9df5cf0d9b2d98414786a7a18898297a1d63aa6c392e245dcb7b7181baa4d101

Sharing

Copy URL Twitter E-mail

General

Target

9df5cf0d9b2d98414786a7a18898297a1d63aa6c392e245dcb7b7181baa4d101
Size

3.4MB
MD5

361d28834592ffeb647f13146ae0a68b
SHA1

30dc7375eae5d1bae033db39de14f6e4c965bdd9
SHA256

9df5cf0d9b2d98414786a7a18898297a1d63aa6c392e245dcb7b7181baa4d101
SHA512

d30e8cfa8851cb12cc4993c12f8d19c8973c00b137579885fb62868ed766e9d8b3d2a408628cf5a190904b58198d549f556a21020b7263606ef92ee3f284ae71
SSDEEP

49152:4vD1TA1uJom/ob5/592BdqYGoK25k9DCqBHOtnoM5O:4RTAgDot/5gd8qqM5O

Score

1^/10

Malware Config

Signatures

Files

9df5cf0d9b2d98414786a7a18898297a1d63aa6c392e245dcb7b7181baa4d101
.exe windows x64

3bfedeb548b2c0ff844946fe0e65ba44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d12

ord101

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QEBA_NXZ
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?id@?$ctype@D@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z

dxgi

CreateDXGIFactory2

mfc140u

ord2298
ord533
ord13407
ord296
ord280
ord5499
ord1963
ord7893
ord12786
ord1641
ord3728
ord1033
ord290
ord11999
ord11673

kernel32

DeleteCriticalSection
GetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetLocalTime
GetStartupInfoW
CreateProcessW
WaitForSingleObject
CreatePipe
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
InitializeCriticalSectionEx
Sleep
LoadLibraryA
GetProcAddress
DeviceIoControl
CloseHandle
CreateFileA
OutputDebugStringW

user32

GetWindowThreadProcessId
GetForegroundWindow
FindWindowA

advapi32

StartServiceW
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle

netapi32

Netbios

vcruntime140

_CxxThrowException
memmove
__current_exception
memset
__std_exception_destroy
memcpy
memcmp
strchr
memchr
__current_exception_context
__std_exception_copy
_purecall
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_initterm_e
exit
system
_initterm
_get_initial_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
__p___argv
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__stdio_common_vfprintf
_get_stream_buffer_pointers
fclose
fflush
__p__commode
fgetc
fgetpos
__stdio_common_vsprintf
_fseeki64
ungetc
setvbuf
fwrite
__stdio_common_vsscanf
fsetpos
fread
fputc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strlen
tolower
strcpy
strcpy_s
wcslen
strncmp

api-ms-win-crt-time-l1-1-0

clock
_time64

api-ms-win-crt-math-l1-1-0

fabs
__setusermatherr
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bfedeb548b2c0ff844946fe0e65ba44

Headers

DLL Characteristics

File Characteristics

Imports

d3d12

msvcp140

dxgi

mfc140u

kernel32

user32

advapi32

netapi32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 3.1MB - Virtual size: 3.1MB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 3.1MB - Virtual size: 3.1MB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 276B