lightcord-temp_2[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

lightcord-temp_2.rar
Size

1.1MB
MD5

7eeff1d946e9248376e29eac4f4fc51c
SHA1

a4a0e0319c331115716753faec2adede58f8bd36
SHA256

3a87b433bc3435e7a786d9601fd891eecdd7b1088b6ada417cac93e3ae3e5932
SHA512

feff1af7d12ab278a29c9a48c6ac053e9567f25f2f95abd3914fe8270bf94bb4feb084492f57abcf4c201a1cbad25fe208c93f394f9fe74432c6d30b898f86a5
SSDEEP

24576:zA4HZr/wtM9aYzG0he+V+dC2b/57UphVBMeX/EEAWN7UL:z9Hd/4ZYzxhee+MK5APPMvWN7UL

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/injector/injector/main_injector.exe
unpack001/lightcord-temp/extract.exe
unpack001/lightcord-temp/injector/injector/impx64.dll
unpack001/lightcord-temp/injector/injector/main_injector.exe
unpack001/lightcord-temp/yuki-module.dll

Files

lightcord-temp_2.rar
.rar
lightcord-temp/KID.zip
.zip
configs/dont_load.txt
inject_version.txt
injector/injector/main_injector.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/configs/-.cfg
lightcord-temp/configs/0s.cfg
lightcord-temp/configs/3000x1000.cfg
lightcord-temp/configs/3tap.cfg
lightcord-temp/configs/CLOSE.cfg
lightcord-temp/configs/FAR.cfg
lightcord-temp/configs/Koda_config_1.cfg
lightcord-temp/configs/aaa.cfg
lightcord-temp/configs/aoricfgs.cfg
lightcord-temp/configs/ccc_my_main_sets_1.cfg
lightcord-temp/configs/codeine_..cfg
lightcord-temp/configs/comp2.cfg
lightcord-temp/configs/crazy.cfg
lightcord-temp/configs/dhblatantW.cfg
lightcord-temp/configs/dont_load.txt
lightcord-temp/configs/dtb.cfg
lightcord-temp/configs/esex.cfg
lightcord-temp/configs/fdef99c71a4850ea.cfg
lightcord-temp/configs/fed.cfg
lightcord-temp/configs/frameskip (1).cfg
lightcord-temp/configs/johns_poopy.cfg
lightcord-temp/configs/kaua_60-100_ping_cfg.cfg
lightcord-temp/configs/koda.cfg
lightcord-temp/configs/legit (4).cfg
lightcord-temp/configs/mp7.cfg
lightcord-temp/configs/no_comp.cfg
lightcord-temp/configs/nocompxd.cfg
lightcord-temp/configs/promethazine_..cfg
lightcord-temp/configs/rev.cfg
lightcord-temp/configs/sea.cfg
lightcord-temp/configs/semi_smooth.cfg
lightcord-temp/configs/shakey_blatant.cfg
lightcord-temp/configs/shitshitshit.cfg
lightcord-temp/configs/werl_config.cfg
lightcord-temp/configs/xans_..cfg
lightcord-temp/configs/xlrs_config.cfg
lightcord-temp/configs/xyz.cfg
lightcord-temp/configs/yazomain.cfg
lightcord-temp/extract.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/inject_version.txt
lightcord-temp/injector/injector/impx32.exe
.exe windows:6 windows x86

3068f21a406724250ff695fe3a841dee

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89
Signer

Actual PE Digest

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
DeleteFileW
LoadLibraryW
SignalObjectAndWait
CloseHandle
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

user32

SendMessageW
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageA
GetClassNameW
SetWindowsHookExA
SetForegroundWindow
UnhookWindowsHookEx

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

vcruntime140

memcpy
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memmove

api-ms-win-crt-convert-l1-1-0

strtol
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
ungetc
_set_fmode
fgetc
fread
_get_stream_buffer_pointers
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fclose
fwrite

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initialize_wide_environment
_exit
_configure_wide_argv
_register_onexit_function
_crt_atexit
_initterm
_controlfp_s
terminate
_set_app_type
exit
_get_initial_wide_environment
_seh_filter_exe
_initialize_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/injector/injector/impx64.dll
.dll windows:6 windows x64

ac5c74c57ca562c98d6aa038d1111033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
OpenProcess
ReadProcessMemory
CreateEventExW
CreateProcessW
SetEvent
GetModuleHandleW
WriteProcessMemory
GetProcAddress
lstrlenW
CreateToolhelp32Snapshot
Sleep
Module32FirstW
Module32NextW
VirtualAllocEx
VirtualFreeEx
GetTempPathW
CopyFileW
QueryPerformanceCounter
GetHandleInformation
QueryFullProcessImageNameW
DeleteFileW
GetTickCount64
GetProcessId
GetExitCodeProcess
GetTickCount
GetThreadId
Wow64GetThreadContext
Wow64SetThreadContext
ResumeThread
GetThreadContext
SetThreadContext
LoadLibraryW
FreeLibrary
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
CreateEventW
VirtualAlloc
VirtualFree
CreateDirectoryW
GetFileAttributesExW
CreateFileW
SuspendThread
GetFileAttributesW
GetModuleFileNameW
InitOnceComplete
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceBeginInitialize

user32

PostThreadMessageW

advapi32

CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

ole32

StringFromGUID2

msvcp140

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_wait
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?bad@ios_base@std@@QEBA_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Thrd_sleep
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?good@ios_base@std@@QEBA_NXZ
_Xtime_get_ticks
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

dbghelp

SymCleanup
SymUnloadModule64
SymSetOptions
SymLoadModuleExW
SymInitializeW
SymFromName

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
wcsrchr
strchr
_purecall
__C_specific_handler
__std_terminate
memset
_CxxThrowException
__std_type_info_destroy_list
memcpy
__std_exception_copy
memcmp
memmove

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
abort
terminate
_initterm_e
_errno
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
_ultow_s
atoi

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
__stdio_common_vfprintf
setvbuf
fread
fclose
_get_stream_buffer_pointers
fwrite
fputwc
__stdio_common_vswprintf
ungetwc
fsetpos
_fseeki64
fgetpos
ungetc
fgetc
fgetwc
fputc

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wrename
_lock_file

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
wcsftime

Exports

Exports

GetDownloadProgress
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
InterruptDownload
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/injector/injector/impx64.exe
.exe windows:6 windows x64

dc42f0f6db93a84ca2606c0c4dd7a6f2

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:6e:b8:eb:c0:4f:91:91:a6:1a:f7:39:0c:66:68:67:b4:7c:0e:77
Signer

Actual PE Digest

0e:6e:b8:eb:c0:4f:91:91:a6:1a:f7:39:0c:66:68:67:b4:7c:0e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
DeleteFileW
LoadLibraryW
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageA
GetClassNameW
SetWindowsHookExA
SetForegroundWindow
SendMessageW
UnhookWindowsHookEx

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_terminate
memmove
memset
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-convert-l1-1-0

strtol
strtoll

api-ms-win-crt-stdio-l1-1-0

fputc
ungetc
fclose
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__p__commode
_set_fmode
_get_stream_buffer_pointers

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_cexit
__p___wargv
_seh_filter_exe
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_get_initial_wide_environment
_initialize_wide_environment
__p___argc
_configure_wide_argv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/injector/injector/main_injector.exe
.exe windows:6 windows x64

333c703f7a90fe97aa50ab511982b547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlCaptureContext

shell32

SHGetKnownFolderPath

msvcp140

?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__C_specific_handler
__current_exception_context
__std_exception_copy
__std_exception_destroy
memmove
__current_exception
__std_terminate
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__p__commode
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initialize_onexit_table
_cexit
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_exit
exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lightcord-temp/injector/injector/x64/ntdll.pdb
lightcord-temp/injector/injector/x86/wntdll.pdb
lightcord-temp/s83ug10s.json
lightcord-temp/yuki-module.dll
.dll windows:6 windows x64

088494a64becfaf149a300e86977af2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
QueryPerformanceCounter
Sleep
CreateFileA
VirtualProtect
GetProcessId
CreateToolhelp32Snapshot
QueryFullProcessImageNameA
Module32FirstW
ReadProcessMemory
Module32NextW
IsWow64Process
VirtualQueryEx
GetCurrentProcess
LeaveCriticalSection
GetFileInformationByHandleEx
AreFileApisANSI
GlobalUnlock
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetLastError
CreateFileW
GetModuleHandleA
EnterCriticalSection
PeekNamedPipe
WriteFile
ReadFile
SetUnhandledExceptionFilter

user32

MessageBoxA
GetAsyncKeyState
CallWindowProcA
DefWindowProcA
CreateWindowExA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
MonitorFromWindow
GetDC
LoadCursorA
GetKeyState
SendInput
FindWindowA
RegisterClassExA
SetWindowLongPtrA

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetKnownFolderPath

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exceptions@std@@YAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??Bios_base@std@@QEBA_NXZ
_Cnd_broadcast
_Xtime_get_ticks
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Mtx_current_owns
_Mtx_unlock

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
memset
_CxxThrowException
memcmp
memchr
__current_exception_context
__current_exception
__C_specific_handler
memmove
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
memcpy

api-ms-win-crt-stdio-l1-1-0

_fseeki64
__stdio_common_vsprintf_s
fputc
_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
__stdio_common_vfprintf
fgetc
fseek
fsetpos
fflush
ftell
fgetpos
setvbuf
__stdio_common_vswprintf
fclose
ungetc

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_initterm_e
_cexit
_initterm
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
exit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_dll
_errno

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
tolower
strcmp

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoull
strtod
strtoll
atof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sinf
fmodf
sqrtf
_dclass
ceilf
acosf
cosf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

3068f21a406724250ff695fe3a841dee

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

ac5c74c57ca562c98d6aa038d1111033

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcp140

dbghelp

urlmon

wininet

wtsapi32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 154KB - Virtual size: 154KB

.inj_sec
Size: 2KB - Virtual size: 1KB

.mmap_se
Size: 9KB - Virtual size: 8KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 19KB - Virtual size: 20KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 724B

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:6e:b8:eb:c0:4f:91:91:a6:1a:f7:39:0c:66:68:67:b4:7c:0e:77
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 732B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B