virtualdj[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

virtualdj.exe
Size

229.8MB
MD5

137b76b8e0d6917781be1a73b4254710
SHA1

c37896798ac07355091c2774d982c4dbe39ddf18
SHA256

27351fe3b5e55781c492a70a31d496d79eb6675b8c196fcba767373d10258d77
SHA512

e79b6c083237ad75acfba406eab485f072ded68374f10ea5428c74eebee658fbc76003de3240dc6ba91d4541ba9d9d360e3a45d52acac525a0aed04990bdf346
SSDEEP

6291456:GKdKUQsBXqTL09cOjtIrVAIEVwSkq66mF6bZuucI8gLtLcZdid2r163ac9lkX5zW:PdrLqX0qYapqy6luTI8gLtQZdi8r16qb

Score

N/A

Malware Config

Signatures

Files

virtualdj.exe
.exe windows x64

f9ffd1cc7ffa3d54400aa1e971371525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

d2d1

ord1

dwrite

DWriteCreateFactory

ws2_32

ioctlsocket
WSAGetLastError
recv
send
htons
inet_pton
closesocket
connect
htonl
WSAAddressToStringW
ntohs
getsockname
socket
setsockopt
select
gethostname
getpeername
getsockopt
inet_ntoa
accept
WSARecvFrom
listen
WSAIoctl
freeaddrinfo
getaddrinfo
__WSAFDIsSet
sendto
inet_addr
recvfrom
getnameinfo
WSACleanup
bind
WSASend
ntohl
shutdown
WSASetLastError
WSAStringToAddressW
WSASendTo
WSASocketW
WSAStartup

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143

winmm

midiInGetDevCapsW
midiOutGetNumDevs
midiOutMessage
midiOutGetDevCapsW
midiInOpen
midiInMessage
midiInReset
midiInUnprepareHeader
midiInStop
midiInClose
midiOutOpen
midiOutClose
midiInGetNumDevs
midiOutUnprepareHeader
midiOutLongMsg
midiOutPrepareHeader
midiOutShortMsg
midiInPrepareHeader
midiInAddBuffer
timeEndPeriod
timeBeginPeriod
midiInStart
timeGetDevCaps
midiOutReset

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetSetCookieW
InternetSetCookieExW
DeleteUrlCacheEntryA
InternetSetOptionW
InternetGetCookieExW

iphlpapi

GetIpAddrTable
GetBestRoute
GetAdaptersAddresses

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

hid

HidD_GetSerialNumberString
HidD_SetFeature
HidD_GetHidGuid
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectData
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertFindCertificateInStore

comctl32

ImageList_GetIcon
ord380

kernel32

GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
FileTimeToSystemTime
LocalAlloc
GetUserDefaultLCID
IsValidLocale
EnumSystemLocalesW
FreeLibraryAndExitThread
VirtualProtect
SetEnvironmentVariableW
GetTimeZoneInformation
GetConsoleOutputCP
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetThreadPriority
GetDateFormatW
HeapQueryInformation
SetStdHandle
SetConsoleCtrlHandler
ExitThread
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
RtlUnwind
RaiseException
SetThreadErrorMode
RtlUnwindEx
RtlPcToFileHeader
GetTickCount64
LoadLibraryW
GetProcAddress
Sleep
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateFileW
DeviceIoControl
CloseHandle
FreeLibrary
ReadFile
GetLastError
WriteFile
GetFileSizeEx
SetFilePointerEx
GetConsoleScreenBufferInfo
GetStdHandle
MultiByteToWideChar
LoadLibraryA
WriteConsoleW
WideCharToMultiByte
GetFileType
VirtualAlloc
VirtualFree
GetModuleFileNameW
GetTempPathW
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
UnmapViewOfFile
CreateProcessW
OpenFileMappingW
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryW
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileExW
FindClose
MoveFileExW
CopyFileW
CreateDirectoryW
DeleteFileW
SetFileTime
FindFirstFileW
FindNextFileW
FindResourceW
LoadResource
LockResource
SizeofResource
SetThreadExecutionState
GetModuleFileNameA
SetErrorMode
GetVersionExW
GetLogicalDrives
GetSystemDirectoryW
ExpandEnvironmentStringsW
CreateEventW
WaitForSingleObject
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetDiskFreeSpaceW
OutputDebugStringA
VirtualUnlock
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
UnlockFileEx
CreateMutexW
GetCurrentThreadId
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
VirtualLock
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
GetTickCount
SetThreadPriority
TerminateThread
ResetEvent
SetEvent
lstrcmpW
CreatePipe
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
GlobalMemoryStatusEx
GetCurrentProcess
GetLocaleInfoEx
lstrlenW
FindResourceA
FreeResource
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
QueueUserAPC
SleepEx
TlsGetValue
TlsFree
CreateIoCompletionPort
GetExitCodeProcess
GetDriveTypeW
TerminateProcess
GetLongPathNameW
MoveFileW
GetUserDefaultUILanguage
GetVolumeInformationW
GetLogicalDriveStringsW
CancelIo
GetOverlappedResult
GlobalAlloc
GlobalLock
GlobalUnlock
SetNamedPipeHandleState
CreateNamedPipeA
TransactNamedPipe
ConnectNamedPipe
DisconnectNamedPipe
GetSystemPowerStatus
TryAcquireSRWLockShared
LoadLibraryExW
GetCurrentThread
GetUserGeoID
GetGeoInfoW
ExitProcess
GetCommandLineW
InitializeSRWLock
InitializeCriticalSectionEx
GetStringTypeW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
MoveFileExA
CancelIoEx
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryExA
ReleaseMutex
GetConsoleMode
SetConsoleTextAttribute
CreateMutexA
GetProcessAffinityMask
ReleaseSemaphore
CreateSemaphoreW
CreateThread
GetProcessId
VirtualQueryEx
WaitNamedPipeW
GetSystemDirectoryA
GetModuleHandleA
CompareFileTime
GetEnvironmentVariableA
VerifyVersionInfoA
GetEnvironmentVariableW
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber

user32

SetCaretPos
GetWindowRect
WaitMessage
PeekMessageW
TranslateMessage
DispatchMessageW
EnableWindow
SetForegroundWindow
GetWindowLongW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
RegisterClipboardFormatW
LoadCursorW
SetCursor
SetCapture
ReleaseCapture
SetCursorPos
ClipCursor
MessageBoxW
SetLayeredWindowAttributes
FindWindowW
GetKeyboardLayout
InvalidateRect
ShowWindowAsync
ClientToScreen
GetWindowTextA
keybd_event
GetKeyNameTextW
GetSystemMetrics
SetWindowTextW
SetTimer
KillTimer
AdjustWindowRectEx
SetWindowPos
GetMessageW
GetProcessWindowStation
GetUserObjectInformationW
GetClientRect
GetDC
DrawTextW
ReleaseDC
ScreenToClient
MapVirtualKeyExW
GetIconInfo
SystemParametersInfoW
RegisterWindowMessageW
GetWindowLongPtrW
GetForegroundWindow
GetMonitorInfoW
EnumDisplayMonitors
EnumDisplayDevicesW
GetDesktopWindow
GetMessageExtraInfo
GetKeyState
DestroyIcon
wsprintfW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
DefWindowProcW
DestroyWindow
MoveWindow
ShowWindow
TrackMouseEvent
PostQuitMessage
PostMessageW
LoadIconW
RegisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetWindowTextLengthA
SetFocus

gdi32

CreateDIBSection
SetBkMode
GetObjectW
GetDIBits
SelectObject
GetStockObject
BitBlt
SetTextColor
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
CreateFontW
CreateCompatibleDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
RegSetValueExW
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
SetTokenInformation
GetLengthSid
FreeSid
CreateProcessAsUserW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW

shell32

SHGetDesktopFolder
SHGetPathFromIDListEx
ShellExecuteW
SHFileOperationW
SHGetFolderPathW
DragQueryPoint
DragFinish
Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetKnownFolderPath
SHGetSpecialFolderPathA
DragQueryFileW

ole32

PropVariantClear
CoInitializeEx
CLSIDFromString
CoCreateInstance
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
RegisterDragDrop
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantInit

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

secur32

QueryContextAttributesA
FreeContextBuffer
EncryptMessage
DecryptMessage
InitializeSecurityContextA
FreeCredentialsHandle
AcquireCredentialsHandleA
DeleteSecurityContext
ApplyControlToken

Exports

Exports

NvOptimusEnablementCuda

Sections

.text
Size: 44.7MB - Virtual size: 44.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 972KB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 174.4MB - Virtual size: 174.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.R2R
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9ffd1cc7ffa3d54400aa1e971371525

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

dxgi

d2d1

dwrite

ws2_32

wldap32

winmm

version

wininet

iphlpapi

setupapi

hid

imm32

crypt32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

rpcrt4

bcrypt

secur32

Exports

Exports

Sections

.text Size: 44.7MB - Virtual size: 44.7MB

RT_CODE Size: 2KB - Virtual size: 4KB

.rdata Size: 8.7MB - Virtual size: 8.7MB

.data Size: 972KB - Virtual size: 8.5MB

.pdata Size: 1.0MB - Virtual size: 1.0MB

.nv_fatb Size: 56KB - Virtual size: 60KB

.nvFatBi Size: 512B - Virtual size: 4KB

_RDATA Size: 1024B - Virtual size: 4KB

.rodata Size: 2KB - Virtual size: 4KB

.rsrc Size: 174.4MB - Virtual size: 174.4MB

.R2R Size: 512B - Virtual size: 4KB

.text
Size: 44.7MB - Virtual size: 44.7MB

RT_CODE
Size: 2KB - Virtual size: 4KB

.rdata
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 972KB - Virtual size: 8.5MB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.nv_fatb
Size: 56KB - Virtual size: 60KB

.nvFatBi
Size: 512B - Virtual size: 4KB

_RDATA
Size: 1024B - Virtual size: 4KB

.rodata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 174.4MB - Virtual size: 174.4MB

.R2R
Size: 512B - Virtual size: 4KB