From aa73be39e29f2972ecec745823ec1585b534e9c6 Mon Sep 17 00:00:00 2001 From: Raghuram Subramani Date: Tue, 1 Mar 2022 17:41:34 +0530 Subject: add rooms --- basicMalwareRE/basicMalwareRE.gpr | 0 .../basicMalwareRE.rep/idata/00/00000000.prp | 11 +++++++++++ .../basicMalwareRE.rep/idata/00/00000001.prp | 11 +++++++++++ .../basicMalwareRE.rep/idata/00/00000002.prp | 11 +++++++++++ .../idata/00/~00000000.db/db.3.gbf | Bin 0 -> 2981888 bytes .../idata/00/~00000001.db/db.2.gbf | Bin 0 -> 1114112 bytes .../idata/00/~00000002.db/db.3.gbf | Bin 0 -> 1802240 bytes basicMalwareRE/basicMalwareRE.rep/idata/~index.bak | 7 +++++++ basicMalwareRE/basicMalwareRE.rep/idata/~index.dat | 7 +++++++ basicMalwareRE/basicMalwareRE.rep/project.prp | 6 ++++++ basicMalwareRE/basicMalwareRE.rep/projectState | 15 +++++++++++++++ basicMalwareRE/basicMalwareRE.rep/user/~index.dat | 4 ++++ .../basicMalwareRE.rep/versioned/~index.bak | 4 ++++ .../basicMalwareRE.rep/versioned/~index.dat | 4 ++++ basicMalwareRE/strings1.exe | Bin 0 -> 213504 bytes basicMalwareRE/strings1.zip | Bin 0 -> 61498 bytes basicMalwareRE/strings2.exe | Bin 0 -> 9216 bytes basicMalwareRE/strings2.zip | Bin 0 -> 3425 bytes basicMalwareRE/strings3.exe | Bin 0 -> 52736 bytes basicMalwareRE/strings3.zip | Bin 0 -> 11456 bytes volatility/README.md | 1 + volatility/compressed_cridex.zip | Bin 0 -> 40352364 bytes volatility/cridex.vmem | 3 +++ volatility/dlldump/module.368.24f1020.48580000.dll | Bin 0 -> 50688 bytes volatility/dlldump/module.368.24f1020.7c900000.dll | Bin 0 -> 706048 bytes volatility/dlldump/module.584.24a0598.4a680000.dll | Bin 0 -> 6144 bytes volatility/dlldump/module.584.24a0598.75b40000.dll | Bin 0 -> 32256 bytes volatility/dlldump/module.584.24a0598.75b50000.dll | Bin 0 -> 52736 bytes volatility/dlldump/module.584.24a0598.75b60000.dll | Bin 0 -> 293376 bytes volatility/dlldump/module.584.24a0598.77dd0000.dll | Bin 0 -> 617472 bytes volatility/dlldump/module.584.24a0598.77e70000.dll | Bin 0 -> 584704 bytes volatility/dlldump/module.584.24a0598.77f10000.dll | Bin 0 -> 285184 bytes volatility/dlldump/module.584.24a0598.77fe0000.dll | Bin 0 -> 56320 bytes volatility/dlldump/module.584.24a0598.7c800000.dll | Bin 0 -> 989696 bytes volatility/dlldump/module.584.24a0598.7c900000.dll | Bin 0 -> 706048 bytes volatility/dlldump/module.584.24a0598.7e410000.dll | Bin 0 -> 578560 bytes volatility/dlldump/module.584.24a0598.7e720000.dll | Bin 0 -> 713216 bytes volatility/malware/process.0x81e7bda0.0x3d0000.dmp | Bin 0 -> 135168 bytes volatility/malware/process.0x821dea70.0x1460000.dmp | Bin 0 -> 135168 bytes volatility/malware/process.0x82298700.0x13410000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x4c540000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x4dc40000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x4ee0000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x554c0000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x5de10000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x6a230000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0x73f40000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x82298700.0xf9e0000.dmp | Bin 0 -> 16384 bytes volatility/malware/process.0x822a0598.0x7f6f0000.dmp | Bin 0 -> 1048576 bytes 49 files changed, 84 insertions(+) create mode 100644 basicMalwareRE/basicMalwareRE.gpr create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/~index.bak create mode 100644 basicMalwareRE/basicMalwareRE.rep/idata/~index.dat create mode 100644 basicMalwareRE/basicMalwareRE.rep/project.prp create mode 100644 basicMalwareRE/basicMalwareRE.rep/projectState create mode 100644 basicMalwareRE/basicMalwareRE.rep/user/~index.dat create mode 100644 basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak create mode 100644 basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat create mode 100644 basicMalwareRE/strings1.exe create mode 100644 basicMalwareRE/strings1.zip create mode 100644 basicMalwareRE/strings2.exe create mode 100644 basicMalwareRE/strings2.zip create mode 100644 basicMalwareRE/strings3.exe create mode 100644 basicMalwareRE/strings3.zip create mode 100644 volatility/README.md create mode 100644 volatility/compressed_cridex.zip create mode 100644 volatility/cridex.vmem create mode 100644 volatility/dlldump/module.368.24f1020.48580000.dll create mode 100644 volatility/dlldump/module.368.24f1020.7c900000.dll create mode 100644 volatility/dlldump/module.584.24a0598.4a680000.dll create mode 100644 volatility/dlldump/module.584.24a0598.75b40000.dll create mode 100644 volatility/dlldump/module.584.24a0598.75b50000.dll create mode 100644 volatility/dlldump/module.584.24a0598.75b60000.dll create mode 100644 volatility/dlldump/module.584.24a0598.77dd0000.dll create mode 100644 volatility/dlldump/module.584.24a0598.77e70000.dll create mode 100644 volatility/dlldump/module.584.24a0598.77f10000.dll create mode 100644 volatility/dlldump/module.584.24a0598.77fe0000.dll create mode 100644 volatility/dlldump/module.584.24a0598.7c800000.dll create mode 100644 volatility/dlldump/module.584.24a0598.7c900000.dll create mode 100644 volatility/dlldump/module.584.24a0598.7e410000.dll create mode 100644 volatility/dlldump/module.584.24a0598.7e720000.dll create mode 100644 volatility/malware/process.0x81e7bda0.0x3d0000.dmp create mode 100644 volatility/malware/process.0x821dea70.0x1460000.dmp create mode 100644 volatility/malware/process.0x82298700.0x13410000.dmp create mode 100644 volatility/malware/process.0x82298700.0x4c540000.dmp create mode 100644 volatility/malware/process.0x82298700.0x4dc40000.dmp create mode 100644 volatility/malware/process.0x82298700.0x4ee0000.dmp create mode 100644 volatility/malware/process.0x82298700.0x554c0000.dmp create mode 100644 volatility/malware/process.0x82298700.0x5de10000.dmp create mode 100644 volatility/malware/process.0x82298700.0x6a230000.dmp create mode 100644 volatility/malware/process.0x82298700.0x73f40000.dmp create mode 100644 volatility/malware/process.0x82298700.0xf9e0000.dmp create mode 100644 volatility/malware/process.0x822a0598.0x7f6f0000.dmp diff --git a/basicMalwareRE/basicMalwareRE.gpr b/basicMalwareRE/basicMalwareRE.gpr new file mode 100644 index 0000000..e69de29 diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp new file mode 100644 index 0000000..4413750 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000000.prp @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp new file mode 100644 index 0000000..4b26c3a --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000001.prp @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp new file mode 100644 index 0000000..de8ba0a --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/00/00000002.prp @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf new file mode 100644 index 0000000..ed47296 Binary files /dev/null and b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000000.db/db.3.gbf differ diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf new file mode 100644 index 0000000..c708f74 Binary files /dev/null and b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000001.db/db.2.gbf differ diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf new file mode 100644 index 0000000..61bd54b Binary files /dev/null and b/basicMalwareRE/basicMalwareRE.rep/idata/00/~00000002.db/db.3.gbf differ diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak b/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak new file mode 100644 index 0000000..ddec091 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/~index.bak @@ -0,0 +1,7 @@ +VERSION=1 +/ + 00000000:strings1.exe:7f011b2bb85315458192030 + 00000001:strings2.exe:7f0118fad85503306225532 + 00000002:strings3.exe:7f011825185934088184598 +NEXT-ID:3 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat b/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat new file mode 100644 index 0000000..ddec091 --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/idata/~index.dat @@ -0,0 +1,7 @@ +VERSION=1 +/ + 00000000:strings1.exe:7f011b2bb85315458192030 + 00000001:strings2.exe:7f0118fad85503306225532 + 00000002:strings3.exe:7f011825185934088184598 +NEXT-ID:3 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/project.prp b/basicMalwareRE/basicMalwareRE.rep/project.prp new file mode 100644 index 0000000..e9a735d --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/project.prp @@ -0,0 +1,6 @@ + + + + + + diff --git a/basicMalwareRE/basicMalwareRE.rep/projectState b/basicMalwareRE/basicMalwareRE.rep/projectState new file mode 100644 index 0000000..4c6b2bb --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/projectState @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/basicMalwareRE/basicMalwareRE.rep/user/~index.dat b/basicMalwareRE/basicMalwareRE.rep/user/~index.dat new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/user/~index.dat @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.bak @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat new file mode 100644 index 0000000..b1e697f --- /dev/null +++ b/basicMalwareRE/basicMalwareRE.rep/versioned/~index.dat @@ -0,0 +1,4 @@ +VERSION=1 +/ +NEXT-ID:0 +MD5:d41d8cd98f00b204e9800998ecf8427e diff --git a/basicMalwareRE/strings1.exe b/basicMalwareRE/strings1.exe new file mode 100644 index 0000000..115dede Binary files /dev/null and b/basicMalwareRE/strings1.exe differ diff --git a/basicMalwareRE/strings1.zip b/basicMalwareRE/strings1.zip new file mode 100644 index 0000000..eb03dde Binary files /dev/null and b/basicMalwareRE/strings1.zip differ diff --git a/basicMalwareRE/strings2.exe b/basicMalwareRE/strings2.exe new file mode 100644 index 0000000..9a4df5d Binary files /dev/null and b/basicMalwareRE/strings2.exe differ diff --git a/basicMalwareRE/strings2.zip b/basicMalwareRE/strings2.zip new file mode 100644 index 0000000..e358c2a Binary files /dev/null and b/basicMalwareRE/strings2.zip differ diff --git a/basicMalwareRE/strings3.exe b/basicMalwareRE/strings3.exe new file mode 100644 index 0000000..e5a3192 Binary files /dev/null and b/basicMalwareRE/strings3.exe differ diff --git a/basicMalwareRE/strings3.zip b/basicMalwareRE/strings3.zip new file mode 100644 index 0000000..bbbaa88 Binary files /dev/null and b/basicMalwareRE/strings3.zip differ diff --git a/volatility/README.md b/volatility/README.md new file mode 100644 index 0000000..9d8c00e --- /dev/null +++ b/volatility/README.md @@ -0,0 +1 @@ +malware name > `cridex` diff --git a/volatility/compressed_cridex.zip b/volatility/compressed_cridex.zip new file mode 100644 index 0000000..fb07d64 Binary files /dev/null and b/volatility/compressed_cridex.zip differ diff --git a/volatility/cridex.vmem b/volatility/cridex.vmem new file mode 100644 index 0000000..f7bc2a2 --- /dev/null +++ b/volatility/cridex.vmem @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d +size 536870912 diff --git a/volatility/dlldump/module.368.24f1020.48580000.dll b/volatility/dlldump/module.368.24f1020.48580000.dll new file mode 100644 index 0000000..baf998a Binary files /dev/null and b/volatility/dlldump/module.368.24f1020.48580000.dll differ diff --git a/volatility/dlldump/module.368.24f1020.7c900000.dll b/volatility/dlldump/module.368.24f1020.7c900000.dll new file mode 100644 index 0000000..7817542 Binary files /dev/null and b/volatility/dlldump/module.368.24f1020.7c900000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.4a680000.dll b/volatility/dlldump/module.584.24a0598.4a680000.dll new file mode 100644 index 0000000..ff3c9dc Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.4a680000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.75b40000.dll b/volatility/dlldump/module.584.24a0598.75b40000.dll new file mode 100644 index 0000000..05a658b Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.75b40000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.75b50000.dll b/volatility/dlldump/module.584.24a0598.75b50000.dll new file mode 100644 index 0000000..a325415 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.75b50000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.75b60000.dll b/volatility/dlldump/module.584.24a0598.75b60000.dll new file mode 100644 index 0000000..f1cc79a Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.75b60000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.77dd0000.dll b/volatility/dlldump/module.584.24a0598.77dd0000.dll new file mode 100644 index 0000000..c3825fc Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.77dd0000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.77e70000.dll b/volatility/dlldump/module.584.24a0598.77e70000.dll new file mode 100644 index 0000000..f4514a6 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.77e70000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.77f10000.dll b/volatility/dlldump/module.584.24a0598.77f10000.dll new file mode 100644 index 0000000..7eb25b6 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.77f10000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.77fe0000.dll b/volatility/dlldump/module.584.24a0598.77fe0000.dll new file mode 100644 index 0000000..1e54a39 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.77fe0000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.7c800000.dll b/volatility/dlldump/module.584.24a0598.7c800000.dll new file mode 100644 index 0000000..da720af Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.7c800000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.7c900000.dll b/volatility/dlldump/module.584.24a0598.7c900000.dll new file mode 100644 index 0000000..3072ab9 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.7c900000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.7e410000.dll b/volatility/dlldump/module.584.24a0598.7e410000.dll new file mode 100644 index 0000000..633b5d9 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.7e410000.dll differ diff --git a/volatility/dlldump/module.584.24a0598.7e720000.dll b/volatility/dlldump/module.584.24a0598.7e720000.dll new file mode 100644 index 0000000..c24cdb7 Binary files /dev/null and b/volatility/dlldump/module.584.24a0598.7e720000.dll differ diff --git a/volatility/malware/process.0x81e7bda0.0x3d0000.dmp b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp new file mode 100644 index 0000000..a17b674 Binary files /dev/null and b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp differ diff --git a/volatility/malware/process.0x821dea70.0x1460000.dmp b/volatility/malware/process.0x821dea70.0x1460000.dmp new file mode 100644 index 0000000..7f3f0e5 Binary files /dev/null and b/volatility/malware/process.0x821dea70.0x1460000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x13410000.dmp b/volatility/malware/process.0x82298700.0x13410000.dmp new file mode 100644 index 0000000..4328012 Binary files /dev/null and b/volatility/malware/process.0x82298700.0x13410000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x4c540000.dmp b/volatility/malware/process.0x82298700.0x4c540000.dmp new file mode 100644 index 0000000..1669829 Binary files /dev/null and b/volatility/malware/process.0x82298700.0x4c540000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x4dc40000.dmp b/volatility/malware/process.0x82298700.0x4dc40000.dmp new file mode 100644 index 0000000..b29d267 Binary files /dev/null and b/volatility/malware/process.0x82298700.0x4dc40000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x4ee0000.dmp b/volatility/malware/process.0x82298700.0x4ee0000.dmp new file mode 100644 index 0000000..53f720b Binary files /dev/null and b/volatility/malware/process.0x82298700.0x4ee0000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x554c0000.dmp b/volatility/malware/process.0x82298700.0x554c0000.dmp new file mode 100644 index 0000000..bd7770e Binary files /dev/null and b/volatility/malware/process.0x82298700.0x554c0000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x5de10000.dmp b/volatility/malware/process.0x82298700.0x5de10000.dmp new file mode 100644 index 0000000..b9349e4 Binary files /dev/null and b/volatility/malware/process.0x82298700.0x5de10000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x6a230000.dmp b/volatility/malware/process.0x82298700.0x6a230000.dmp new file mode 100644 index 0000000..21e401e Binary files /dev/null and b/volatility/malware/process.0x82298700.0x6a230000.dmp differ diff --git a/volatility/malware/process.0x82298700.0x73f40000.dmp b/volatility/malware/process.0x82298700.0x73f40000.dmp new file mode 100644 index 0000000..2bc8dd5 Binary files /dev/null and b/volatility/malware/process.0x82298700.0x73f40000.dmp differ diff --git a/volatility/malware/process.0x82298700.0xf9e0000.dmp b/volatility/malware/process.0x82298700.0xf9e0000.dmp new file mode 100644 index 0000000..f7882fc Binary files /dev/null and b/volatility/malware/process.0x82298700.0xf9e0000.dmp differ diff --git a/volatility/malware/process.0x822a0598.0x7f6f0000.dmp b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp new file mode 100644 index 0000000..9d1787a Binary files /dev/null and b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp differ -- cgit v1.2.3