r77 | kutas[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

kutas.zip
Size

5.9MB
MD5

727f2ccee5a144f454e8687146ef7d40
SHA1

bf6e2b421a8f96ac84f54886f864fb74ad8d236d
SHA256

37931c8c0cf2cb7b05e70806c38e30cfb9037a2752a535e22362b0fd52a25a11
SHA512

6f3cab9803f6324ca1a1ab5477c157ab4983aa221cd0d779dbd1a54356eb05d093b2d9165f56526fc3d4ec2945309b481eff6db8167351b569ffadf248666aad
SSDEEP

98304:A+HQPxpx/agsYlELeMSX07JahwIjeb3ueFbiVhhOw/DG6WPO8jFoI+7hYsNCH4xb:ZwfMgplc7pJ2ZeieFbipOw/aA8jFT+99

Score

10^/10

r77

Malware Config

Signatures

R77 family
r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
static1/unpack001/bbb.dll	r77_payload

Files

kutas.zip
.zip
BlazinHack.exe
.exe windows x64

8058d854bd3f623323261ee052d8b46e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-stdio-l1-1-0

fputc
ungetc
fgetc
fread
_fseeki64
_get_stream_buffer_pointers
fsetpos
setvbuf
fflush
fwrite
__acrt_iob_func
__stdio_common_vfprintf
fgetpos
fclose

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

kernel32

IsProcessorFeaturePresent
K32EnumProcesses
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateThread
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
GetModuleHandleW
GetLastError
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetFullPathNameA
Module32FirstW
CreateToolhelp32Snapshot
Sleep

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
_invalid_parameter_noinfo_noreturn
abort
terminate
_cexit
_crt_at_quick_exit
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

memset

vcruntime140

__C_specific_handler
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__FrameUnwindFilter
memmove
wcsstr

user32

MessageBoxA
SetWindowTextA
GetWindowThreadProcessId
VkKeyScanA

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aaa.dll
.dll windows x64

68d7f755f0fbc247e8e91e9f33efcfd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AllocConsole
CloseHandle
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetSystemInfo
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
OpenThread
RaiseException
ReleaseSemaphore
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetLastError
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
__setusermatherr
_amsg_exit
_errno
_filelengthi64
_fileno
_fstat64
_initterm
_lock
_lseeki64
_snprintf
_strnicmp
_unlock
_wfopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fputc
fputs
fread
free
freopen_s
fsetpos
fwrite
getc
getchar
getenv
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
sprintf
strcmp
strcoll
strerror
strftime
strlen
strncmp
strstr
strtol
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm
_write
_read
_fileno
_fdopen

user32

EnumWindows
GetAsyncKeyState
GetWindowTextA
GetWindowThreadProcessId
SetWindowTextA

Exports

Exports

CloseDisassembler
GetAbsoluteAddressFromSegment
GetAbsoluteAddressFromSelector
GetCreatedJavaVMs
GetInstruction
InitDisassembler
InitInstruction
Mhook_SetHook
Mhook_SetHookEx
Mhook_Unhook
Mhook_UnhookEx
OptypeHandlers
OutputAddress
OutputBounds
OutputCPUState
OutputDescriptor
OutputFPUEnvironment
OutputFPUState
OutputGeneral
OutputPackedBCD
OutputPackedReal
OutputScalarGeneral
OutputScalarReal
OutputSegOffset
StandardPrologues
SupportedArchitectures
X86
X86_0F01_ModRM
X86_3DNOW_0F
X86_ESC_0
X86_ESC_1
X86_ESC_2
X86_ESC_3
X86_ESC_4
X86_ESC_5
X86_ESC_6
X86_ESC_7
X86_FindFunctionByPrologue
X86_GetInstruction
X86_Group_10
X86_Group_11
X86_Group_12_C6
X86_Group_12_C7
X86_Group_13
X86_Group_14
X86_Group_15
X86_Group_16
X86_Group_17
X86_Group_1_80
X86_Group_1_81
X86_Group_1_82
X86_Group_1_83
X86_Group_2_C0
X86_Group_2_C1
X86_Group_2_D0
X86_Group_2_D1
X86_Group_2_D2
X86_Group_2_D3
X86_Group_3_F6
X86_Group_3_F7
X86_Group_4
X86_Group_5
X86_Group_6
X86_Group_7
X86_Group_8
X86_Group_9
X86_Group_P
X86_Groups_1
X86_Groups_2
X86_InitInstruction
X86_Invalid_Addr64_1
X86_Invalid_Addr64_2
X86_Invalid_Op16_1
X86_Invalid_Op16_2
X86_LockPrefix_1
X86_LockPrefix_2
X86_LockPrefix_Groups
X86_ModRM_1
X86_ModRM_2
X86_Opcode_0F05
X86_Opcode_63
X86_Opcodes_1
X86_Opcodes_2
X86_Registers
X86_SSE
X86_SSE2_Group_13
X86_SSE2_Group_14
X86_SSE2_Group_15
X86_SSE_2
_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
_Z17EnumWindowsProcMyP6HWND__x
_Z20parseConfigAndGetKeyv
_Z4initPv
_Z7getKeysv
_Z8renameMev
_ZGVN15mingw_stdthread6detail12FutureStaticILb1EE9sync_poolE
_ZGVZN15mingw_stdthread6thread20hardware_concurrencyEvE6cached
_ZN11ooooooooooo13isInitializedEv
_ZN11ooooooooooo4Fake18EnumProcessModulesEPvPP11HINSTANCE__mPm
_ZN11ooooooooooo4True18EnumProcessModulesE
_ZN11ooooooooooo4initEv
_ZN11ooooooooooo7destroyEv
_ZN15mingw_stdthread6detail12FutureStaticILb1EE9sync_poolE
_ZN15mingw_stdthread6thread10threadfuncINS_6detail14ThreadFuncCallIRFvvENS2_6IntSeqIJEEEJEEEEEjPv
_ZN15mingw_stdthread6threadC1IRFvvEJEEEOT_DpOT0_
_ZN18aksldjaldjsaajnfja17asdkaskldasldjsadEP7_jclassP13_jobjectArray
_ZN18aksldjaldjsaajnfja17asdksaoldaskdlsakEP8_jobjectS1_P13_jobjectArray
_ZN18aksldjaldjsaajnfja18asdkasjdkasdasnzxcEP7_jclassPKc
_ZN18aksldjaldjsaajnfja18askmdkzxcnzxkmcnmcEv
_ZN18aksldjaldjsaajnfja19asdkadklcnzmncxzmncEv
_ZN18aksldjaldjsaajnfja20asdjskacjzxkckmcxjmkEv
_ZN18aksldjaldjsaajnfja20xkasdoiasjdkshdmkashEP7_jclassPKc
_ZN18aksldjaldjsaajnfja22aksdkjscnhzjcjxbczjxbcEP7_jclassPKcS3_
_ZN18aksldjaldjsaajnfja23aksdkmzxcnxkmcxnmcnzxcnEP8_jobjectS1_
_ZN18aksldjaldjsaajnfja23asdnjsajknzxmcncmxzncmxEP7_jclassPKcS3_
_ZN18aksldjaldjsaajnfja23aslkdaskldaskdlakdslakdEP8_jobjectP13_jobjectArray
_ZN18aksldjaldjsaajnfja23daskdjsadassdakasasdasdERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_
_ZN18aksldjaldjsaajnfja23kajmdksnczxkmjcbxnmcxkjEP7_jclassPKc
_ZN18aksldjaldjsaajnfja23skcnjzxawsuieyhaijeyhwsEv
_ZN18aksldjaldjsaajnfja24kasjdksadhaskdhsjczbxcmbEv
_ZN18aksldjaldjsaajnfja25aksdjnkzxcnjxhwqajeyhq2ueEP7_jclassPKc
_ZN18aksldjaldjsaajnfja26clsajdsoakdjasjhjdaskodhjsEv
_ZN20aksjdsakdjaskdskjdhs20asdkjaskszjckjnxkcznEv
_ZN20aksjdsakdjaskdskjdhs23ji1253jk12h4jk1qhsadsadEPS_
_ZN20aksjdsakdjaskdskjdhs25adskjkej2q1oi412io41j2io5Ev
_ZN20aksjdsakdjaskdskjdhs30aksjdksajdasklhdaskjdhawjoh421B5cxx11Ev
_ZN20aksjdsakdjaskdskjdhs30asdjhasjhij516hj12hj3ekhqkjadsEv
_ZN20aksjdsakdjaskdskjdhs30lp352kl12j4klwjqkaskjdjkash512B5cxx11Ev
_ZN25asdksadksajdksajdksadjsak19j62i343hjkashdjkhdsEP8_jobject
_ZN25asdksadksajdksajdksadjsak20asdkjasdkashkdahsdjhEP8_jobjectS1_
_ZN25asdksadksajdksajdksadjsak24asdjashzsjdkchbswhe2qe41Ev
_ZN25asdksadksajdksajdksadjsak27xdaskdjsakdashhsajdksxzcwqeEv
_ZN25asdksadksajdksajdksadjsak29askjdhsajkhiu2315124hjjkhsadkEv
_ZN25asikodjsakldaskmdskh21kj421sadajskasjkasjaskldjsIJPcPKcS1_EEENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEDpRKT_
_ZN25asikodjsakldaskmdskh21kj422asdjmaskdsakdasjklsadjERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_
_ZN25asikodjsakldaskmdskh21kj424asdkjnaskdaskdasdkjmhaskERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_RSt6vectorIS5_SaIS5_EE
_ZN25asikodjsakldaskmdskh21kj425askejk5231k41hj2kjheawkjdEPKc
_ZN25asikodjsakldaskmdskh21kj426j21k421khwkadhazsxkjhaskjdEPKcS1_
_ZN25asikodjsakldaskmdskh21kj431asdkaksldas56k1o234j12kjewqkladERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_
_ZN26asdijsakdaskxzhncjkhjkdhas20askdjaksjzaskaskh5klEPS_
_ZN26asdijsakdaskxzhncjkhjkdhas21aksjdklasjdaskmnczxmnEv
_ZN26asdijsakdaskxzhncjkhjkdhas23askdjaskldjaskljsalkdajEv
_ZN26asdijsakdaskxzhncjkhjkdhas28asdjsakldzxkcnm1235612k3lj2kEv
_ZN7JNIEnv_16CallObjectMethodEP8_jobjectP10_jmethodIDz
_ZN7JNIEnv_22CallStaticObjectMethodEP7_jclassP10_jmethodIDz
_ZN9__gnu_cxx6__stoaIlicJiEEET0_PFT_PKT1_PPS3_DpT2_EPKcS5_PyS9_
_ZNSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv
_ZNSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv
_ZNSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info
_ZNSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EED0Ev
_ZNSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EED1Ev
_ZNSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv
_ZNSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv
_ZNSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info
_ZNSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EED0Ev
_ZNSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EED1Ev
_ZNSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS5_EE17_M_realloc_insertIJS5_EEEvN9__gnu_cxx17__normal_iteratorIPS5_S7_EEDpOT_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructIPKcEEvT_S8_St20forward_iterator_tag
_ZTISt12system_error
_ZTISt13runtime_error
_ZTISt9exception
_ZTSSt12system_error
_ZTSSt13runtime_error
_ZTSSt9exception
_ZTVSt23_Sp_counted_ptr_inplaceI18aksldjaldjsaajnfjaSaIS0_ELN9__gnu_cxx12_Lock_policyE2EE
_ZTVSt23_Sp_counted_ptr_inplaceI25asidhjaskdashjkdashjkh651SaIS0_ELN9__gnu_cxx12_Lock_policyE2EE
_ZZN15mingw_stdthread6thread20hardware_concurrencyEvE6cached
_ZZNSt19_Sp_make_shared_tag5_S_tiEvE5__tag
aksdjmsxzkdjaskldjsakldjsa
auraActive
float_0
float_1
float_l2e
float_l2t
float_lg2
float_ln2
float_pi
minecraft

Sections

.text
Size: 841KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bbb.dll
.dll windows x64

279c4dbb7cffec87c4ba5b64966fb4f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
GetProcAddress
CreateToolhelp32Snapshot
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
RtlLookupFunctionEntry
IsDebuggerPresent
CreateThread
LoadLibraryW
ResumeThread
Sleep
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext

user32

MessageBoxA

gdi32

SelectObject
DeleteObject
CreateFontA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

opengl32

glCallLists
glPushAttrib
wglGetCurrentDC
glPopAttrib
wglUseFontBitmapsW
wglGetProcAddress
glGetString
glRasterPos2f
glListBase
glGenLists
glColor3ub

vcruntime140

memcmp
memmove
__CxxFrameHandler3
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

Sections

.text
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8058d854bd3f623323261ee052d8b46e

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

vcruntime140

user32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

.text Size: 26KB - Virtual size: 25KB

.nep Size: 4KB - Virtual size: 4KB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 512B - Virtual size: 444B

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 512B - Virtual size: 164B

68d7f755f0fbc247e8e91e9f33efcfd3

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 841KB - Virtual size: 841KB

.data Size: 184KB - Virtual size: 183KB

.rdata Size: 78KB - Virtual size: 78KB

.pdata Size: 46KB - Virtual size: 46KB

.xdata Size: 66KB - Virtual size: 66KB

.bss Size: - Virtual size: 3KB

.edata Size: 9KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 7KB - Virtual size: 7KB

279c4dbb7cffec87c4ba5b64966fb4f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcp140

opengl32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 474KB - Virtual size: 474KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 1KB - Virtual size: 23KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 92B

.text
Size: 26KB - Virtual size: 25KB

.nep
Size: 4KB - Virtual size: 4KB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 512B - Virtual size: 444B

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 512B - Virtual size: 164B

.text
Size: 841KB - Virtual size: 841KB

.data
Size: 184KB - Virtual size: 183KB

.rdata
Size: 78KB - Virtual size: 78KB

.pdata
Size: 46KB - Virtual size: 46KB

.xdata
Size: 66KB - Virtual size: 66KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 9KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 474KB - Virtual size: 474KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 1KB - Virtual size: 23KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 92B