Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/MASSLoader.dll.tag Secret

Created April 7, 2024 01:29
Show Gist options
  • Save hasherezade/e703a6a157683e8fab26d36b2f4a079a to your computer and use it in GitHub Desktop.
Save hasherezade/e703a6a157683e8fab26d36b2f4a079a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MASSLoader.dll.tag
14d9;section: [.text]
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
11b0;kernel32.GetProcessHeap
11c7;ntdll.RtlAllocateHeap
11c7;ntdll.RtlAllocateHeap
11c7;ntdll.RtlAllocateHeap
154c;kernel32.GetVersion
11c7;ntdll.RtlAllocateHeap
1682;iphlpapi.GetAdaptersAddresses
11e1;kernel32.HeapFree
1bf1;kernel32.GetWindowsDirectoryA
1c14;kernel32.GetVolumeInformationA
2429;kernel32.GetComputerNameA
2441;kernel32.lstrcat
2449;kernel32.lstrcat
2afa;kernel32.K32EnumProcesses
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
2b00;kernel32.K32GetProcessImageFileNameA
2314;kernel32.CloseHandle
2344;kernel32.lstrcpyA
22bd;kernel32.lstrcmpiA
22f3;kernel32.OpenProcess
2b00;kernel32.K32GetProcessImageFileNameA
2314;kernel32.CloseHandle
2344;kernel32.lstrcpyA
22bd;kernel32.lstrcmpiA
22f3;kernel32.OpenProcess
2b00;kernel32.K32GetProcessImageFileNameA
2314;kernel32.CloseHandle
2344;kernel32.lstrcpyA
22bd;kernel32.lstrcmpiA
22f3;kernel32.OpenProcess
2b00;kernel32.K32GetProcessImageFileNameA
2314;kernel32.CloseHandle
2344;kernel32.lstrcpyA
22bd;kernel32.lstrcmpiA
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
22f3;kernel32.OpenProcess
2b00;kernel32.K32GetProcessImageFileNameA
2314;kernel32.CloseHandle
2344;kernel32.lstrcpyA
22bd;kernel32.lstrcmpiA
2368;kernel32.OpenProcess
2380;advapi32.OpenProcessToken
239a;advapi32.GetTokenInformation
23a4;kernel32.GetLastError
11c7;ntdll.RtlAllocateHeap
23c8;advapi32.GetTokenInformation
23e7;advapi32.LookupAccountSidA
11e1;kernel32.HeapFree
223c;kernel32.lstrcpyA
2248;kernel32.lstrcat
2256;kernel32.lstrcat
2464;kernel32.lstrcat
18e2;wininet.InternetCrackUrlA
1c39;wininet.InternetOpenA
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
192e;wininet.InternetConnectA
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
1956;wininet.HttpOpenRequestA
19a7;wininet.HttpSendRequestA
14dc;ntdll.[RtlIpv6AddressToStringA+1c6]*
19c6;wininet.HttpQueryInfoA
1a25;wininet.InternetCloseHandle
1a28;wininet.InternetCloseHandle
1cac;kernel32.lstrcpyA
1b70;logoncli.DsEnumerateDomainTrustsA
25f6;kernel32.GetModuleHandleA
2606;kernel32.GetProcAddress
GetProcAddress:
Arg[0] = ptr 0x769a0000 -> {MZ\x90\x00\x03\x00\x00\x00}
Arg[1] = ptr 0x720b32d8 -> "GetNativeSystemInfo"
2614;kernel32.GetNativeSystemInfo
11c7;ntdll.RtlAllocateHeap
2153;advapi32.CryptAcquireContextA
216b;advapi32.CryptCreateHash
217f;advapi32.CryptHashData
219d;advapi32.CryptDeriveKey
21b5;advapi32.CryptDecrypt
21c9;advapi32.CryptDestroyHash
21da;advapi32.CryptDestroyKey
21ec;advapi32.CryptReleaseContext
15d7;user32.wsprintfA
11c7;ntdll.RtlAllocateHeap
1e86;kernel32.lstrlenA
1e9f;kernel32.lstrlenA
1eae;wininet.InternetCrackUrlA
1efc;wininet.InternetConnectA
1f21;wininet.HttpOpenRequestA
1f7a;wininet.HttpSendRequestA
1fe1;wininet.InternetCloseHandle
1fe6;wininet.InternetCloseHandle
1e86;kernel32.lstrlenA
1e9f;kernel32.lstrlenA
1eae;wininet.InternetCrackUrlA
1efc;wininet.InternetConnectA
1f21;wininet.HttpOpenRequestA
1f7a;wininet.HttpSendRequestA
1fe1;wininet.InternetCloseHandle
1fe6;wininet.InternetCloseHandle
1e86;kernel32.lstrlenA
1e9f;kernel32.lstrlenA
1eae;wininet.InternetCrackUrlA
1efc;wininet.InternetConnectA
1f21;wininet.HttpOpenRequestA
1f7a;wininet.HttpSendRequestA
1fe1;wininet.InternetCloseHandle
1fe6;wininet.InternetCloseHandle
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
1491;kernel32.Sleep
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment