autoexec[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

autoexec.zip
Size

15.9MB
MD5

9a4fc5b2223be3eb0bb884244ad36b54
SHA1

ac238949354a55cc453432dd2ee86a3bede6ad73
SHA256

2f2b9220d2a282c81190c4917346ba33a283e0d0f1f1f9bbb7813073dd71be7d
SHA512

5d52f0f2675d847e5e054f7a3f17ee308b12a1c966fc2d79f4ef2667c90a6c86b4abf34655eac17914262fa6de2d008fc3be83c3b1d73154d4b1a357033ec6d9
SSDEEP

393216:VY6/IwBH/f4+TBLbJa+FhCaGTQ5LEBFnOdGdR3viQ:nfF34+BnFzg1v

Score

N/A

Malware Config

Signatures

Files

autoexec.zip
.zip
Exploit Template with WRDAPI.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exploit Template with WRDAPI.exe.config
Exploit Template with WRDAPI.pdb
WRDAPICONF.json
WeAreDevs_API.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exploit-main.dll
.dll windows x86

7637d9b0324a0c0dc837a43a5f4a3fe4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
send
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
select
WSACloseEvent
WSACreateEvent
WSASetLastError
WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
inet_addr
getsockname
socket
ntohs
htons
setsockopt
WSAResetEvent
getpeername
getsockopt
WSAIoctl
htonl
gethostname
gethostbyname
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
getaddrinfo
freeaddrinfo

dbghelp

UnDecorateSymbolName
StackWalk
SymGetLineFromAddr
SymCleanup
SymInitialize
SymGetSymFromAddr
SymFunctionTableAccess
SymGetModuleBase

kernel32

GetProcAddress
GetCurrentProcessId
GetConsoleWindow
SetConsoleTextAttribute
GetStdHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GetTickCount64
FormatMessageA
SetEvent
ResetEvent
SetConsoleTitleA
ReadFile
CreateNamedPipeA
SetConsoleMode
DisconnectNamedPipe
GetConsoleMode
DisableThreadLibraryCalls
FreeConsole
FreeLibrary
VerifyVersionInfoW
AllocConsole
ConnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetEnvironmentVariableA
CreateFileA
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleHandleW
GetEnvironmentVariableW
GetModuleHandleExW
GetSystemTimeAsFileTime
VirtualFree
GetACP
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
ReadConsoleA
ReadConsoleW
LocalFree
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
Sleep
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
CloseHandle
SetFileInformationByHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
IsDebuggerPresent
CreateEventW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitOnceBeginInitialize
InitOnceComplete
GetFileInformationByHandleEx
AreFileApisANSI
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
GetTickCount
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionEx
GetCurrentThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
ShowWindow
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
GetWindowLongA
MessageBoxW
SetWindowLongA
DestroyWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetUserObjectInformationW
GetCursorPos
SetCursorPos
CallWindowProcA
GetProcessWindowStation
ReleaseCapture
GetSystemMenu
MonitorFromPoint
DeleteMenu
keybd_event
GetSystemMetrics
MapVirtualKeyA
mouse_event
SendInput
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

advapi32

CryptEncrypt
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
CryptGetHashParam
GetCurrentHwProfileA
CryptReleaseContext
CryptAcquireContextA
ReportEventW

shell32

ShellExecuteA

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Query_perf_frequency
_Query_perf_counter
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_Xtime_get_ticks
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Thrd_sleep
_Mtx_unlock
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

vcruntime140

memcpy
__std_type_info_destroy_list
_CxxThrowException
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
strchr
memset
memmove
strrchr
memchr
wcsstr
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh
calloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
terminate
_initialize_narrow_environment
__sys_nerr
__sys_errlist
_initialize_onexit_table
_seh_filter_dll
_cexit
_configure_narrow_argv
_initterm_e
_errno
_initterm
abort
_register_onexit_function
_execute_onexit_table
_crt_atexit
_getpid
system
_invalid_parameter_noinfo_noreturn
_exit
exit
raise
strerror_s
signal

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
isspace
tolower
strnlen
isupper
isalnum
strspn
strcpy_s
isdigit
strcspn
strncat
strncmp
strpbrk
strncpy_s
strncpy
strcat_s

api-ms-win-crt-stdio-l1-1-0

fputc
__acrt_iob_func
fflush
feof
fclose
_lseeki64
freopen_s
_close
__stdio_common_vsscanf
ferror
__stdio_common_vsprintf
_wfopen
_open
_read
fseek
_write
ftell
__stdio_common_vsprintf_s
fopen
fgets
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fputs
__stdio_common_vswprintf
setvbuf
fgetpos
fwrite
_fileno
_setmode
__stdio_common_vfprintf
fgetc

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64
_gmtime64
_time64
strftime

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_lock_file
_unlink
_unlock_file
_stat64i32
_access

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoull
wcstombs
strtol
atoi
strtod
strtoll
strtoul

api-ms-win-crt-math-l1-1-0

_CItanh
_dclass
_CIfmod
_libm_sse2_sin_precise
_CIatan2
_CIsinh
_libm_sse2_asin_precise
_libm_sse2_atan_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
floor
_libm_sse2_log10_precise
log2
ldexp
round
_dsign
_libm_sse2_log_precise
ceil
_libm_sse2_acos_precise
_libm_sse2_pow_precise
_CIcosh
_fdopen

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertDuplicateCertificateContext
CertFreeCertificateChain
CertCloseStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertFindExtension

wldap32

ord211
ord60
ord45
ord32
ord41
ord22
ord26
ord27
ord143
ord46
ord50
ord217
ord33
ord301
ord200
ord30
ord79
ord35

normaliz

IdnToAscii

Exports

Exports

ensure_injector
injector_call

Sections

.text
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Africa1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Africa2
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
finj.exe
.exe windows x86

7bdf2dd3a78f92ef562170b0f7ca7dde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
WriteProcessMemory
SetConsoleTitleA
WaitForSingleObject
GetCurrentDirectoryA
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
Sleep
K32GetModuleFileNameExA
LoadLibraryA
Process32Next
CloseHandle
Module32FirstW
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
Module32NextW
K32EnumProcessModules
VirtualFreeEx
FormatMessageA
LocalFree
InitializeSListHead
CreateFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z

shlwapi

PathAddBackslashA

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
__current_exception
memmove
__current_exception_context
_except_handler4_common
memchr
memcpy
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_get_initial_narrow_environment
__p___argc
_set_app_type
_seh_filter_exe
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
_invalid_parameter_noinfo_noreturn
exit
_exit
_cexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4WO
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Q~q
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QiI
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kernel64.sys.dll
.dll windows x86

f1b67953c8342ff500c2718d513f4cd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e

Exports

Exports

setup_the_bypass

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3if
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Il0
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!Z=
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 602KB - Virtual size: 602KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

7637d9b0324a0c0dc837a43a5f4a3fe4

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dbghelp

kernel32

user32

advapi32

shell32

msvcp140

imm32

d3dcompiler_47

bcrypt

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

crypt32

wldap32

normaliz

Exports

Exports

Sections

.text Size: - Virtual size: 3.3MB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 20KB

Africa0 Size: - Virtual size: 1.9MB

Africa1 Size: 7KB - Virtual size: 7KB

Africa2 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

7bdf2dd3a78f92ef562170b0f7ca7dde

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 602KB - Virtual size: 602KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 3.3MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 20KB

Africa0
Size: - Virtual size: 1.9MB

Africa1
Size: 7KB - Virtual size: 7KB

Africa2
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 35KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 1KB

.4WO
Size: - Virtual size: 3.3MB

.Q~q
Size: 1KB - Virtual size: 1KB

.QiI
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 920B

.3if
Size: - Virtual size: 1.7MB

.Il0
Size: 1024B - Virtual size: 524B

.!Z=
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B