General

Malware Config

Signatures

Files

• 854b58ad4159a3c40c456d51a6274869a7d2c3de68b2f1cd443f6f4cf0f27e96

  .exe windows:6 windows x64 arch:x64

  3bf3bc4bda6da1d333ac33af29922238

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  common

  ?CMNToUTF8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEB_W@Z

  ?CMNToWide@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z

  ?GetHeight@CMNRect@@QEBAMXZ

  ?Create@CMNBase64Converter@@SA?AV?$shared_ptr@VCMNBase64Converter@@@std@@XZ

  ??0CMNDateTime@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

  ?Create@CMNJSONObject@@SA?AV?$shared_ptr@VCMNJSONObject@@@std@@XZ

  ?Create@CMNJSONArray@@SA?AV?$shared_ptr@VCMNJSONArray@@@std@@XZ

  ?Parse@CMNJSONArray@@SA?AV?$shared_ptr@VCMNJSONArray@@@std@@AEBV?$vector@EV?$allocator@E@std@@@3@@Z

  ?SystemTime@CMNDateTime@@SA?AV1@XZ

  ?ToString@CMNDateTime@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@Z

  ?Create@CMNURIBuilder@@SA?AV?$shared_ptr@VCMNURIBuilder@@@std@@XZ

  ?ToString@CMNGuid@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

  ?GetWidth@CMNRect@@QEBAMXZ

  ?Parse@CMNJSONArray@@SA?AV?$shared_ptr@VCMNJSONArray@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z

  storage

  ?LocalFileSystemScheme@STStorageModule@@SAPEBDXZ

  ?Create@STStreamReader@@SA?AV?$shared_ptr@VSTStreamReader@@@std@@V?$shared_ptr@VSTReadableStream@@@3@@Z

  wvconnector

  WvCRelease_DisposeModel

  WvCPreview_Read

  WvCPreview_Open

  WvCPreview_Close

  ?DeterminePackageType@@YA?AV?$CMNOperationResult@W4BPPackageType@BPPackage@@@@V?$shared_ptr@VCMNURI@@@std@@@Z

  ?GetStorageModule@@YA?AV?$shared_ptr@VSTStorageModule@@@std@@XZ

  WvCPreview_IsValidHandle

  WvCPreview_GetLength

  ?GetBIMxPackageModule@@YA?AV?$shared_ptr@VBPBIMxPackageModule@@@std@@XZ

  libcef

  cef_api_hash

  cef_browser_host_create_browser

  cef_string_map_alloc

  cef_string_map_free

  cef_string_list_value

  cef_string_list_append

  cef_string_map_size

  cef_string_map_key

  cef_string_map_value

  cef_string_map_append

  cef_string_multimap_size

  cef_string_multimap_key

  cef_string_multimap_value

  cef_string_multimap_append

  cef_string_multimap_alloc

  cef_string_multimap_free

  cef_parse_url

  cef_enable_highdpi_support

  cef_quit_message_loop

  cef_run_message_loop

  cef_log

  cef_string_userfree_utf16_free

  cef_string_list_alloc

  cef_shutdown

  cef_initialize

  cef_execute_process

  cef_string_list_free

  cef_string_utf16_set

  cef_string_utf16_cmp

  cef_string_utf8_clear

  cef_string_utf16_to_utf8

  cef_string_utf8_to_utf16

  cef_string_utf16_clear

  cef_post_task

  cef_currently_on

  cef_string_list_size

  shlwapi

  UrlUnescapeA

  PathFindFileNameW

  dwmapi

  DwmGetWindowAttribute

  api-ms-win-core-path-l1-1-0

  PathCchCanonicalizeEx

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  kernel32

  IsProcessorFeaturePresent

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetProcAddress

  GetModuleHandleW

  CreateEventW

  WaitForSingleObjectEx

  ResetEvent

  SetEvent

  DeleteCriticalSection

  GetStartupInfoW

  LeaveCriticalSection

  GetCommandLineW

  LocalFree

  GetModuleFileNameW

  FormatMessageW

  GetLastError

  GetUserPreferredUILanguages

  GetNativeSystemInfo

  VerSetConditionMask

  GlobalMemoryStatusEx

  VerifyVersionInfoW

  GetModuleFileNameA

  SetLastError

  FormatMessageA

  GetFileAttributesExW

  AreFileApisANSI

  CloseHandle

  GetFileInformationByHandleEx

  MultiByteToWideChar

  WideCharToMultiByte

  EnterCriticalSection

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  CreateFileW

  GetCurrentDirectoryW

  IsDebuggerPresent

  InitializeCriticalSectionAndSpinCount

  user32

  GetMenu

  GetWindowRect

  InsertMenuItemW

  LoadMenuW

  ModifyMenuW

  DefWindowProcW

  GetWindowLongW

  SetWindowPos

  GetWindowLongPtrW

  MonitorFromWindow

  SetWindowLongPtrW

  SetWindowTextW

  SendMessageW

  EndDialog

  CallWindowProcW

  SetWindowTextA

  LoadStringW

  SetWindowLongW

  EnumDisplayDevicesA

  DialogBoxParamW

  EnableMenuItem

  LoadAcceleratorsW

  GetSubMenu

  DestroyIcon

  GetMonitorInfoW

  DestroyAcceleratorTable

  SetDlgItemTextW

  SendDlgItemMessageW

  SetMenu

  TranslateAcceleratorW

  LoadIconW

  RemoveMenu

  advapi32

  RegQueryValueExW

  RegGetValueA

  RegCloseKey

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegDeleteValueW

  RegEnumValueW

  shell32

  ShellExecuteW

  ShellExecuteA

  CommandLineToArgvW

  ole32

  CoCreateInstance

  CoTaskMemFree

  CoInitializeEx

  CoUninitialize

  msvcp140

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z

  ??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z

  ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z

  ??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z

  ?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

  ?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z

  ?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

  ?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

  ?uncaught_exception@std@@YA_NXZ

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?_Xbad_function_call@std@@YAXXZ

  ?_Throw_C_error@std@@YAXH@Z

  _Mtx_destroy_in_situ

  _Mtx_lock

  _Mtx_init_in_situ

  _Mtx_unlock

  ??1_Lockit@std@@QEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?_Xinvalid_argument@std@@YAXPEBD@Z

  ?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z

  ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

  ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ??Bid@locale@std@@QEAA_KXZ

  ?_Xbad_alloc@std@@YAXXZ

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?_Winerror_map@std@@YAHH@Z

  ?_Syserror_map@std@@YAPEBDH@Z

  ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

  ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

  ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

  ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

  ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ

  ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

  ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

  ??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z

  ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  _CxxThrowException

  __current_exception_context

  __C_specific_handler

  memset

  memmove

  memcpy

  __std_terminate

  memchr

  _purecall

  __std_exception_copy

  __std_exception_destroy

  __current_exception

  memcmp

  api-ms-win-crt-runtime-l1-1-0

  _invalid_parameter_noinfo_noreturn

  terminate

  _register_thread_local_exe_atexit_callback

  _c_exit

  _exit

  exit

  _initterm_e

  _initterm

  _get_wide_winmain_command_line

  _initialize_wide_environment

  _configure_wide_argv

  _set_app_type

  _seh_filter_exe

  _cexit

  _crt_atexit

  _register_onexit_function

  _initialize_onexit_table

  _errno

  api-ms-win-crt-string-l1-1-0

  tolower

  strcmp

  strncpy

  api-ms-win-crt-convert-l1-1-0

  strtoul

  wcstol

  api-ms-win-crt-stdio-l1-1-0

  fputc

  __acrt_iob_func

  _set_fmode

  fclose

  fgetc

  __stdio_common_vfprintf

  fflush

  __p__commode

  _get_stream_buffer_pointers

  fwrite

  __stdio_common_vfwprintf

  fgetpos

  setvbuf

  ungetc

  fsetpos

  fread

  _fseeki64

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  _lock_file

  api-ms-win-crt-heap-l1-1-0

  free

  malloc

  _callnewh

  _set_new_mode

  api-ms-win-crt-locale-l1-1-0

  ___lc_codepage_func

  _configthreadlocale

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  Sections

  .text

  Size: 393KB - Virtual size: 392KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 97KB - Virtual size: 96KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 19KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 21KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 931KB - Virtual size: 931KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 572KB - Virtual size: 576KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE