0e6105840422a7828faf137efb1c5823c8c8e6cfb044b12a360307bda745175e

Sharing

Copy URL

Twitter E-mail

General

Target

0e6105840422a7828faf137efb1c5823c8c8e6cfb044b12a360307bda745175e
Size

958KB
MD5

49300436bdde6519c90fc9b58b59df13
SHA1

7539c6cd3f967dc0fdd3d6bbf787c696d517692e
SHA256

0e6105840422a7828faf137efb1c5823c8c8e6cfb044b12a360307bda745175e
SHA512

403befd2cc9d3de4e793bd41d9b5b734769d9ed18fbfbee0b48849f7b427ff20cb376b6c44c9249acc1cceb09c004f6244356d03048090b73ab2232ad1fe21e6
SSDEEP

24576:iJilCmXl3EnES67jYqURwlijqH06wr68NnFaoXvkFfac:1lC8l3EnlMURwlNHfwr6qnFaoXv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e6105840422a7828faf137efb1c5823c8c8e6cfb044b12a360307bda745175e

Files

0e6105840422a7828faf137efb1c5823c8c8e6cfb044b12a360307bda745175e
.dll windows:6 windows x64 arch:x64

3b1e23108c22f33810874028c817da87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

lua

lua_close
lua_absindex
lua_gettop
lua_setglobal
lua_pushlightuserdata
lua_pushboolean
lua_tointegerx
lua_tonumberx
lua_isinteger
luaL_newstate
luaL_loadbufferx
luaL_ref
luaL_error
luaL_newmetatable
luaL_openlibs
lua_setupvalue
lua_getupvalue
lua_error
lua_pcallk
lua_callk
lua_setmetatable
lua_setfield
lua_settable
lua_newuserdatauv
lua_createtable
lua_rawgeti
lua_getglobal
lua_pushcclosure
lua_pushlstring
lua_pushnil
lua_touserdata
lua_tolstring
lua_type
lua_iscfunction
lua_xmove
lua_copy
lua_rotate
lua_pushvalue
lua_settop
luaL_unref

kernel32

GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
GetCurrentDirectoryW
GetStdHandle
WriteFile
IsDebuggerPresent
DebugBreak
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
VirtualQueryEx
GetModuleFileNameW
GetDynamicTimeZoneInformation
AllocConsole
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
K32EnumProcessModules
MultiByteToWideChar
VirtualProtect
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
GlobalAlloc
CloseHandle
WaitForSingleObject
CreateProcessW
GetSystemDirectoryA
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalFree
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
VerifyVersionInfoW
InitOnceBeginInitialize
SetLastError
VirtualQuery
TerminateProcess
ResumeThread
OpenProcess
VirtualProtectEx
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
GetFileType
SetUnhandledExceptionFilter
SetEvent
SleepEx
CreateEventW
GetVersion
FindClose
InitializeCriticalSection
FormatMessageA
CreateFileW
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
LocalFree
LockFileEx
ReadFile
SetEndOfFile
SetFilePointerEx
UnlockFileEx
OutputDebugStringW
GetLocalTime
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateDirectoryW
DeleteFileW
GetFileAttributesW
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockShared
GetFileTime
RemoveDirectoryW
GetFileAttributesA
GetLocaleInfoEx

user32

EnumDisplayMonitors
GetMonitorInfoA
MonitorFromWindow
LoadCursorA
SetWindowLongW
SetWindowLongA
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
CallWindowProcA
SetCursorPos
AdjustWindowRectEx
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
SetFocus
BringWindowToTop
IsIconic
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
SetCursor
CreateWindowExA
DestroyWindow
IsChild
SetWindowLongPtrA
RegisterClassExA
DefWindowProcA
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard

gdi32

GetDeviceCaps

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction036
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW

ntdll

RtlImageNtHeader

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?pubsetbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?rdstate@ios_base@std@@QEBAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?bad@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_destroy_in_situ
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
_Thrd_yield
_Cnd_do_broadcast_at_thread_exit
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flags@ios_base@std@@QEBAHXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Wcscoll
_Wcsxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ

msvcp140_atomic_wait

__std_close_threadpool_work
__std_bulk_submit_threadpool_work
__std_create_threadpool_work
__std_parallel_algorithms_hw_threads
__std_wait_for_threadpool_work_callbacks

concrt140

?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ

d3dcompiler_47

D3DCompile

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_exception_copy
__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
memcpy
_purecall
__std_terminate
memchr
memcmp
memmove
memset
strstr
__std_exception_destroy
_CxxThrowException
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
isblank
strlen
strcmp
strncmp
strncpy
isdigit
tolower

api-ms-win-crt-heap-l1-1-0

realloc
_aligned_free
_callnewh
free
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

signal
_invalid_parameter_noinfo_noreturn
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
abort
_errno
_beginthreadex
_initialize_onexit_table
terminate
_cexit
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

sinf
floorf
acosf
fabs
ceilf
_fdtest
cosf
sqrtf
_ldtest
_dtest
_dsign
llround

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
ftell
__acrt_iob_func
_wfopen
freopen_s
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fsopen
__stdio_common_vswprintf_s
__stdio_common_vsscanf
fclose
ungetc
setvbuf
fflush
fgetc
fwrite
_fseeki64
fgetpos
fsetpos
fread
__stdio_common_vsprintf_p
fputc
fseek

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
_mktime64
strftime
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file
_wstat64
_mkdir

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

DirectInput8Create

Sections

.text
Size: 715KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b1e23108c22f33810874028c817da87

Headers

DLL Characteristics

File Characteristics

Imports

lua

kernel32

user32

gdi32

advapi32

ntdll

msvcp140

msvcp140_atomic_wait

concrt140

d3dcompiler_47

imm32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 715KB - Virtual size: 715KB

.rdata Size: 167KB - Virtual size: 167KB

.data Size: 25KB - Virtual size: 31KB

.pdata Size: 33KB - Virtual size: 33KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 715KB - Virtual size: 715KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 25KB - Virtual size: 31KB

.pdata
Size: 33KB - Virtual size: 33KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB