Jetstream_Sam_in_Raidens_campaign_with_QTE_0[.]9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Jetstream_Sam_in_Raidens_campaign_with_QTE_0.9.zip
Size

7.9MB
MD5

dac7c573d30b82dd5252acf032f34989
SHA1

b54cf5256bb0aac4a176d5d899a42197098e8638
SHA256

dc60c4a10d893fcc8e0faaccb2e397329f5ba07cd07e075b66115c1272f2f49b
SHA512

19fdac3b3a98adf70b85c561d1c3da6d4f30c1601f2ef1070ed06f61daf9d72343e16f981c7185e427aa2ec0bb1235cc8ccd282ac3b6af3abff9405f64bea68d
SSDEEP

196608:YnBeNBqafcbYq4w0rlcX+3xwqq36fDWipUiXu9N:YnBcbK4w0rlc6wf6x2iXY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dinput8.dll
unpack001/scripts/MGRModMenu.asi

Files

Jetstream_Sam_in_Raidens_campaign_with_QTE_0.9.zip
.zip
GameData/pl/pl000f.dat
GameData/pl/pl0010.dat
dinput8.dll
.dll regsvr32 windows x86

8932519f9203031c607fc79e4d3384e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesW
WriteFile
CloseHandle
SetUnhandledExceptionFilter
GetLastError
CreateEventA
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetStartupInfoW
GetSystemInfo
VirtualQuery
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleHandleExA
HeapAlloc
LockResource
SizeofResource
FindResourceW
GetShortPathNameA
GetStartupInfoA
GetPrivateProfileIntW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
CreateDirectoryW
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateMutexW
CreateThread
GetSystemTime
LoadLibraryExW
SystemTimeToFileTime
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
LoadResource
SetLastError
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
HeapReAlloc
GetModuleHandleExW
ReadFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
RaiseException
GetStringTypeW
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
WideCharToMultiByte
GetFileInformationByHandleEx
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
FindFirstFileExW
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
GetWindowRect
SetDlgItemTextW
EndDialog
DialogBoxParamW
SetWindowPos
wsprintfW
FindWindowW
ShowCursor
SetForegroundWindow
ReleaseDC
GetDC
MessageBoxW
GetDlgItemTextW
SetWindowTextW

gdi32

GetDeviceCaps

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance

d3d9

Direct3DCreate9

dbghelp

SymFromAddr
MiniDumpWriteDump
StackWalk64
SymSetOptions
SymCleanup
SymInitialize

ws2_32

recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
send
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
htonl
__WSAFDIsSet
sendto
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSARecvFrom
WSAResetEvent
select
WSASend
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents
getsockopt
accept

Exports

Exports

AcquireDDThreadLock
AppCacheCheckManifest
AppCacheCloseHandle
AppCacheCreateAndCommitFile
AppCacheDeleteGroup
AppCacheDeleteIEGroup
AppCacheDuplicateHandle
AppCacheFinalize
AppCacheFreeDownloadList
AppCacheFreeGroupList
AppCacheFreeIESpace
AppCacheFreeSpace
AppCacheGetDownloadList
AppCacheGetFallbackUrl
AppCacheGetGroupList
AppCacheGetIEGroupList
AppCacheGetInfo
AppCacheGetManifestUrl
AppCacheLookup
CloseDriver
CommitUrlCacheEntryA
CommitUrlCacheEntryBinaryBlob
CommitUrlCacheEntryW
CompleteCreateSysmemSurface
CreateDirect3D11DeviceFromDXGIDevice
CreateDirect3D11SurfaceFromDXGISurface
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryExW
CreateUrlCacheEntryW
CreateUrlCacheGroup
D3D10CompileEffectFromMemory
D3D10CompileShader
D3D10CreateBlob
D3D10CreateDevice
D3D10CreateDeviceAndSwapChain
D3D10CreateEffectFromMemory
D3D10CreateEffectPoolFromMemory
D3D10CreateStateBlock
D3D10DisassembleEffect
D3D10DisassembleShader
D3D10GetGeometryShaderProfile
D3D10GetInputAndOutputSignatureBlob
D3D10GetInputSignatureBlob
D3D10GetOutputSignatureBlob
D3D10GetPixelShaderProfile
D3D10GetShaderDebugInfo
D3D10GetVersion
D3D10GetVertexShaderProfile
D3D10PreprocessShader
D3D10ReflectShader
D3D10RegisterLayers
D3D10StateBlockMaskDifference
D3D10StateBlockMaskDisableAll
D3D10StateBlockMaskDisableCapture
D3D10StateBlockMaskEnableAll
D3D10StateBlockMaskEnableCapture
D3D10StateBlockMaskGetSetting
D3D10StateBlockMaskIntersect
D3D10StateBlockMaskUnion
D3D11CoreCreateDevice
D3D11CoreCreateLayeredDevice
D3D11CoreGetLayeredDeviceSize
D3D11CoreRegisterLayers
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3D11CreateDeviceForD3D12
D3D11On12CreateDevice
D3D12CoreCreateLayeredDevice
D3D12CoreGetLayeredDeviceSize
D3D12CoreRegisterLayers
D3D12CreateDevice
D3D12CreateRootSignatureDeserializer
D3D12CreateVersionedRootSignatureDeserializer
D3D12DeviceRemovedExtendedData
D3D12EnableExperimentalFeatures
D3D12GetDebugInterface
D3D12GetInterface
D3D12PIXEventsReplaceBlock
D3D12PIXGetThreadInfo
D3D12PIXNotifyWakeFromFenceSignal
D3D12PIXReportCounter
D3D12SerializeRootSignature
D3D12SerializeVersionedRootSignature
D3DKMTCloseAdapter
D3DKMTCreateAllocation
D3DKMTCreateContext
D3DKMTCreateDevice
D3DKMTCreateSynchronizationObject
D3DKMTDestroyAllocation
D3DKMTDestroyContext
D3DKMTDestroyDevice
D3DKMTDestroySynchronizationObject
D3DKMTEscape
D3DKMTGetContextSchedulingPriority
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMultisampleMethodList
D3DKMTGetRuntimeData
D3DKMTGetSharedPrimaryHandle
D3DKMTLock
D3DKMTOpenAdapterFromHdc
D3DKMTOpenResource
D3DKMTPresent
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryResourceInfo
D3DKMTRender
D3DKMTSetAllocationPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetGammaRamp
D3DKMTSetVidPnSourceOwner
D3DKMTSignalSynchronizationObject
D3DKMTUnlock
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForVerticalBlankEvent
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
D3DParseUnknownCommand
D3DPerformance_BeginEvent
D3DPerformance_EndEvent
D3DPerformance_GetStatus
D3DPerformance_SetMarker
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DebugSetLevel
DebugSetMute
DefDriverProc
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate8
Direct3DCreate9
Direct3DCreate9Ex
Direct3DCreate9On12
Direct3DCreate9On12Ex
Direct3DShaderValidatorCreate9
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DirectInput8Create
DirectInputCreateA
DirectInputCreateEx
DirectInputCreateW
DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DispatchAPICall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
DrawDibBegin
DrawDibChangePalette
DrawDibClose
DrawDibDraw
DrawDibEnd
DrawDibGetBuffer
DrawDibGetPalette
DrawDibOpen
DrawDibProfileDisplay
DrawDibRealize
DrawDibSetPalette
DrawDibStart
DrawDibStop
DrawDibTime
DriverCallback
DrvGetModuleHandle
EnableFeatureLevelUpgrade
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetBehaviorValue
GetDDSurfaceLocal
GetDeviceID
GetDriverModuleHandle
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetOLEThunkData
GetOpenFileNamePreview
GetOpenFileNamePreviewA
GetOpenFileNamePreviewW
GetProxyDllInfo
GetSaveFileNamePreviewA
GetSaveFileNamePreviewW
GetSurfaceFromDC
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryBinaryBlob
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpCloseDependencyHandle
HttpDuplicateDependencyHandle
HttpEndRequestA
HttpEndRequestW
HttpGetServerCredentials
HttpGetTunnelSocket
HttpIsHostHstsEnabled
HttpOpenDependencyHandle
HttpOpenRequestA
HttpOpenRequestW
HttpPushClose
HttpPushEnable
HttpPushWait
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
HttpWebSocketClose
HttpWebSocketCompleteUpgrade
HttpWebSocketQueryCloseStatus
HttpWebSocketReceive
HttpWebSocketSend
HttpWebSocketShutdown
ICClose
ICCompress
ICCompressorChoose
ICCompressorFree
ICDecompress
ICDraw
ICDrawBegin
ICGetDisplayFormat
ICGetInfo
ICImageCompress
ICImageDecompress
ICInfo
ICInstall
ICLocate
ICMThunk32
ICOpen
ICOpenFunction
ICRemove
ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetConvertUrlFromWireToWideChar
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetFreeCookies
InternetFreeProxyInfoList
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieEx2
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetProxyForUrl
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieEx2
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
MCIWndCreate
MCIWndCreateA
MCIWndCreateW
MCIWndRegisterClass
MarketplaceDoesContentIdMatch
NotifyCallbackData
OpenAdapter10
OpenAdapter10_2
OpenDriver
PSGPError
PSGPSampleTexture
ParseX509EncodedCertificateForListBoxEntry
PlaySound
PlaySoundA
PlaySoundW
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterSpecialCase
RegisterUrlCacheNotification
ReleaseDDThreadLock
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SendDriverMessage
SetAppCompatData
SetAppCompatStringPointer
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
StretchDIB
TitleExport_XMarketplaceConsumeAssets
TitleExport_XPresenceUnsubscribe
TitleExport_XUserEstimateRankForRating
TitleExport_XUserFindUsers
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlCacheCheckEntriesExist
UrlCacheCloseEntryHandle
UrlCacheContainerSetEntryMaximumAge

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scripts/MGRModMenu.asi
.dll windows x86

f6252530339e6b53462c366ed7ddc6e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
FreeLibraryAndExitThread
WritePrivateProfileStringA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcAddress
VirtualAlloc
VirtualFree
VirtualQuery
CloseHandle
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
CreateThread
Thread32Next
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
Sleep
GetModuleHandleExA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
Thread32First
VirtualProtect
ReadFile
WriteConsoleW
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
SetEndOfFile

user32

OpenClipboard
CloseClipboard
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
MapVirtualKeyA
GetKeyNameTextA
SetWindowLongA
CallWindowProcA
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData

shell32

ShellExecuteA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

xinput1_3

ord4
ord2

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8932519f9203031c607fc79e4d3384e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

d3d9

dbghelp

ws2_32

Exports

Exports

Sections

.text Size: 359KB - Virtual size: 358KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 6KB - Virtual size: 590KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 20KB - Virtual size: 19KB

f6252530339e6b53462c366ed7ddc6e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

imm32

xinput1_3

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 115KB - Virtual size: 118KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 359KB - Virtual size: 358KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 6KB - Virtual size: 590KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 115KB - Virtual size: 118KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 19KB - Virtual size: 18KB