General

Malware Config

Signatures

Files

• 69a7a5ef34600745be9dddc8257efd72daa9bfe5a9f6bc05089a29c5f0a12299

  .dll windows x86

  d08ae8cb9cb0ab76ad79031c45b3a101

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentThreadId

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  MapVirtualKeyA

  gdi32

  GetTextExtentPoint32A

  shell32

  ShellExecuteA

  d3dx9_43

  D3DXVec3Project

  msvcr100

  _CIatan

  Exports

  Exports

  ɼf-�f,yVS�7��3X�ymp+��Lk���U��I���Y��D��Tkj���9cr��z���mҸ�bцT������k0SO��=HNWq����J#O�VZ�ҢN"�*f+�Ғ�;��|9�=�+P�����ki'�>��1,�X��z��(�U(j2u�a��mл����yc�����A��!,lc'jS��_DaE���J���3 {��C�l�=�j���:�>���7����OQ�,Umc�ɝ��)b�H����'��uT�K[��C����+J����A�0����$���il�y=L�Z�EcP�Z�C7ǙƠ�� 9��~����pp��Ԍ ��zCKv�g6������mj�6DT��2kG*ˆ�@ kUT
  8AE?�Z|�׼����s�uz{Ş��D����3ypU` �CQ}�V.1��%pD��;@f�k-���(I����la炴�3���y0ُ�� ����S
  t -G��9�<@f���k� ���qJ2�*�����li[6����p�f�U9-�;�O$� s%����5f����}h� <p-��������>��Ҁ�s� ���B�_��w �����R���'�+\G���7$:�k����o�8q:�S����'Ph�Zɹb���c�+`�Ս6�[�)����� ��o\�6>ټ3?�cd�=,�0�Ch���D��o`.�xP9���{�8�S�\��=ч������|\��h^Pގ�~B^ �y��>���o �,����*z@k��[G9F�P��0���9�hS����#QY����(>&�d�.oފAT!��U^(ص�l��kU8��pI�G@lh��bV�)���J�V!�U���xAb�Me�q&s���5"g���k���g�T���!p/tF��K"z^Z$F(ր]�[�2���nѴMp��rڢ�TzT�E�g�m�ܯ!�[p5t����_jA�� �l�DAc(ZV�G_Q���u�}�ppi�
  ���k�Z��_���_�֤%i���Uڡ����ϥy�er�U�Ґ����8w�a�(�2n[���];��Fǚ�aۣE���nIq�EcK� }˾�.��q",���T�����ªs����e�*ז�I� 1C�.fxBTe!��=�̾�2�|B2ɀ&�[�k[�H�ό$K������y^J�^T��r��t[T��Ov�?Ǒ}F�7���/6A[-�n�G��|�R�r���\��^}A���v� E�%����O��m���AV_��� �w�䖢�9�Y�ri]��U����N��y�6W�Ttד������t�(�R�N�̋O�N��Z�6�$�өh&=9���!X7QrhZ�� �\
  jYb�_�5,��a���3$R�E���SS��h$_����~��h�Y��+y�N�H��k-2AZL�;���[�!�]��\e����޻�Z8���R�ƙH��1=��>G��F#h��1� �X��/Ӽ��!��&� a ����^>�?�N�օ���a=>*�љ�h89\6���jUnp�o��1��$��-y���$�~5r�������c��ш�^��\���΃Y-4�7#%��5z�KD�W��zd?Bu0̒mZ���w����,����K�����%�"�|�P����w?�̘l.���̻ d�4��jV�6dLM&b��G5LG��n�{�2�:�w��ۦ����;�����0���U���e����r.�X���/j����9���2�@b/�2����D��<Ub���i��i�S��� ����go4���TRt���Ek9)��<�ctG�:���l�"l`�{�01�>�#l��Sa�YQ�/�� j-���p ���eDҩ1�O�%
  DX�y�NlSuE��̭�J��u�v~NØ�hm>�<����ި��
  GB�J���t�z#y3�&��`�{�>:��_m����4 `��]�1��Kڈ�.s�� �3)Lje)3�>@�����9��?����%���6�c=�~O���6��6�"Ǡ��M��MC|�����q �9�nj�S2�V�@�E�����T�z]�?�8��3�m|�ƥ����'��;zЃf�-����&�ݍu�3�2��U�ϗ�\�J`rk�\9���m�1_�/�0�"��ܼ���4ۚCL�ޅ���\���_"�E�W.B�ެͥt��b�.!f.��h�N=� ci��f�\ �A�9ҕwR)!N&��7UGG�#LC����ׂ(_�pY�-���]va����3�o '�4�����R�����6���\��P�)�c�<�R@i׫mM������<��<c�5�hY��;w'^��Х~��ꌷZ��$dU �u�&���#.�L�9(��B�V�Ngf�П�lN�SE�-���Vi�In�]�h�@�j�yG��:?*/���eke�|��v���.�K`� ��ث\'\@їə�ԁe���bW��Xi�_� ��Z��M� J�X�0�$[,w~nN�bu��J��I��,�Nxԥ��!�n�Y�Z��uʊ~���pѤSR��.������l�J�_��&_�������B;�u�R�L@�zʷ�!Z����%�@P[��w�R,��屶q ��,��`��3o�۴�[��!��qx���z�䘶T"�֡J���qAӫ7�����J��>��VEG�L��m����2�}�m��h�I�����P�$
  s�^Z�.wj� �5��>D��������-.�? j��ÏA�C�*�H���_���ak
  ���_W� Nt�@:�ͨ��ӗη��#��1������X����뽞JW?ĘYβ��g�E:���jwV�h�E�Ԣ��៙
  ���>>)���C�Z9�J��B�� 6x��<�cs8���K��NaP�-?S��z�`�)��N�`D�I��V
  T�󾀋��� ݛE�9��T�CЪ'��$�{ɹ.1��D�s�%�U.���,�C��W"�|�;6>`���|�Y7�%&@�m��tֿ��M�G���&z2�@L��Hxe&מ��HIG�)�vs�Է~�K���i8Q��R��f�c���C��8�10���I��qńa�w
  bSqM",r��Z�2@�?bU,��

  Sections

  .text

  Size: - Virtual size: 71KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: - Virtual size: 91KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp2

  Size: 163KB - Virtual size: 162KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 304B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ