General

Malware Config

Signatures

Files

• AridekVM 26-03.rar

  .rar
• AridekVM.exe

  .exe windows x64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Sections

  Size: 221KB - Virtual size: 436KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 38KB - Virtual size: 109KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 10KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 5.3MB - Virtual size: 5.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 1024B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .idata

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 12.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 7.3MB - Virtual size: 7.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16B - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

• patcher.exe

  .exe windows x64

  533ca4aa2273c851b2de22288f64f8c7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  WriteProcessMemory

  SetConsoleTitleA

  LocalAlloc

  CloseHandle

  VirtualProtectEx

  LocalFree

  CreateProcessA

  K32EnumProcessModules

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetModuleHandleW

  RtlCaptureContext

  msvcp140

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

  _Query_perf_frequency

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?uncaught_exception@std@@YA_NXZ

  ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

  _Thrd_sleep

  _Query_perf_counter

  _Xtime_get_ticks

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __current_exception

  _CxxThrowException

  memset

  __std_exception_copy

  __std_exception_destroy

  memmove

  __current_exception_context

  __C_specific_handler

  memcpy

  __std_terminate

  api-ms-win-crt-runtime-l1-1-0

  _register_onexit_function

  _register_thread_local_exe_atexit_callback

  _c_exit

  _crt_atexit

  __p___argc

  terminate

  _exit

  _initterm_e

  _initterm

  _get_initial_narrow_environment

  _initialize_narrow_environment

  _configure_narrow_argv

  _initialize_onexit_table

  _set_app_type

  _seh_filter_exe

  _cexit

  __p___argv

  _invalid_parameter_noinfo_noreturn

  exit

  api-ms-win-crt-heap-l1-1-0

  free

  _set_new_mode

  malloc

  _callnewh

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  _set_fmode

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1024B - Virtual size: 612B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ