jkkk[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

jkkk.rar
Size

3.9MB
MD5

4efe13fe5e7582ff5f688027bc2e2e53
SHA1

e67bb69a8081776dde645696a62da61ddfd1f4f0
SHA256

1a8cb212fe9d242037472ba7ee824df0722230b654b79984ad2930087b644b38
SHA512

ba234d67c806500bca475559bffd584b5b8e272b05e5ce75d83333c5b6d74942ade6bc42c351d9b7e4a8cb4ed81f05ffc672d84e803b41a56a175bea0cc436f8
SSDEEP

98304:XafgMP+4dOoMz2UArnyfpxzUkuxeB/lEh1IyBWuY5eeNVHXjY7NVN:Xm7bIoM+yfp5UrxolOIyBWfDVHXgx

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CSGhost-v4.3.1.exe
unpack001/Extreme Injector v3.exe
unpack001/Injector.exe
unpack001/Osiris.dll
unpack001/clarity.dll
unpack001/steam_clarity.dll
unpack001/system32.dll

Files

jkkk.rar
.rar
CSGhost-v4.3.1.exe
.exe windows:6 windows x86

108c6edea2305b1b83fd390f20149efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
GetLastError
LocalFree
FormatMessageA
SetCurrentDirectoryW
CloseHandle
GetModuleHandleA
OpenProcess
GetModuleHandleW
WaitForSingleObject
GetProcAddress
Sleep
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
UnhandledExceptionFilter
InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

GetAsyncKeyState
BeginPaint
GetCursorPos
InvalidateRect
RegisterClassExA
GetDesktopWindow
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
CreateWindowExA
DefWindowProcA
GetMessageA
DispatchMessageA
GetWindowRect
SetWindowPos
FillRect
MessageBoxA
SetTimer
DrawTextA
EndPaint

gdi32

BitBlt
CreateCompatibleBitmap
CreateFontA
SelectObject
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
SetTextAlign

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
GetUserNameA
RegQueryValueExA

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z

winmm

PlaySoundW

vcruntime140

memset
__current_exception_context
__current_exception
_CxxThrowException
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove
memcpy
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_exit
_initterm_e
exit
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_controlfp_s
_initterm
system
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Extreme Injector v3.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Injector.exe
.exe windows:6 windows x86

7f92caa5163ed08ccbe113a16149d174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
WriteProcessMemory
SetConsoleTitleA
Module32Next
GetFullPathNameA
OpenProcess
CreateToolhelp32Snapshot
Sleep
LoadLibraryA
Process32Next
CloseHandle
LoadLibraryW
GetProcAddress
VirtualAllocEx
CreateRemoteThread
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
UnhandledExceptionFilter

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
_CxxThrowException
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_exit
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
_initterm_e
_c_exit
__p___argv
__p___argc
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type
_seh_filter_exe
_crt_atexit
_initterm

api-ms-win-crt-stdio-l1-1-0

fopen
__p__commode
_set_fmode
fclose

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Osiris.dll
.dll windows:6 windows x86

25507b5aa553c3825707a1a45149b030

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree

user32

ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CallWindowProcW
MessageBoxA
SetWindowLongW
ShowWindow
FindWindowW
FlashWindowEx
GetDC
GetCursorPos

kernel32

SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetStdHandle
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
WideCharToMultiByte
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
HeapCreate
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
FreeLibraryAndExitThread
GetModuleHandleA
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
K32GetModuleInformation
LocalFree
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
GetTimeZoneInformation
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEndOfFile
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
ReadFile
IsValidCodePage
GetACP
GetCommandLineA
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
FindNextFileW
EncodePointer
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

gdi32

CreateFontA
SelectObject
CreateCompatibleDC
EnumFontFamiliesExW
CreateFontW
DeleteDC
GetFontData
DeleteObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 961KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clarity.dll
.dll windows:6 windows x86

9eda0cec56814cab27584e1af1e286b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
SetConsoleTitleA
FindResourceA
LoadLibraryA
LockResource
CreateThread
LoadResource
GetProcAddress
GetModuleHandleW
AllocConsole
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeSListHead

shell32

ShellExecuteW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__current_exception_context
__std_terminate
memcpy
__std_exception_destroy
memmove
__CxxFrameHandler3
__std_type_info_destroy_list
memset
_CxxThrowException
__std_exception_copy
_except_handler4_common
__current_exception

api-ms-win-crt-stdio-l1-1-0

freopen
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_cexit
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam_clarity.dll
.dll windows:6 windows x86

99fbc679108b2d79952ed4fb808698da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
ResumeThread
GetModuleHandleA
Beep
GetProcAddress
VirtualAllocEx
CreateProcessW
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
Sleep
CloseHandle
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
GetProcessHeap
FreeLibrary

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memset
__vcrt_LoadLibraryExW
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__vcrt_GetModuleFileNameW
_except_handler4_common
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

strcat_s
strcpy_s

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system32.dll
.dll windows:6 windows x86

8c0394f403fc61785a655d4782006ed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
WSACleanup
WSAGetLastError
WSAStartup
send
socket
connect
recv
freeaddrinfo
getaddrinfo

kernel32

CreateThread
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CloseHandle
CreateSemaphoreA
FindClose
CreateDirectoryA
GetPrivateProfileSectionA
CreateFileA
GlobalAlloc
WritePrivateProfileStringA
GlobalLock
GetPrivateProfileIntA
GlobalUnlock
ReadFile
WriteFile
PeekNamedPipe
CreateFileW
GetLastError
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
GetWindowsDirectoryA
GlobalFree
WideCharToMultiByte
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
WriteProcessMemory
GetCurrentProcess
Sleep
GetPrivateProfileStringA
K32GetModuleInformation
VirtualQuery
FindFirstFileExW
FindNextFileW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObject
VirtualProtect
GetLocaleInfoEx
LocalFree
VirtualFree
VirtualAlloc
FormatMessageA
GetModuleHandleExA
GetModuleFileNameA
FreeLibrary
IsDebuggerPresent
GetModuleHandleA
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FlushInstructionCache
GetVolumeInformationA
SetLastError

user32

SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetKeyState
ReleaseCapture
SetCapture
GetCapture
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
GetForegroundWindow
IsChild
ClientToScreen
ScreenToClient
LoadCursorA
FindWindowA
CallWindowProcA
SetWindowLongA
SetRect
GetActiveWindow
GetAsyncKeyState
MapVirtualKeyA
IsClipboardFormatAvailable

gdi32

AddFontMemResourceEx

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueA
RegCloseKey
RegQueryValueExW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
_Thrd_hardware_concurrency
_Mtx_destroy_in_situ
_Mtx_init_in_situ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setf@ios_base@std@@QAEHHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Query_perf_frequency
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?exceptions@ios_base@std@@QAEXH@Z
??Bios_base@std@@QBE_NXZ
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Cnd_broadcast
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z

d3dx9_43

D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateFontA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

xinput1_4

ord4
ord2

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
memmove
memchr
strrchr
memcpy
__RTDynamicCast
memset
strchr
strstr
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcmp

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
calloc
malloc

api-ms-win-crt-math-l1-1-0

_CIfmod
_fdclass
_libm_sse2_acos_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_CIatan2
llround
ceil
_libm_sse2_exp_precise
fminf
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
sinh
_libm_sse2_tan_precise
ldexp
_CItanh
tanh
_CIsinh
fmaxf
floor
cosh
roundf
_CIcosh

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
system
_cexit
_register_onexit_function
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
strerror
_initialize_onexit_table
_errno
strerror_s
exit
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

tmpfile
_popen
_pclose
_ftelli64
fgets
clearerr
fseek
ftell
_wfopen
__stdio_common_vsscanf
fopen
ferror
_fsopen
putchar
__stdio_common_vsprintf_p
__stdio_common_vfscanf
tmpnam
getc
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
fputs
feof
freopen_s
__stdio_common_vsprintf_s
__stdio_common_vswscanf
__stdio_common_vswprintf
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
fputc
__stdio_common_vswprintf_s
__stdio_common_vfwscanf
fflush
__stdio_common_vsnprintf_s
fclose
fgetc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vfwprintf_p
__stdio_common_vsprintf
__stdio_common_vfwprintf_s
fwrite
__stdio_common_vfwprintf
__p__fmode

api-ms-win-crt-convert-l1-1-0

_itoa
atof
atoi
strtol
strtoul

api-ms-win-crt-filesystem-l1-1-0

rename
_stat64i32
_unlock_file
remove
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

isblank
isdigit
strtok
strncpy_s
_strdup
strspn
strcat_s
strcpy_s
isspace
strlen
tolower
strpbrk
strncmp
strncpy

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64
strftime
_time64
clock
_gmtime64
_difftime64

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 881KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

108c6edea2305b1b83fd390f20149efe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

msvcp140

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 2KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 12B

7f92caa5163ed08ccbe113a16149d174

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 940B

25507b5aa553c3825707a1a45149b030

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

user32

kernel32

imm32

gdi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 22KB - Virtual size: 961KB

_RDATA Size: 10KB - Virtual size: 9KB

.reloc Size: 55KB - Virtual size: 55KB

9eda0cec56814cab27584e1af1e286b3

Headers

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 22KB - Virtual size: 961KB

_RDATA
Size: 10KB - Virtual size: 9KB

.reloc
Size: 55KB - Virtual size: 55KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 881KB - Virtual size: 4.7MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 108KB - Virtual size: 107KB