Source: AndroidSideloader (1).exe |
ReversingLabs: Detection: 15% |
Source: AndroidSideloader (1).exe |
Virustotal: Detection: 21% |
Perma Link |
Source: AndroidSideloader (1).exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: AndroidSideloader (1).exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: costura.costura.pdb.compressed source: AndroidSideloader (1).exe |
Source: |
Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed7microsoft.web.webview2.coreecostura.microsoft.web.webview2.core.dll.compressed?microsoft.web.webview2.winformsmcostura.microsoft.web.webview2.winforms.dll.compressed5microsoft.web.webview2.wpfccostura.microsoft.web.webview2.wpf.dll.compressed source: AndroidSideloader (1).exe |
Source: |
Binary string: C:\Sideloader\AndroidSideloader.pdb4 source: AndroidSideloader (1).exe |
Source: |
Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: AndroidSideloader (1).exe |
Source: |
Binary string: C:\Sideloader\AndroidSideloader.pdb source: AndroidSideloader (1).exe |
Source: Yara match |
File source: AndroidSideloader (1).exe, type: SAMPLE |
Source: AndroidSideloader (1).exe |
String found in binary or memory: VR trailer[https://www.youtube.com/results?search_query=KNo video URL found in search results.MYou are not connected to the Internet!=Do you want to upload {0} now? equals www.youtube.com (Youtube) |
Source: AndroidSideloader (1).exe |
String found in binary or memory: Do you wish to copy Package Name of games selected from list to clipboard?5Copy package to clipboard?;url"\:\"/watch\?v\=(.*?(?="))=https://www.youtube.com/embed/c?autoplay=1&mute=1&enablejsapi=1&modestbranding=1 equals www.youtube.com (Youtube) |
Source: AndroidSideloader (1).exe |
String found in binary or memory: http://127.0.0.1:5572/ |
Source: AndroidSideloader (1).exe |
String found in binary or memory: http://127.0.0.1:5572/core/stats |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://downloads.rclone.org/v |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://github.com/VRPirates/rookie |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://github.com/VRPirates/rookie/raw/master/7z |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://github.com/VRPirates/rookie/raw/master/Rookie%20Offline.cmdQ |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://github.com/VRPirates/rookie/raw/master/Sideloader%20Launcher.exe |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://github.com/VRPirates/rookie/raw/master/dependencies.7z |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://raw.githubusercontent.com/VRPirates/rookie |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://raw.githubusercontent.com/VRPirates/rookie/master/codenamesEUnable |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://raw.githubusercontent.com/vrpyou/quest/main/vrp-public.jsonahttps://vrpirates.wiki/downloads |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://rclone.org/ |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://stackoverflow.com/users/57611/erike |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://vrpirates.wiki/ |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://vrpirates.wiki/downloads/runtimes.7z |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://vrpirates.wiki/downloads/vrp.download.config?Retrieved |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://vrpirates.wiki/downloads/vrp.upload.config#vrp.upload.configGUpload |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://vrpirates.wiki/en/Howto/sponsored-mirrors) |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://www.7-zip.org/ |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://www.c-sharpcorner.com/members/mike-gold2 |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://www.youtube.com/embed/c?autoplay=1&mute=1&enablejsapi=1&modestbranding=1 |
Source: AndroidSideloader (1).exe |
String found in binary or memory: https://www.youtube.com/results?search_query=KNo |
Source: AndroidSideloader (1).exe |
Binary or memory string: OriginalFilenameAndroidSideloader.exeD vs AndroidSideloader (1).exe |
Source: AndroidSideloader (1).exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal60.troj.evad.winEXE@0/0@0/0 |
Source: AndroidSideloader (1).exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: AndroidSideloader (1).exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: AndroidSideloader (1).exe |
ReversingLabs: Detection: 15% |
Source: AndroidSideloader (1).exe |
Virustotal: Detection: 21% |
Source: AndroidSideloader (1).exe |
String found in binary or memory: Refresh connected devices, installed apps, and update game list-progressDLbtnContainer3downloadInstallGameButtonSDownload and Install Game/Add To Queue |
Source: AndroidSideloader (1).exe |
String found in binary or memory: Are you sure you want to exit?;Still downloading/installing. |
Source: AndroidSideloader (1).exe |
String found in binary or memory: x2-Starting Game DownloadM--transfers 1 --multi-thread-streams 0 |
Source: AndroidSideloader (1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: AndroidSideloader (1).exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: AndroidSideloader (1).exe |
Static file information: File size 4312576 > 1048576 |
Source: AndroidSideloader (1).exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x3b7e00 |
Source: AndroidSideloader (1).exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: AndroidSideloader (1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: costura.costura.pdb.compressed source: AndroidSideloader (1).exe |
Source: |
Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed7microsoft.web.webview2.coreecostura.microsoft.web.webview2.core.dll.compressed?microsoft.web.webview2.winformsmcostura.microsoft.web.webview2.winforms.dll.compressed5microsoft.web.webview2.wpfccostura.microsoft.web.webview2.wpf.dll.compressed source: AndroidSideloader (1).exe |
Source: |
Binary string: C:\Sideloader\AndroidSideloader.pdb4 source: AndroidSideloader (1).exe |
Source: |
Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: AndroidSideloader (1).exe |
Source: |
Binary string: C:\Sideloader\AndroidSideloader.pdb source: AndroidSideloader (1).exe |
Source: AndroidSideloader (1).exe, AssemblyLoader.cs |
.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[]) |
Source: Yara match |
File source: AndroidSideloader (1).exe, type: SAMPLE |
Source: AndroidSideloader (1).exe |
Static PE information: 0xCBE5165D [Thu May 26 10:58:37 2078 UTC] |