03b61419e0da3e997e69d98726dd5e2a[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

03b61419e0da3e997e69d98726dd5e2a.bin
Size

17.1MB
MD5

03b61419e0da3e997e69d98726dd5e2a
SHA1

2c1f542f7381e160f17a59a611ccd607869233df
SHA256

74f3e3e89a7bcdc48fe488e4860c4700069309280e17efd0b51387604abd3a3b
SHA512

d9e62d3c09da160d1eaf246ec418398d5587d20136f9a25a09ae5f98705c64d7a995c1f90e66321c5da611c4afe336234829cca7d3a882bd37533b2623805390
SSDEEP

393216:6mUfaK1h5theapi18dxEnhlaBSB/7wV3NaoYkDIWubApfJH3rOrv:6eK1h5jeapJOnhlaw7U9qIIWumfJ72

Score

1^/10

Malware Config

Signatures

Files

03b61419e0da3e997e69d98726dd5e2a.bin
.zip

Password: infected
LICENSE
xenia.exe
.exe windows x64

Password: infected

ae66864bfcd18cf71cb236cce4d73ca0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WakeAllConditionVariable
SleepConditionVariableSRW
GetModuleHandleA
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoA
GetSystemPowerStatus
CompareStringA
GetModuleHandleExW
LoadLibraryExW
SetThreadExecutionState
GlobalMemoryStatusEx
VerifyVersionInfoW
GetOverlappedResult
CreateFileA
FormatMessageW
CancelIo
SetEnvironmentVariableA
InitializeConditionVariable
TryEnterCriticalSection
MulDiv
GetTickCount
Process32Next
CreateToolhelp32Snapshot
Process32First
OutputDebugStringW
SetErrorMode
GetFileSizeEx
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
LoadLibraryA
VirtualQuery
VirtualAlloc
VirtualFree
RemoveVectoredContinueHandler
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
GetFileSize
GetSystemInfo
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
WakeConditionVariable
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetEnvironmentVariableA
GetConsoleMode
ExitProcess
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
FormatMessageA
WaitForSingleObject
VirtualProtect
FlushInstructionCache
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteTimerQueueTimer
GlobalAddAtomW
GlobalDeleteAtom
CreateTimerQueueTimer
GetThreadContext
GetSystemTimeAsFileTime
AllocConsole
AttachConsole
GetStdHandle
FreeLibrary
LocalFree
LoadLibraryW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
CreateFileW
FindClose
SetEndOfFile
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
TlsGetValue
SleepEx
CreateSemaphoreW
GetModuleHandleW
GetThreadId
GetProcAddress
SwitchToThread
QueueUserAPC
ResetEvent
CreateThread
RaiseException
GetThreadPriority
PulseEvent
TlsAlloc
WaitForSingleObjectEx
TerminateThread
GetCurrentThread
SetEvent
GetLastError
CreateEventW
CancelWaitableTimer
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
ReleaseSemaphore
CreateWaitableTimerW
SetProcessAffinityMask
GetCurrentProcess
TlsSetValue
SetWaitableTimer
SetThreadAffinityMask
QueryPerformanceCounter
GetCurrentProcessId
K32GetModuleBaseNameA
CloseHandle
QueryPerformanceFrequency
Sleep
OpenProcess
GetCurrentThreadId
IsDebuggerPresent
OutputDebugStringA
WriteConsoleW

user32

RegisterClassW
AttachThreadInput
RemovePropW
UnhookWindowsHookEx
SetLayeredWindowAttributes
GetClipboardSequenceNumber
CreateIconFromResource
GetKeyboardState
MonitorFromRect
GetWindowTextLengthW
GetDoubleClickTime
IsIconic
GetClassInfoExW
KillTimer
ClipCursor
GetUpdateRect
IsRectEmpty
GetForegroundWindow
GetClipCursor
TrackMouseEvent
GetRawInputData
PeekMessageW
SetTimer
UnregisterClassW
GetSystemMetrics
CallNextHookEx
GetPropW
GetMenu
GetWindowRect
CallWindowProcW
GetMessageExtraInfo
RegisterClassExA
UnregisterDeviceNotification
UnregisterClassA
CreateWindowExA
RegisterDeviceNotificationW
SetActiveWindow
RegisterWindowMessageA
MessageBoxA
GetDesktopWindow
SystemParametersInfoW
DrawTextW
GetDlgItem
SystemParametersInfoA
DialogBoxIndirectParamW
MessageBoxW
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
CreateMenu
GetWindowThreadProcessId
AppendMenuW
GetMenuInfo
GetClientRect
SetWindowLongW
SetCursor
SetCapture
EnumDisplayMonitors
LoadCursorW
LoadIconW
SetPropW
SetFocus
DestroyMenu
SetMenu
ValidateRect
SetMenuInfo
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
DestroyIcon
GetCapture
ShowWindow
GetClassLongPtrW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
MonitorFromWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
CreateIconFromResourceEx
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
GetMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
EndDialog
GetRawInputDeviceList
GetRawInputDeviceInfoA
SetWindowRgn
ToUnicode
GetKeyboardLayout
MapVirtualKeyW
EnumDisplaySettingsW
EnableMenuItem
EnumDisplayDevicesW
IsClipboardFormatAvailable
ChangeDisplaySettingsExW
PostThreadMessageW
RegisterRawInputDevices
SetCursorPos
CreateIconIndirect
CopyImage
GetWindowTextW
MonitorFromPoint
SetForegroundWindow
PtInRect
GetParent
FlashWindowEx
SetWindowsHookExW
DrawMenuBar
IntersectRect

ole32

CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
PropVariantClear

ntdll

RtlDeleteFunctionTable
RtlCaptureStackBackTrace
VerSetConditionMask
RtlVirtualUnwind
RtlInstallFunctionTableCallback
RtlLookupFunctionEntry
RtlCaptureContext

dwmapi

DwmSetWindowAttribute

shlwapi

ord219

dxgi

CreateDXGIFactory1

wsock32

connect
WSAGetLastError
htonl
ioctlsocket
recv
listen
socket
WSAStartup
select
send
__WSAFDIsSet
shutdown
accept
bind
closesocket
ntohl
sendto
setsockopt
inet_ntoa
recvfrom

bcrypt

BCryptGenRandom
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider

imm32

ImmGetCandidateListW
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionStringW
ImmAssociateContext
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmNotifyIME

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1_Locinfo@std@@QEAA@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Thrd_id
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Mtx_trylock
_Thrd_hardware_concurrency
_Thrd_yield
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
_Cnd_init_in_situ
_Cnd_wait
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Mbrtowc
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Cnd_timedwait
_Mtx_current_owns
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
__std_type_info_compare
memchr
memcpy
memcmp
strstr
_CxxThrowException
__std_type_info_name
__C_specific_handler
memmove
strchr
strrchr
__std_terminate
_purecall
__RTDynamicCast
__std_exception_copy
__RTtypeid
memset
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
malloc
_aligned_malloc
_aligned_free
realloc
free
_callnewh
_aligned_realloc

api-ms-win-crt-math-l1-1-0

frexp
llrint
__setusermatherr
acos
asin
atan
cos
round
log2
cosh
exp2
ldexp
exp2f
exp
fabs
log
sin
sinh
tan
log2f
lroundf
trunc
tanh
nanf
_ldsign
hypot
_dclass
atan2
pow
_fdopen
_fdsign
scalbnf
sqrt
sinf
_dsign
roundf
tanf
_fdclass
_ldclass
acosf
asinf
atan2f
atanf
cosf
expf
lround
fmod
_copysign
fmodf
log10
truncf
log10f
logf
powf
sqrtf
scalbn

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
exit
_seh_filter_exe
_register_onexit_function
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_initialize_onexit_table
_get_wpgmptr
_exit
_invalid_parameter_noinfo_noreturn
quick_exit
_beginthreadex
terminate
abort
_c_exit
_register_thread_local_exe_atexit_callback
signal
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

freopen_s
fgetc
_isatty
fgetpos
setvbuf
ungetc
fsetpos
_get_stream_buffer_pointers
__stdio_common_vfprintf
__stdio_common_vsscanf
_open_osfhandle
__acrt_iob_func
__p__commode
fputc
_set_fmode
_fseeki64
_ftelli64
fputs
_wfopen
_chsize_s
fread
__stdio_common_vsprintf_s
fseek
fopen
ferror
ftell
__stdio_common_vsprintf
fclose
fflush
fwrite
fgets
_fileno
__stdio_common_vsnprintf_s

api-ms-win-crt-time-l1-1-0

strftime
_mkgmtime64
_gmtime64
_mktime64
_time64
_localtime64
clock

api-ms-win-crt-string-l1-1-0

isdigit
ispunct
iscntrl
isalnum
isxdigit
isalpha
isupper
isgraph
strspn
tolower
strcspn
isprint
islower
_wcsnicmp
strncmp
isspace
toupper
_strdup
strncpy
_strnicmp
_wcsicmp
_stricmp
_strrev
strcmp

api-ms-win-crt-environment-l1-1-0

getenv
_wgetenv_s

api-ms-win-crt-convert-l1-1-0

strtod
wcstombs
atoi
strtol
atof
strtoll
strtoul
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

gdi32

CreateBitmap
CreateDCW
CreateDIBSection
DeleteObject
SelectObject
GetTextExtentPoint32A
CreateCompatibleDC
GetTextMetricsW
DeleteDC
CreateFontIndirectW
GetDeviceGammaRamp
GetDeviceCaps
BitBlt
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
CreateCompatibleBitmap
GetDIBits
CreateRectRgn
CombineRgn
GetICMProfileW
SetDeviceGammaRamp
GetStockObject

shell32

DragFinish
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW
ExtractIconExW

winmm

waveOutPrepareHeader
waveOutOpen
waveInClose
waveInPrepareHeader
waveOutWrite
waveInStart
waveInAddBuffer
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW
waveInReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutClose
waveInOpen
waveInGetDevCapsW
timeBeginPeriod
waveOutReset
timeEndPeriod
waveOutGetErrorTextW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiGetClassDevsA
CM_Get_Device_IDA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xenia.pdb

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ae66864bfcd18cf71cb236cce4d73ca0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

ntdll

dwmapi

shlwapi

dxgi

wsock32

bcrypt

imm32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

gdi32

shell32

winmm

setupapi

version

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 388KB - Virtual size: 6.0MB

.pdata Size: 231KB - Virtual size: 231KB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 388KB - Virtual size: 6.0MB

.pdata
Size: 231KB - Virtual size: 231KB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 36KB - Virtual size: 35KB