3b66981578c6d54c7ad1ee253bfccc6115090129543e0764b8bcc23a927fd02b

Sharing

Copy URL

Twitter E-mail

General

Target

3b66981578c6d54c7ad1ee253bfccc6115090129543e0764b8bcc23a927fd02b
Size

1.8MB
MD5

c404ad36b271cee713b932a3d8286ef1
SHA1

3151866c7909058dc9c3130a63d4df1242e41ec7
SHA256

3b66981578c6d54c7ad1ee253bfccc6115090129543e0764b8bcc23a927fd02b
SHA512

d0da124f43230b90b0ef1e9a4fe1b90ad73cdb4a37715274d819d328bca8032ecbbfd44c8b3cb8b30df9055bb5a39215942ceef98645b03cd26fb52277f23f5c
SSDEEP

49152:0UrG1V4bcWZ4Wnj5Wle6BCJ6A2hqhW9JZHwfnx63DEQMQfh21:0UrGwgWnjceOC88hyq6TEtQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Lightshot.exe
unpack001/Lithium.exe

Files

3b66981578c6d54c7ad1ee253bfccc6115090129543e0764b8bcc23a927fd02b
.zip
Lightshot.exe
.exe windows x64

6b5075b82f10534e3c23be1eaf3d1551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

getpeername
getsockname
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
htonl
connect
htons
ntohl
getsockopt
closesocket
bind
send
WSAStartup
WSACleanup
WSAGetLastError
recv
__WSAFDIsSet
select
WSASetLastError

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143
ord211
ord46
ord301

crypt32

CertFreeCertificateContext

d3dcompiler_47

D3DCompile

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
RtlVirtualUnwind
ReadFile
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
WaitForSingleObjectEx
FormatMessageA
SetLastError
GetLastError
SleepEx
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
QueryPerformanceCounter
GetModuleHandleA
GetConsoleWindow
CloseHandle
CreateThread
Process32First
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetModuleFileNameA
TerminateProcess
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
Sleep

user32

GetWindowTextA
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
FindWindowA
WindowFromPoint
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
SetClipboardData
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData

advapi32

CloseServiceHandle
OpenServiceA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
LookupPrivilegeValueA
CryptEncrypt
AdjustTokenPrivileges
ControlService
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

msvcp140

_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_To_wide
?_Random_device@std@@YAIXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_alloc@std@@YAXXZ

xinput1_4

ord2
ord4

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_terminate
__C_specific_handler
__current_exception_context
__current_exception
memchr
memcmp
strrchr
memmove
memset
memcpy
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
strchr
strstr

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf
fwrite
fseek
fclose
__stdio_common_vsscanf
_wfopen
_lseeki64
_read
_write
_close
_open
fflush
fopen
_get_stream_buffer_pointers
_fseeki64
_set_fmode
__acrt_iob_func
fsetpos
ungetc
setvbuf
ftell
fgetpos
__p__commode
fgetc
fputc

api-ms-win-crt-string-l1-1-0

isprint
_strdup
strncmp
tolower
isalpha
isgraph
islower
strncpy
isupper
isxdigit
strpbrk
isspace
toupper
isalnum
strcmp
isdigit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
free
realloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
atof
strtoll
strtol

api-ms-win-crt-runtime-l1-1-0

strerror
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
__sys_nerr
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argc
_seh_filter_exe
_set_app_type
_initterm
_get_initial_narrow_environment
_errno
_initterm_e
_exit

api-ms-win-crt-math-l1-1-0

fmodf
floorf
powf
cosf
sinf
sqrtf
__setusermatherr
ceil
acosf
log2
atan2f
ceilf
pow

api-ms-win-crt-filesystem-l1-1-0

remove
_fstat64
_stat64
_unlock_file
_lock_file
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsnbcpy
_mbschr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lithium.exe
.exe windows x64

eba675b4d287f51402a7cf170e487e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

wintrust

WinVerifyTrust

ntdll

RtlVirtualUnwind
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleA
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
SetConsoleMode
GetConsoleCursorInfo
TerminateProcess
GetModuleFileNameW
K32GetModuleFileNameExW
GetVolumeInformationA
GetModuleHandleA
OpenProcess
GetConsoleMode
K32GetModuleFileNameExA
SetConsoleCursorInfo
QueryFullProcessImageNameA
CloseHandle
CreateThread
GetConsoleWindow
QueryFullProcessImageNameW
GetModuleFileNameA
Process32First
CreateToolhelp32Snapshot
Process32Next
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
VirtualQueryEx
GetExitCodeProcess
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
EnterCriticalSection
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress

user32

GetClientRect
CloseClipboard
EmptyClipboard
SetClipboardData
OpenClipboard
GetCursorInfo
PostMessageA
SendMessageA
keybd_event
SetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
GetAsyncKeyState
GetSystemMenu
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
SetWindowLongA
GetWindowTextA
GetWindowLongA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
GetClipboardData
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
EnableMenuItem
GetCursorPos
SetCursorPos
ReleaseCapture

advapi32

LookupPrivilegeValueA
QueryServiceStatusEx
OpenProcessToken
OpenSCManagerA
CloseServiceHandle
AdjustTokenPrivileges
OpenServiceA

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Close_dir
_Open_dir
_Read_dir
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_To_wide
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Thrd_sleep
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

vcruntime140

__std_type_info_compare
__C_specific_handler
memset
_CxxThrowException
__std_exception_destroy
strstr
__std_terminate
__CxxFrameHandler3
__std_exception_copy
memcmp
memcpy
memmove
memchr

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfwprintf_s
_set_fmode
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
__acrt_iob_func
fflush
fwrite
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fseek

api-ms-win-crt-string-l1-1-0

_stricmp
toupper
isprint
strcmp
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_initialize_narrow_environment
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
exit
_invalid_parameter_noinfo_noreturn
_wassert
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

fmodf
floorf
acosf
sqrtf
logf
atan2f
log2
ceilf
sinf
powf
__setusermatherr
cosf
ceil

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5075b82f10534e3c23be1eaf3d1551

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

ws2_32

wldap32

crypt32

d3dcompiler_47

imm32

kernel32

user32

advapi32

msvcp140

xinput1_4

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 522KB - Virtual size: 522KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

eba675b4d287f51402a7cf170e487e73

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_47

wintrust

ntdll

kernel32

user32

advapi32

shell32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 433KB - Virtual size: 433KB

.rdata Size: 433KB - Virtual size: 433KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 500B

.text
Size: 522KB - Virtual size: 522KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 433KB - Virtual size: 433KB

.rdata
Size: 433KB - Virtual size: 433KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 500B