General

Malware Config

Signatures

Files

• Sonar.AutoSwitch.zip

  .zip
• Sonar.AutoSwitch.exe

  .exe windows x64

  7dd1893951dc97cf525ccd03d5fe48a7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  FreeLibrary

  RaiseFailFastException

  GetExitCodeProcess

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  AddVectoredExceptionHandler

  MultiByteToWideChar

  GetTickCount

  GetCurrentProcessId

  FlushInstructionCache

  QueryPerformanceFrequency

  QueryPerformanceCounter

  RtlLookupFunctionEntry

  LocateXStateFeature

  RtlDeleteFunctionTable

  InterlockedPushEntrySList

  InterlockedFlushSList

  InitializeSListHead

  GetTickCount64

  DuplicateHandle

  QueueUserAPC

  WaitForSingleObjectEx

  SetThreadPriority

  GetThreadPriority

  ResumeThread

  GetCurrentThreadId

  TlsAlloc

  GetCurrentThread

  CreateThread

  GetModuleHandleW

  WaitForMultipleObjectsEx

  SignalObjectAndWait

  RtlCaptureContext

  SetThreadStackGuarantee

  VirtualQuery

  WriteFile

  GetStdHandle

  WideCharToMultiByte

  GetConsoleOutputCP

  MapViewOfFileEx

  UnmapViewOfFile

  GetStringTypeExW

  SetEvent

  GetCurrentProcessorNumber

  GlobalMemoryStatusEx

  CreateIoCompletionPort

  PostQueuedCompletionStatus

  GetQueuedCompletionStatus

  InterlockedPopEntrySList

  GetCurrentProcessorNumberEx

  ExitProcess

  Sleep

  CreateMemoryResourceNotification

  GetProcessAffinityMask

  SetThreadIdealProcessorEx

  GetThreadIdealProcessorEx

  GetLargePageMinimum

  VirtualUnlock

  GetLogicalProcessorInformation

  SetThreadGroupAffinity

  SetThreadAffinityMask

  IsProcessInJob

  QueryInformationJobObject

  K32GetProcessMemoryInfo

  VirtualAlloc

  VirtualFree

  VirtualProtect

  SleepEx

  SwitchToThread

  InitializeContext

  SetXStateFeaturesMask

  RtlRestoreContext

  CloseThreadpoolTimer

  CreateThreadpoolTimer

  SetThreadpoolTimer

  ReadFile

  GetFileSize

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  CreateEventW

  ResetEvent

  CreateSemaphoreExW

  RaiseException

  CreateMutexW

  ReleaseMutex

  GetThreadContext

  SuspendThread

  SetThreadContext

  GetEnabledXStateFeatures

  CopyContext

  WerRegisterRuntimeExceptionModule

  RtlInstallFunctionTableCallback

  GetSystemDefaultLCID

  GetUserDefaultLCID

  RtlUnwind

  LoadLibraryExW

  HeapAlloc

  HeapFree

  GetProcessHeap

  HeapCreate

  HeapDestroy

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FormatMessageW

  GetACP

  LCMapStringEx

  LocalFree

  VerSetConditionMask

  VerifyVersionInfoW

  QueryThreadCycleTime

  VirtualAllocExNuma

  GetNumaProcessorNodeEx

  GetNumaHighestNodeNumber

  GetLogicalProcessorInformationEx

  GetThreadGroupAffinity

  GetSystemTimes

  GetProcessGroupAffinity

  CreateFileMappingW

  GetSystemTimeAsFileTime

  GetModuleFileNameW

  CreateProcessW

  GetCPInfo

  CreateFileW

  GetFileAttributesExW

  GetTempPathW

  GetCurrentDirectoryW

  GetFullPathNameW

  LoadLibraryExA

  OutputDebugStringA

  OpenEventW

  ExitThread

  HeapReAlloc

  CreateNamedPipeA

  WaitForMultipleObjects

  DisconnectNamedPipe

  CreateFileA

  CancelIoEx

  GetOverlappedResult

  ConnectNamedPipe

  FlushFileBuffers

  SetFilePointer

  MapViewOfFile

  GetActiveProcessorGroupCount

  GetSystemTime

  SetConsoleCtrlHandler

  GetLocaleInfoEx

  GetUserDefaultLocaleName

  RtlAddFunctionTable

  LoadLibraryW

  CreateDirectoryW

  RemoveDirectoryW

  GetFileSizeEx

  FindFirstFileExW

  FindNextFileW

  FindClose

  LoadLibraryA

  IsWow64Process

  InitializeCriticalSectionAndSpinCount

  WaitForSingleObject

  CloseHandle

  TlsSetValue

  TlsGetValue

  GetSystemInfo

  GetCurrentProcess

  OutputDebugStringW

  IsDebuggerPresent

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  GetCommandLineW

  GetProcAddress

  GetModuleHandleExW

  SetErrorMode

  FlushProcessWriteBuffers

  SetLastError

  GetLastError

  ReleaseSemaphore

  DebugBreak

  DecodePointer

  GetStringTypeW

  RtlVirtualUnwind

  IsProcessorFeaturePresent

  RtlUnwindEx

  EncodePointer

  TlsFree

  RtlPcToFileHeader

  InitializeConditionVariable

  WakeConditionVariable

  WakeAllConditionVariable

  SleepConditionVariableCS

  SleepConditionVariableSRW

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  InitializeCriticalSectionEx

  TryEnterCriticalSection

  GetExitCodeThread

  CreateFileMappingA

  advapi32

  RegGetValueW

  SetKernelObjectSecurity

  GetSidSubAuthorityCount

  GetSidSubAuthority

  GetTokenInformation

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  EventRegister

  AdjustTokenPrivileges

  OpenProcessToken

  LookupPrivilegeValueW

  SetThreadToken

  RevertToSelf

  OpenThreadToken

  EventWriteTransfer

  EventWrite

  ole32

  CoUnmarshalInterface

  CoCreateFreeThreadedMarshaler

  CoMarshalInterface

  StringFromGUID2

  CoRevokeInitializeSpy

  CoUninitialize

  CoWaitForMultipleHandles

  CoGetClassObject

  CoRegisterInitializeSpy

  CoInitializeEx

  CoCreateGuid

  CoTaskMemAlloc

  CoTaskMemFree

  CoReleaseMarshalData

  IIDFromString

  CoGetObjectContext

  CreateStreamOnHGlobal

  CoGetContextToken

  CLSIDFromProgID

  CoGetMarshalSizeMax

  oleaut32

  SafeArrayAllocData

  SafeArrayGetElemsize

  SysStringByteLen

  SafeArraySetRecordInfo

  SafeArrayCreateVector

  SafeArrayPutElement

  LoadRegTypeLi

  CreateErrorInfo

  SysAllocStringByteLen

  SysFreeString

  GetErrorInfo

  SetErrorInfo

  SysStringLen

  SysAllocString

  SysAllocStringLen

  SafeArrayAllocDescriptorEx

  SafeArrayGetDim

  SafeArrayGetLBound

  VarCyFromDec

  VariantInit

  VariantClear

  VariantChangeTypeEx

  VariantChangeType

  SafeArrayGetVartype

  LoadTypeLibEx

  QueryPathOfRegTypeLi

  SafeArrayDestroy

  GetRecordInfoFromTypeInfo

  user32

  LoadStringW

  MessageBoxW

  version

  VerQueryValueW

  GetFileVersionInfoExW

  GetFileVersionInfoSizeExW

  shell32

  ShellExecuteW

  api-ms-win-crt-string-l1-1-0

  _strnicmp

  wcsncmp

  iswupper

  towlower

  isalpha

  isdigit

  wcstok_s

  strnlen

  iswascii

  towupper

  wcscat_s

  wcsncat_s

  strncat_s

  iswspace

  isupper

  _stricmp

  wcsnlen

  _wcsdup

  tolower

  strncmp

  islower

  strcmp

  _wcsnicmp

  strlen

  strcspn

  __strncnt

  strncpy_s

  _strdup

  isspace

  strtok_s

  strcat_s

  toupper

  strcpy_s

  wcscpy_s

  wcsncpy_s

  _wcsicmp

  api-ms-win-crt-stdio-l1-1-0

  fsetpos

  __stdio_common_vsscanf

  __stdio_common_vsnprintf_s

  __p__commode

  fputs

  _set_fmode

  __stdio_common_vsnwprintf_s

  fwrite

  _wfopen

  fclose

  fopen

  _flushall

  fseek

  ftell

  _fileno

  _dup

  _setmode

  __stdio_common_vfprintf

  setvbuf

  _wfsopen

  fputc

  fgetc

  __stdio_common_vsprintf_s

  __stdio_common_vswprintf

  __acrt_iob_func

  fflush

  __stdio_common_vfwprintf

  fgetpos

  ungetc

  fgets

  fread

  _fseeki64

  _get_stream_buffer_pointers

  fputwc

  fputws

  api-ms-win-crt-runtime-l1-1-0

  _wcserror_s

  abort

  exit

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  _seh_filter_exe

  terminate

  _configure_wide_argv

  _initialize_wide_environment

  _get_initial_wide_environment

  _initterm

  _initterm_e

  _exit

  _beginthreadex

  __p___argc

  __p___wargv

  _c_exit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo_noreturn

  _controlfp_s

  _set_app_type

  _invalid_parameter_noinfo

  _errno

  api-ms-win-crt-convert-l1-1-0

  atol

  _atoi64

  strtoull

  wcstoul

  _wcstoui64

  _itow_s

  _wtoi

  _ltow_s

  strtoul

  api-ms-win-crt-heap-l1-1-0

  realloc

  free

  _set_new_mode

  malloc

  calloc

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-math-l1-1-0

  expf

  exp

  coshf

  cosh

  cosf

  cos

  ceilf

  logf

  ceil

  atanh

  acosh

  cbrt

  tan

  asinhf

  atanhf

  cbrtf

  acoshf

  atanf

  sin

  atan2f

  atan2

  _copysign

  floorf

  asinf

  asin

  acosf

  acos

  _fdopen

  fma

  powf

  _copysignf

  _isnanf

  trunc

  truncf

  ilogb

  ilogbf

  fmaf

  _isnan

  __setusermatherr

  pow

  fmod

  frexp

  _finite

  modf

  tanf

  fmodf

  modff

  sqrt

  sinf

  floor

  log

  log10

  log10f

  log2

  sqrtf

  atan

  log2f

  sinh

  sinhf

  tanh

  asinh

  tanhf

  api-ms-win-crt-time-l1-1-0

  wcsftime

  _gmtime64_s

  _time64

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-locale-l1-1-0

  __pctype_func

  ___lc_locale_name_func

  ___lc_codepage_func

  ___mb_cur_max_func

  setlocale

  _lock_locales

  localeconv

  _configthreadlocale

  _unlock_locales

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  _wremove

  _wrename

  Exports

  Exports

  CLRJitAttachState

  DotNetRuntimeInfo

  MetaDataGetDispenser

  g_CLREngineMetrics

  g_dacTable

  Sections

  .text

  Size: 5.9MB - Virtual size: 5.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .CLR_UEF

  Size: 512B - Virtual size: 221B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 29KB - Virtual size: 120KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 216KB - Virtual size: 216KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .didat

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Section

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 77KB - Virtual size: 77KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Sonar.AutoSwitch.pdb