /> + </BASIC_INFO> +</FILE_INFO> diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf Binary files differnew file mode 100644 index 0000000..ed47296 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf Binary files differnew file mode 100644 index 0000000..c708f74 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf Binary files differnew file mode 100644 index 0000000..61bd54b --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak b/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak new file mode 100644 index 0000000..ddec091 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak @@ -0,0 +1,7 @@ +VERSION=1 +/ + 00000000:strings1.exe:7f011b2bb85315458192030 + 00000001:strings2.exe:7f0118fad85503306225532 + 00000002:strings3.exe:7f011825185934088184598 +NEXT-ID:3 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat b/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat new file mode 100644 index 0000000..ddec091 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat @@ -0,0 +1,7 @@ +VERSION=1 +/ + 00000000:strings1.exe:7f011b2bb85315458192030 + 00000001:strings2.exe:7f0118fad85503306225532 + 00000002:strings3.exe:7f011825185934088184598 +NEXT-ID:3 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/project.prp b/basicMalwareRE/basicMalwareRE.rep/project.prp new file mode 100644 index 0000000..e9a735d --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/project.prp @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FILE_INFO> + <BASIC_INFO> + <STATE NAME="OWNER" TYPE="string" VALUE="compromyse" /> + </BASIC_INFO> +</FILE_INFO> diff --git a/basicMalwareRE/basicMalwareRE.rep/projectState b/basicMalwareRE/basicMalwareRE.rep/projectState new file mode 100644 index 0000000..4c6b2bb --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/projectState @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<PROJECT>
+ <PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
+ <SAVE_STATE>
+ <ARRAY NAME="EXPANDED_PATHS" TYPE="string">
+ <A VALUE="basicMalwareRE:" />
+ </ARRAY>
+ <STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="false" />
+ </SAVE_STATE>
+ </PROJECT_DATA_XML_NAME>
+ <TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
+ <WORKSPACE NAME="Workspace" ACTIVE="true" />
+ </TOOL_MANAGER>
+</PROJECT>
+
diff --git a/basicMalwareRE/basicMalwareRE.rep/user/~index.dat b/basicMalwareRE/basicMalwareRE.rep/user/~index.dat new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/user/~index.dat @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/strings1.exe b/basicMalwareRE/strings1.exe Binary files differnew file mode 100644 index 0000000..115dede --- /dev/null +++ b/basicMalwareRE/strings1.exe diff --git a/basicMalwareRE/strings1.zip b/basicMalwareRE/strings1.zip Binary files differnew file mode 100644 index 0000000..eb03dde --- /dev/null +++ b/basicMalwareRE/strings1.zip diff --git a/basicMalwareRE/strings2.exe b/basicMalwareRE/strings2.exe Binary files differnew file mode 100644 index 0000000..9a4df5d --- /dev/null +++ b/basicMalwareRE/strings2.exe diff --git a/basicMalwareRE/strings2.zip b/basicMalwareRE/strings2.zip Binary files differnew file mode 100644 index 0000000..e358c2a --- /dev/null +++ b/basicMalwareRE/strings2.zip diff --git a/basicMalwareRE/strings3.exe b/basicMalwareRE/strings3.exe Binary files differnew file mode 100644 index 0000000..e5a3192 --- /dev/null +++ b/basicMalwareRE/strings3.exe diff --git a/basicMalwareRE/strings3.zip b/basicMalwareRE/strings3.zip Binary files differnew file mode 100644 index 0000000..bbbaa88 --- /dev/null +++ b/basicMalwareRE/strings3.zip diff --git a/volatility/README.md b/volatility/README.md new file mode 100644 index 0000000..9d8c00e --- /dev/null +++ b/volatility/README.md @@ -0,0 +1 @@ +malware name > `cridex` diff --git a/volatility/compressed_cridex.zip b/volatility/compressed_cridex.zip Binary files differnew file mode 100644 index 0000000..fb07d64 --- /dev/null +++ b/volatility/compressed_cridex.zip diff --git a/volatility/cridex.vmem b/volatility/cridex.vmem new file mode 100644 index 0000000..f7bc2a2 --- /dev/null +++ b/volatility/cridex.vmem @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d +size 536870912 diff --git a/volatility/dlldump/module.368.24f1020.48580000.dll b/volatility/dlldump/module.368.24f1020.48580000.dll Binary files differnew file mode 100644 index 0000000..baf998a --- /dev/null +++ b/volatility/dlldump/module.368.24f1020.48580000.dll diff --git a/volatility/dlldump/module.368.24f1020.7c900000.dll b/volatility/dlldump/module.368.24f1020.7c900000.dll Binary files differnew file mode 100644 index 0000000..7817542 --- /dev/null +++ b/volatility/dlldump/module.368.24f1020.7c900000.dll diff --git a/volatility/dlldump/module.584.24a0598.4a680000.dll b/volatility/dlldump/module.584.24a0598.4a680000.dll Binary files differnew file mode 100644 index 0000000..ff3c9dc --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.4a680000.dll diff --git a/volatility/dlldump/module.584.24a0598.75b40000.dll b/volatility/dlldump/module.584.24a0598.75b40000.dll Binary files differnew file mode 100644 index 0000000..05a658b --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.75b40000.dll diff --git a/volatility/dlldump/module.584.24a0598.75b50000.dll b/volatility/dlldump/module.584.24a0598.75b50000.dll Binary files differnew file mode 100644 index 0000000..a325415 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.75b50000.dll diff --git a/volatility/dlldump/module.584.24a0598.75b60000.dll b/volatility/dlldump/module.584.24a0598.75b60000.dll Binary files differnew file mode 100644 index 0000000..f1cc79a --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.75b60000.dll diff --git a/volatility/dlldump/module.584.24a0598.77dd0000.dll b/volatility/dlldump/module.584.24a0598.77dd0000.dll Binary files differnew file mode 100644 index 0000000..c3825fc --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.77dd0000.dll diff --git a/volatility/dlldump/module.584.24a0598.77e70000.dll b/volatility/dlldump/module.584.24a0598.77e70000.dll Binary files differnew file mode 100644 index 0000000..f4514a6 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.77e70000.dll diff --git a/volatility/dlldump/module.584.24a0598.77f10000.dll b/volatility/dlldump/module.584.24a0598.77f10000.dll Binary files differnew file mode 100644 index 0000000..7eb25b6 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.77f10000.dll diff --git a/volatility/dlldump/module.584.24a0598.77fe0000.dll b/volatility/dlldump/module.584.24a0598.77fe0000.dll Binary files differnew file mode 100644 index 0000000..1e54a39 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.77fe0000.dll diff --git a/volatility/dlldump/module.584.24a0598.7c800000.dll b/volatility/dlldump/module.584.24a0598.7c800000.dll Binary files differnew file mode 100644 index 0000000..da720af --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.7c800000.dll diff --git a/volatility/dlldump/module.584.24a0598.7c900000.dll b/volatility/dlldump/module.584.24a0598.7c900000.dll Binary files differnew file mode 100644 index 0000000..3072ab9 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.7c900000.dll diff --git a/volatility/dlldump/module.584.24a0598.7e410000.dll b/volatility/dlldump/module.584.24a0598.7e410000.dll Binary files differnew file mode 100644 index 0000000..633b5d9 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.7e410000.dll diff --git a/volatility/dlldump/module.584.24a0598.7e720000.dll b/volatility/dlldump/module.584.24a0598.7e720000.dll Binary files differnew file mode 100644 index 0000000..c24cdb7 --- /dev/null +++ b/volatility/dlldump/module.584.24a0598.7e720000.dll diff --git a/volatility/malware/process.0x81e7bda0.0x3d0000.dmp b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp Binary files differnew file mode 100644 index 0000000..a17b674 --- /dev/null +++ b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp diff --git a/volatility/malware/process.0x821dea70.0x1460000.dmp b/volatility/malware/process.0x821dea70.0x1460000.dmp Binary files differnew file mode 100644 index 0000000..7f3f0e5 --- /dev/null +++ b/volatility/malware/process.0x821dea70.0x1460000.dmp diff --git a/volatility/malware/process.0x82298700.0x13410000.dmp b/volatility/malware/process.0x82298700.0x13410000.dmp Binary files differnew file mode 100644 index 0000000..4328012 --- /dev/null +++ b/volatility/malware/process.0x82298700.0x13410000.dmp diff --git a/volatility/malware/process.0x82298700.0x4c540000.dmp b/volatility/malware/process.0x82298700.0x4c540000.dmp Binary files differnew file mode 100644 index 0000000..1669829 --- /dev/null +++ b/volatility/malware/process.0x82298700.0x4c540000.dmp diff --git a/volatility/malware/process.0x82298700.0x4dc40000.dmp b/volatility/malware/process.0x82298700.0x4dc40000.dmp Binary files differnew file mode 100644 index 0000000..b29d267 --- /dev/null +++ b/volatility/malware/process.0x82298700.0x4dc40000.dmp diff --git a/volatility/malware/process.0x82298700.0x4ee0000.dmp b/volatility/malware/process.0x82298700.0x4ee0000.dmp Binary files differnew file mode 100644 index 0000000..53f720b --- /dev/null +++ b/volatility/malware/process.0x82298700.0x4ee0000.dmp diff --git a/volatility/malware/process.0x82298700.0x554c0000.dmp b/volatility/malware/process.0x82298700.0x554c0000.dmp Binary files differnew file mode 100644 index 0000000..bd7770e --- /dev/null +++ b/volatility/malware/process.0x82298700.0x554c0000.dmp diff --git a/volatility/malware/process.0x82298700.0x5de10000.dmp b/volatility/malware/process.0x82298700.0x5de10000.dmp Binary files differnew file mode 100644 index 0000000..b9349e4 --- /dev/null +++ b/volatility/malware/process.0x82298700.0x5de10000.dmp diff --git a/volatility/malware/process.0x82298700.0x6a230000.dmp b/volatility/malware/process.0x82298700.0x6a230000.dmp Binary files differnew file mode 100644 index 0000000..21e401e --- /dev/null +++ b/volatility/malware/process.0x82298700.0x6a230000.dmp diff --git a/volatility/malware/process.0x82298700.0x73f40000.dmp b/volatility/malware/process.0x82298700.0x73f40000.dmp Binary files differnew file mode 100644 index 0000000..2bc8dd5 --- /dev/null +++ b/volatility/malware/process.0x82298700.0x73f40000.dmp diff --git a/volatility/malware/process.0x82298700.0xf9e0000.dmp b/volatility/malware/process.0x82298700.0xf9e0000.dmp Binary files differnew file mode 100644 index 0000000..f7882fc --- /dev/null +++ b/volatility/malware/process.0x82298700.0xf9e0000.dmp diff --git a/volatility/malware/process.0x822a0598.0x7f6f0000.dmp b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp Binary files differnew file mode 100644 index 0000000..9d1787a --- /dev/null +++ b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp |