59db379579d9d4c3214f554e28f9c9bd2d14a83683db8ca167c1f7bb4ac26304

Resubmissions

27/10/2024, 22:02

241027-1xv4da1met 8

27/10/2024, 22:01

241027-1xl6ga1lgp 4

27/10/2024, 21:59

241027-1v489sthkn 4

18/01/2024, 09:37

240118-llm63aghdn 8

Sharing

Copy URL Twitter E-mail

General

Target

59db379579d9d4c3214f554e28f9c9bd2d14a83683db8ca167c1f7bb4ac26304
Size

915KB
MD5

82ebdd11aa135025bc18fdb147d318cf
SHA1

4a7a2c39d5de0b2fc5be740063b5d96f4f1bd1d8
SHA256

59db379579d9d4c3214f554e28f9c9bd2d14a83683db8ca167c1f7bb4ac26304
SHA512

07782050f6e9efcab068b748adf4ceedd9d442700c52dd25bf2391b0fe4c2c82d23a729eb24817de14b1860ee504ec15bd0c780ff7a3873a0e54fdb4432e74b4
SSDEEP

12288:lQQWHtqsVSbtfars2eW19ml9gEWdkbxjQuKQreyaLyfh7t8AkIJ2zlw+68jC7p+2:uHtqpZaLeWLm0kxjv5SyDhbNcBTj48Nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/11/devobj.dll
unpack001/11/fsquirt.exe
unpack001/11/vm3dservice.exe
unpack001/11/winmm.dll

Files

59db379579d9d4c3214f554e28f9c9bd2d14a83683db8ca167c1f7bb4ac26304
.zip
11/Netclro
11/XoNhlvwh
11/devobj.dll
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

DevObjBuildClassInfoList
DevObjChangeState
DevObjClassGuidsFromName
DevObjClassNameFromGuid
DevObjCreateClassDeviceInfoList
DevObjCreateDevRegKey
DevObjCreateDeviceInfo
DevObjCreateDeviceInfoList
DevObjCreateDeviceInterface
DevObjCreateDeviceInterfaceRegKey
DevObjDeleteAllInterfacesForDevice
DevObjDeleteDevRegKey
DevObjDeleteDevice
DevObjDeleteDeviceInfo
DevObjDeleteDeviceInterfaceData
DevObjDeleteDeviceInterfaceRegKey
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjEnumDeviceInterfaces
DevObjGetClassDescription
DevObjGetClassDevs
DevObjGetClassProperty
DevObjGetClassPropertyKeys
DevObjGetClassRegistryProperty
DevObjGetDeviceInfoDetail
DevObjGetDeviceInfoListClass
DevObjGetDeviceInfoListDetail
DevObjGetDeviceInstanceId
DevObjGetDeviceInterfaceAlias
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceInterfacePropertyKeys
DevObjGetDeviceProperty
DevObjGetDevicePropertyKeys
DevObjGetDeviceRegistryProperty
DevObjLocateDevice
DevObjOpenClassRegKey
DevObjOpenDevRegKey
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjOpenDeviceInterfaceRegKey
DevObjRegisterDeviceInfo
DevObjRemoveDeviceInterface
DevObjRestartDevices
DevObjSetClassProperty
DevObjSetClassRegistryProperty
DevObjSetDeviceInfoDetail
DevObjSetDeviceInterfaceDefault
DevObjSetDeviceInterfaceProperty
DevObjSetDeviceProperty
DevObjSetDeviceRegistryProperty
DevObjUninstallDevice

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
11/fsquirt.exe
.exe windows:10 windows x64 arch:x64

cf9f329811ec0bb29fada59b7f004646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegSetValueExW

kernel32

IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
GetCurrentProcessId
GetLastError
CreateSemaphoreExW
CreateFileW
WriteFile
RaiseException
HeapFree
ResetEvent
CreateEventW
CreateThread
MulDiv
RemoveDirectoryW
LocalFree
PowerCreateRequest
PowerSetRequest
GetFileSizeEx
GetTickCount64
GetFileAttributesW
GetTempPath2W
CreateDirectoryW
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
ReadFile
WaitForMultipleObjects
GetOverlappedResult
HeapReAlloc
GetModuleHandleExW
GetProcessHeap
SetEvent
HeapAlloc
FormatMessageW
CreateMutexExW
GetSystemTimeAsFileTime

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW

user32

GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongPtrW
ReleaseDC
LoadImageW
SetTimer
SendDlgItemMessageW
SetWindowLongPtrW
EnableWindow
SendMessageW
KillTimer
PostQuitMessage
PostThreadMessageW
LoadStringW
CharNextW
MessageBoxW
ShowWindow
GetParent
PostMessageW
GetDlgItem
SetDlgItemTextW
GetWindowTextLengthW
SetWindowTextW
SetWindowLongW
SetForegroundWindow
MapWindowPoints
GetWindowRect
GetDC

msvcrt

_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
memmove
_XcptFilter
__CxxFrameHandler3
_acmdln
?what@exception@@UEBAPEBDXZ
exit
memmove_s
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_initterm
__setusermatherr
_ismbblead
_cexit
_CxxThrowException
_exit
_get_errno
_set_errno
rand_s
_amsg_exit
__getmainargs
??0exception@@QEAA@XZ
__set_app_type
_ui64tow_s
wcstoul
__C_specific_handler
_wcsicmp
memcpy_s
_vsnwprintf
memcpy
_callnewh
strcmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

comctl32

PropertySheetW
InitCommonControlsEx

shell32

ord155
SHGetKnownFolderItem
SHGetFolderPathW
SHGetDesktopFolder
ord190
SHCreateShellItemArrayFromIDLists
SHSetLocalizedName
SHBrowseForFolderW
ord258
SHCreateItemFromParsingName
ShellExecuteW
SHBindToParent
SHCreateItemFromIDList

comdlg32

CommDlgExtendedError
GetOpenFileNameW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathAddExtensionW
StrStrIA
ord174
PathFindFileNameW
StrFormatByteSizeW
PathCombineW
PathIsDirectoryW
StrRetToBufW

ws2_32

WSACleanup
getpeername
ioctlsocket
WSARecv
WSAGetOverlappedResult
WSASend
WSASetServiceW
listen
getsockname
bind
connect
WSAGetLastError
setsockopt
socket
closesocket
WSAStartup

mswsock

AcceptEx

ole32

OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitializeEx
OleUninitialize
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream

bthprops.cpl

BluetoothEnableDiscovery
BluetoothGetDeviceInfo
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothAuthenticateDeviceEx

powrprof

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
11/fsquirt.exe.config
.xml
11/vm3dservice.exe
.exe windows:6 windows x64 arch:x64

9134cde8fb35f1467005b6873f88781a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VerifyVersionInfoW
WTSGetActiveConsoleSessionId
FreeLibrary
GetTickCount64
ProcessIdToSessionId
RtlUnwind
RtlCaptureStackBackTrace
SetEndOfFile
WriteConsoleW
HeapReAlloc
HeapSize
ReadConsoleW
ResumeThread
SetFilePointerEx
LoadLibraryW
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
GetProcAddress
GetFileSizeEx
GetModuleHandleW
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetLastError
CloseHandle
ReadFile
VerSetConditionMask
FindFirstFileExW
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
GetConsoleOutputCP
FindClose
FindFirstFileA
FindNextFileA
GetLocalTime
FatalExit
RtlCaptureContext
CreateDirectoryW
CreateFileW
DeleteFileW
GetTempPathW
RaiseException
MoveFileW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetFileType
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers

user32

OpenInputDesktop
CloseDesktop
GetMessageW
SetThreadDesktop
UnhookWinEvent
SetWinEventHook
EnumDisplayDevicesW
LoadCursorW
SetRect
AdjustWindowRectEx
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
DispatchMessageW
TranslateMessage
EnumDisplayMonitors
RegisterWindowMessageW
GetUserObjectInformationA
GetSystemMetrics
EnumDisplaySettingsW
GetMonitorInfoW
GetThreadDesktop

gdi32

CreateDCW
DeleteDC

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExA
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW

dwmapi

DwmIsCompositionEnabled

wtsapi32

WTSRegisterSessionNotification

dbghelp

SymFunctionTableAccess64
MiniDumpWriteDump
SymSetSearchPath
SymGetSearchPath
StackWalk64
SymSetOptions
SymCleanup
SymFromAddr
SymGetModuleBase64
SymGetLineFromAddr64
SymInitialize

winmm

timeGetTime

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
11/winmm.dll
.dll windows:6 windows x64 arch:x64

c39068c1a0df08e002996f89104c654e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOWAppExit
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
sndPlaySoundA
sndPlaySoundW
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.sdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 668B

.reloc Size: 512B - Virtual size: 124B

cf9f329811ec0bb29fada59b7f004646

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

comctl32

shell32

comdlg32

shlwapi

ws2_32

mswsock

ole32

bthprops.cpl

powrprof

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 64KB - Virtual size: 62KB

.reloc Size: 4KB - Virtual size: 180B

9134cde8fb35f1467005b6873f88781a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

dwmapi

wtsapi32

dbghelp

winmm

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 23KB - Virtual size: 22KB

.gehcont Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

c39068c1a0df08e002996f89104c654e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

.text
Size: 22KB - Virtual size: 21KB

.sdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 124B

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 64KB - Virtual size: 62KB

.reloc
Size: 4KB - Virtual size: 180B

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 23KB - Virtual size: 22KB

.gehcont
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 2KB - Virtual size: 1KB