atomdrift labBETA

Open-source atomic malware analysis

Analyze another

github.com-mehdimin11-surf-v0.0.0-20260613092640-ad5ed84dc67c.zip

ZIP

HOSTILE

6a48ef430e554a2826d0afcdf0c24a9ef7d3e0b76c39975c39181ffe2b18020b · 100%

Mal-ecule

O₆(LaAlAsCErXe)H₇(Cm₁₁CrDb₅DsF₆Os₂Po₄)

Size 715.9 KB download

First seen 3 days ago

Analyzed 3 days ago

Ecosystem go

Source proxy.golang.org

Objectives

impact/degrade FPU scaling routine text

lateral-movement/exploit Memory protection+injection exploitation pattern

anti-static/obfuscation/eval Packed binary process execution

command-and-control/dropper/execution LuaJIT runtime strings cluster

evasion/process/injection W^X memory protection constants with VirtualProtect and CreateThread

Micro-behaviors

communications/ip Hardcoded external IPv4 address

communications/http uTLS dependency embedded

communications/http/lib Creates a new HTTP request

communications/ipc Pipe creation with handle redirect

communications/socket Go crypto/tls client connection wrapper

crypto/asymmetric X25519 key exchange marker

data/archive Go zip.NewWriter usage

dylib Extended dynamic library loading (ANSI)

dylib/load Extended dynamic library loading (ANSI)

fs/file Copy data via io.Copy

os/api-resolution Custom API resolver logic (manual module/export resolution)

process/create Create process (Unicode)

process/interpreter Embedded Lua virtual machine

process/terminate Process termination via TerminateProcess

Metadata

unsigned Binary is not digitally signed

20 of 117 traits shown

Objectives

impact/degrade FPU scaling routine text

lateral-movement/exploit Memory protection+injection exploitation pattern

anti-static/obfuscation/eval Packed binary process execution

command-and-control/dropper/execution LuaJIT runtime strings cluster

evasion/process/injection W^X memory protection constants with VirtualProtect and CreateThread

Micro-behaviors

communications/ip Hardcoded external IPv4 address

communications/http uTLS dependency embedded

communications/http/lib Creates a new HTTP request

communications/ipc Pipe creation with handle redirect

communications/socket Go crypto/tls client connection wrapper

crypto/asymmetric X25519 key exchange marker

data/archive Go zip.NewWriter usage

dylib Extended dynamic library loading (ANSI)

dylib/load Extended dynamic library loading (ANSI)

fs/file Copy data via io.Copy

os/api-resolution Custom API resolver logic (manual module/export resolution)

process/create Create process (Unicode)

process/interpreter Embedded Lua virtual machine

process/terminate Process termination via TerminateProcess

Metadata

unsigned Binary is not digitally signed

20 of 117 traits shown

Identity

SHA-256	6a48ef430e554a2826d0afcdf0c24a9ef7d3e0b76c39975c39181ffe2b18020b
Canonical SHA-256	010407830d1a94e71e6551ce60c6421ab9806b582cef0eb575a814dbfa668893
Filename	github.com-mehdimin11-surf-v0.0.0-20260613092640-ad5ed84dc67c.zip
Package	github.com/mehdimin11/surf
Version	v0.0.0-20260613092640-ad5ed84dc67c

Origin

Source	forager
Feed	pkg.go.dev
Ecosystem	go
Domain	golang.org
URL	https://proxy.golang.org/github.com/mehdimin11/surf/@v/v0.0.0-20260613092640-ad5ed84dc67c.zip

Timeline

First seen	13 Jun 2026 07:42 UTC
First analyzed	13 Jun 2026 07:46 UTC
Last analyzed	13 Jun 2026 07:46 UTC
Last updated	13 Jun 2026 07:46 UTC

Labeling

Label	bad
Label source	harvest
Traits version	40f6c

Not seeing what you expected? Let us know