windows[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

windows.zip
Size

604KB
MD5

36f8ff292fff349c5454d1e774cf5dab
SHA1

4ff1d46f43ddc1592a1bf689d105c26d4a221c9d
SHA256

77e365c7fd749f5f8dc18fca25f2c807681530f14ac90ae2c55d10f80fa4a554
SHA512

49d1d181536bba54c1999ae9f45be8f1775b2d39318b57baa79c6a986fb309146c562b725acd6f30c1cfaa7e0302194a10a5b13c77f7d6db2536f121e99d76e3
SSDEEP

12288:Z2TLuW0406y12Wn61k7qxRfYP1++NC0G9Cuqbfbb8cN3ZcGJ3VSm:ZcfBpMn6y++/NCmBbTbFiGJlSm

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/windows/loader/efiXloader64.dll
unpack001/windows/plugin/efiXplorer.dll
unpack001/windows/plugin/efiXplorer64.dll

Files

windows.zip
.zip
windows/loader/efiXloader64.dll
.dll windows:6 windows x64 arch:x64

627557b89069fe63e98efa7c96c57f20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ida64

add_segm_ex
get_segm_by_name
file2base
get_default_reftype
op_offset_ex
add_entry
qalloc_or_throw
set_compiler
lread
set_cmt
getinf
create_strlit
utf16_utf8
get_max_strlit_length
create_data
set_op_type
del_items
add_qword
add_dword
add_word
get_qword
get_dword
get_word
is_loaded
vadd_extra_line
allocate_selector
calc_file_crc32
qsnprintf
op_offset
get_path
get_strlit_contents
qvector_reserve
callui
get_idati
add_til
import_type
vloader_failure
set_processor_type
close_linput
open_linput
qlseek
qlsize
qlread
setinf_flag
setinf
qfree

msvcp140

?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z

vcruntime140

memcpy
__std_type_info_destroy_list
__current_exception
__C_specific_handler
strchr
memcmp
memchr
memset
memmove
__current_exception_context
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_cexit
_initialize_narrow_environment
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv
_initterm
_initialize_onexit_table
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
setvbuf
fwrite
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
ungetc

api-ms-win-crt-math-l1-1-0

_dclass
_dsign

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_mkdir

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

kernel32

LocalFree
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
FormatMessageA
AreFileApisANSI
GetLastError

Exports

Exports

LDSC

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windows/plugin/efiXplorer.dll
.dll windows:6 windows x64 arch:x64

af8f335b21ffefc86fe9b0c2327c4c97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ida

get_member_name
add_struc
add_struc_member
set_member_name
set_member_tinfo
inf
auto_mark_range
plan_and_wait
auto_wait
auto_is_ok
set_cmt
get_next_seg
get_first_seg
get_struc_id
getn_func
get_func_qty
get_spd
import_type
get_arg_addrs
set_op_type
num_flag
add_til
add_func_ex
interr
get_member_by_name
get_hexdsp
copy_argloc
get_tinfo_pdata
get_tinfo_property
find_tinfo_udt_member
lexcompare_tinfo
under_debugger
get_struc
get_tinfo_details
create_tinfo
clear_tinfo_t
copy_tinfo_t
get_idati
guess_tinfo
apply_tinfo
cleanup_argloc
set_name
get_path
get_file_type_name
build_stkvar_xrefs
get_ph
is_basic_block_end
decode_insn
get_next_dref_to
get_first_dref_to
get_func
get_segm_name
get_segm_by_name
getseg
get_entry
get_entry_ordinal
get_entry_qty
get_user_idadir
idadir
bin_search2
op_stroff
get_wide_dword
get_wide_word
get_wide_byte
get_dword
get_word
next_head
getinf_flag
getinf_buf
getinf
qvector_reserve
qalloc_or_throw
qvsnprintf
qfree
set_segm_class
get_frame
prev_head
callui

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
strstr
memchr
memset
memcmp
__std_terminate
_purecall
memmove
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_seh_filter_dll
_crt_atexit
_initterm_e
_cexit
terminate
_initterm
_register_onexit_function
_errno

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_dclass
_dsign

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtoull

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
__stdio_common_vsprintf
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
_get_stream_buffer_pointers
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-string-l1-1-0

toupper

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
CloseHandle
AreFileApisANSI
GetFileAttributesExW
CreateFileW
FormatMessageA
LocalFree

Exports

Exports

PLUGIN

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windows/plugin/efiXplorer64.dll
.dll windows:6 windows x64 arch:x64

e88c89702a07e5bdb048c9e2e8d70f6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ida64

get_member_name
add_struc
add_struc_member
set_member_name
set_member_tinfo
inf
auto_mark_range
plan_and_wait
auto_wait
auto_is_ok
set_cmt
get_next_seg
get_first_seg
get_struc_id
getn_func
get_func_qty
get_spd
import_type
get_arg_addrs
set_op_type
num_flag
add_til
add_func_ex
interr
get_member_by_name
get_hexdsp
copy_argloc
get_tinfo_pdata
get_tinfo_property
find_tinfo_udt_member
lexcompare_tinfo
under_debugger
get_struc
get_tinfo_details
create_tinfo
clear_tinfo_t
copy_tinfo_t
get_idati
guess_tinfo
apply_tinfo
cleanup_argloc
set_name
get_path
get_file_type_name
build_stkvar_xrefs
get_ph
is_basic_block_end
decode_insn
get_next_dref_to
get_first_dref_to
get_func
get_segm_name
get_segm_by_name
getseg
get_entry
get_entry_ordinal
get_entry_qty
get_user_idadir
idadir
bin_search2
op_stroff
get_wide_dword
get_wide_word
get_wide_byte
get_dword
get_word
next_head
getinf_flag
getinf_buf
getinf
qvector_reserve
qalloc_or_throw
qvsnprintf
qfree
set_segm_class
get_frame
prev_head
callui

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
strstr
memchr
memset
memcmp
__std_terminate
_purecall
memmove
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_seh_filter_dll
_crt_atexit
_initterm_e
_cexit
terminate
_initterm
_register_onexit_function
_errno

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_dclass
_dsign

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtoull

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
__stdio_common_vsprintf
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
_get_stream_buffer_pointers
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-string-l1-1-0

toupper

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
CloseHandle
AreFileApisANSI
GetFileAttributesExW
CreateFileW
FormatMessageA
LocalFree

Exports

Exports

PLUGIN

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 378KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

627557b89069fe63e98efa7c96c57f20

Headers

DLL Characteristics

File Characteristics

Imports

ida64

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 286KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 492B

af8f335b21ffefc86fe9b0c2327c4c97

Headers

DLL Characteristics

File Characteristics

Imports

ida

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 342KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 378KB - Virtual size: 380KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 920B

e88c89702a07e5bdb048c9e2e8d70f6f

Headers

DLL Characteristics

File Characteristics

Imports

ida64

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 72KB - Virtual size: 71KB

.text
Size: 287KB - Virtual size: 286KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 492B

.text
Size: 343KB - Virtual size: 342KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 378KB - Virtual size: 380KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 920B

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 378KB - Virtual size: 380KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 924B