cb8e87ddc2e55b2d878962f545e58734976d4c68df2561fff863ebe28af45579

Sharing

Copy URL Twitter E-mail

General

Target

cb8e87ddc2e55b2d878962f545e58734976d4c68df2561fff863ebe28af45579
Size

10.3MB
MD5

8ca57f5e0e205a8a69ea38447f3eb59a
SHA1

11c65b88385e7b32e2b9b498ddb3a81d7e300efb
SHA256

cb8e87ddc2e55b2d878962f545e58734976d4c68df2561fff863ebe28af45579
SHA512

bcca8243b39904f474837d16ab11a5e2919cc4b1b139690d1b51d29a925a4395fa3b24b9d4cfe05c2b3189641740668731276c765f2dc7e354c2f27f0a1b6c6f
SSDEEP

196608:1y3sxItnpd53dIsRqHelMgd9CqrjlFlBII:1y82tnj54H4Mkgq3l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb8e87ddc2e55b2d878962f545e58734976d4c68df2561fff863ebe28af45579

Files

cb8e87ddc2e55b2d878962f545e58734976d4c68df2561fff863ebe28af45579
.exe windows:6 windows x64

03d575c2fc7ea1e43f39d0e6a6a405e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
VirtualQueryEx
Process32FirstW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
Process32NextW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
OpenProcess
Module32NextW
WideCharToMultiByte
Module32FirstW
GetCurrentDirectoryW
CloseHandle
CreateToolhelp32Snapshot
WriteProcessMemory
GetTickCount
WakeAllConditionVariable
ReadProcessMemory
FlsSetValue
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount

user32

ClientToScreen
GetCapture
ScreenToClient
GetForegroundWindow
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
TrackMouseEvent
LoadCursorW
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
GetMessageExtraInfo
GetKeyState
UnregisterClassA
DestroyWindow
UpdateWindow
FindWindowA
PostQuitMessage
SetWindowLongW
TranslateMessage
SetLayeredWindowAttributes
SetWindowDisplayAffinity
PeekMessageW
DispatchMessageW
ShowWindow
RegisterClassExW
EmptyClipboard
UnregisterClassW
mouse_event
GetWindowLongW
CreateWindowExW
GetAsyncKeyState
SetWindowPos
DefWindowProcW
SetClipboardData
GetClipboardData
ReleaseCapture
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW

shell32

ShellExecuteA

msvcp140

_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_counter
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
_CxxThrowException
__C_specific_handler
__current_exception_context
memset
memmove
__current_exception
strstr
_purecall
__std_exception_copy
__std_exception_destroy
memcpy
memchr

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_errno
terminate
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
system
_register_onexit_function
_exit
_invalid_parameter_noinfo_noreturn
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
__stdio_common_vsprintf
__p__commode
_set_fmode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
fclose
fseek
__stdio_common_vsscanf
fread
__stdio_common_vfprintf
_wfopen
fwrite
ftell

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strncpy

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
remove

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

cos
fmodf
atanf
tan
log
acosf
logf
pow
atan2f
powf
cosf
tanf
sqrtf
sqrt
sinf
__setusermatherr
sin

wtsapi32

WTSSendMessageW

Exports

Exports

��;�F��e�C��"��Ry�M��M�J��U9��xKD+V��L�U�!�Mt�-�8309"�E@��vG>�~=�M�f�ql�s=(f) ��@�x��׵D�׬a�)$��Yc4+4j?�W�J�Rz�_�+��nXr�=^u�m�GH{��AR�;��K��S�2^~�Z��X��Åd�z6�y�cZ!Rn��>',$��B��["��u\5�|)]��!e��<b�U$|��/��r�=X8^��8ƞ6b�pnO��#�G[!(>X��Ij&B3� OG\�'��6zk�P�,��BF5�ؔz��5�l�@E�(�!3��L��!��e1`��,�j��=�]�s��b�Q��F��!z��A��ϣ�üLmZ�B��7�Jd��O�:�{��m�=��N�e.q4��Im?o`3�Yډ{��L�ky�<Ob��/��X�ccz̧��Y��+�E�먭��r.�XD��{筬�E�I��b@G��g+?�j�1A�q��0��D��]jA��:E*��x��2��6�WF$�t˨�j�螮��]�AE p�ז��7��N�;9 ��~�*wӧ��jÜ�$%��=!D��L"'}� G!�&]� ��J4�� 7g73R�5r �� '3�@!)v�UJi��MY3�"N�OE�(£G��dB?��&�^��/��s��Z�U�pc��l��g�9ܿ6{�bl �힛I�Mk��ApJ#_�?Q̓j �� zd��΅�+�C�RY˔gz�C:%xn��p�r��+��-�N˔{F��*/��;ӎq�2�*H�>߀@_ܟ}-c�Bt��f]��"��S@F��6{��<!:��/©��킍on9��Є�Wd��ñw�%�@��JL�김fUl�/��J�dX�̸VM�ܣ�d0��E�s]3?�.�`�l��`;�FH�7l6PX��0��Eȿ�D�`bͅ��ۊ�Uy#G�lʆ�K��`Y�͜@�ZT�t��&��͗��A�+xM��w�A��p��`"��\��:]�aL��X��â�[��!�h�M8�q��ї��7ǰ��8�c�V��f��,�q/I>ٍI}$��x�X��=f��ũ��)l��?�;`��E&6ϴ4��t��c��}��s��d��ӳί��ly-D_@�pG늬�h�I�"��v�6��#��-j��{�/�5�#��q��yȹ�雑�i��1ZUǪ`FX�?�T��|?b��]��rr��ْ%un` <R�A=pirE_��JQ�� ~ۇ��\��O�4Cnl�(��y�Ճmj?+�^��%v2� `C��e,:��?�o�íF�Yd*��2.�زD"�� 2��) L�,Z\}��R��V��-|�Ψ ��h�3��(YX�G��O�S�9*��B5�2b�G��:1q�� $��1J�w��(��3��Ğ+��̳1��m�%Et0�v��eЖOϪ8��ӎ!t�6��x̽��@��9Y�`�G)w��5��C�ý��X�z8&�S5��P��o��vr�]� ��ޤ�]֕�a�,u��,.M8��1|�k�E�9�}M��"��E�1w��n�>g��U �z}��T��@p��+l��[8B�m�c�s��\��JT��H>�Eᔌ��+��xLP�h;�WB�sY�G>Ӆ��TD1�;�,W��$�˙��W%��;�>/�U��Z�{��M�^��z�� ɾ/uYƚ䭸-;M��U��: �-d��f}y:2��]k��A��k�]dk��X��!�N�w��C$ʲ �n�}��q84W��]03 p(�\��l!��BT_ҠO�T}�}�O�7�m��9��i�&��-��o�!�]0�iV� ʹ��(�Hny��W(��V�mj�5�>�s��Y2��r��qŧ槠��G��3�BM�O�{�ꪚ��ɗQ*:bb��; �п�=��K��IgF��f��C��)�� tu��Ю��<)|生��M"]��ś]��k*��/]�q��Xz�vF,� zW\�î>J�1�m�n O�{>z`-�H�΢A��)�v�\��E�a\��d��m?�7y��rX� ��:b��vs>6;��\�@�l!a]�%Ry.��_��lG�)=rj�=��=v��'g��!�s�U�d<��Dh�WG�]d�X��y֏3��}C��{��O��TX�a$��[C�ŤDg��=r9G��z��W9�d,��P��л�/��/��">��q�*c/��BR$<�LU�D��l�5�%w�d� mʨ��W�vݥ�S��|��"B�؁�F��y�<1�ϒ��ɖ��3=6�yGD2��vF��$27�W �Zy�O��<w�w��,gd��p�s.]\��:�{��ޟ&��8��--(�}7��S��n4��X �~��`4��E��;;��y5�J��74�t��*�v��x�ז��'�y�=�_�lﷄ��f��7�u4-ɧ=�]`7$��s��:�,�8�S��[��U��Q@��s̍�{��ؗ�1��3��h��f��eN:�x�$qb�\��N@�jJ=��e_VT��f�l��ʎ;� 8V�h�{0��`/0��^��>G1��A��M��y�!�\zalKKK��t�B9�(k��b��b}��\�Ơ��MD�u��>�w�K�\d$��Q�'��$�R�7��uB:v��ֱ"w��y)_)� >Ԡ侭�S�k�� <��j�y��o�n��d�T��T5�j!��ہ��xnD��ǑR�

Sections

.text
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.000
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.001
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

03d575c2fc7ea1e43f39d0e6a6a405e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

d3d11

d3dcompiler_47

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: 736KB - Virtual size: 736KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 32KB - Virtual size: 32KB

.000 Size: 3.5MB - Virtual size: 3.5MB

.001 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 300KB - Virtual size: 300KB

.l1 Size: 24KB - Virtual size: 24KB

.text
Size: 736KB - Virtual size: 736KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 32KB - Virtual size: 32KB

.000
Size: 3.5MB - Virtual size: 3.5MB

.001
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 300KB - Virtual size: 300KB

.l1
Size: 24KB - Virtual size: 24KB