d766a7c05646f6e2ad5384c66ac4f2ac[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d766a7c05646f6e2ad5384c66ac4f2ac.bin
Size

4.2MB
MD5

f1aad2ac4751a501b17163eaa123ca13
SHA1

c47a103b01754a39fd90b753942097cba4d6eb4a
SHA256

56708512e5c513a3f7a96e3c334ad5c1715f16e2f160dac1b4c345118b039563
SHA512

dced75a2da2bd2e7a668c6a1250cef08010fd956be1d8198c43acbee44bf48609640e460cd6463ebd0b2c05b902b1b978c1b678071ffbf52d2102f56d6dc0c88
SSDEEP

98304:tMK6mhqSstF6VZkwTQbFb8FPlo3qBE8KfVwPN5sdeOFbuDEG1ys2NDWK6BF+Su:96mUntFQZ1yFgFm6BErtqu4PDYDBWn+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/863ba2571d0bef9242d1d8027d80117a192076a7b8158f3463b74f58bc7e68d8.exe

Files

d766a7c05646f6e2ad5384c66ac4f2ac.bin
.zip

Password: infected
863ba2571d0bef9242d1d8027d80117a192076a7b8158f3463b74f58bc7e68d8.exe
.dll windows:6 windows x64 arch:x64

Password: infected

9aa2106b22a565066bb38bf14aa0ad8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\YimMenu\out\build\x64-Release\YimMenu.pdb

Imports

dbghelp

SymFromAddr
SymCleanup
SymFunctionTableAccess64
SymGetLineFromAddr64
StackWalk64
SymInitialize
SymGetModuleBase64

ws2_32

WSACloseEvent
inet_pton
getpeername
WSACreateEvent
getsockopt
send
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
ioctlsocket
WSAGetLastError
ntohs
recv
listen
WSASetLastError
getsockname
connect
bind
accept
select
__WSAFDIsSet
WSAIoctl
setsockopt
htonl
freeaddrinfo
getaddrinfo
socket
inet_ntop
WSAStartup
WSACleanup
htons

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptGenRandom

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
InitOnceBeginInitialize
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetModuleHandleA
VirtualAlloc
VirtualFree
GetCurrentThreadId
GetModuleFileNameA
WideCharToMultiByte
GetLastError
K32GetModuleInformation
GetCurrentProcess
lstrcpyW
SetErrorMode
IsBadReadPtr
AttachConsole
GetCurrentProcessId
AllocConsole
GetStdHandle
SetConsoleTitleA
SetConsoleOutputCP
GetConsoleMode
SetConsoleMode
FreeConsole
GetCurrentThread
GetConsoleWindow
CloseHandle
RtlCaptureContext
DisableThreadLibraryCalls
CreateThread
VirtualProtect
CreateFiber
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
GetModuleFileNameW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualQuery
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
GetLocaleInfoEx
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
FreeLibraryAndExitThread
InitOnceComplete
LocalFree
SetUnhandledExceptionFilter

user32

SetWindowsHookExA
GetKeyState
GetMessageExtraInfo
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
FindWindowW
GetSystemMenu
EnableMenuItem
FindWindowA
GetAsyncKeyState
SetWindowLongPtrW
SetCursorPos
GetCursorPos
CallWindowProcW
GetForegroundWindow
SendInput
UnhookWindowsHookEx

shell32

ShellExecuteA

msvcp140

_Cnd_signal
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??Bios_base@std@@QEBA_NXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QEBA_NXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_yield
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_sleep
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?classic@locale@std@@SAAEBV12@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_broadcast
_Cnd_wait
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
_Cnd_register_at_thread_exit
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_unregister_at_thread_exit
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ

winmm

timeGetTime

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memset
__std_type_info_destroy_list
__intrinsic_setjmp
__current_exception_context
strrchr
longjmp
memchr
__RTDynamicCast
memcmp
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strstr
__C_specific_handler
strchr
_CxxThrowException
memmove
memcpy

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_errno
_seh_filter_dll
strerror
system
__sys_nerr
exit
abort
__sys_errlist
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

roundf
sinf
fmodf
powf
logf
ceilf
floorf
_finite
_isnan
cosf
_fdopen
llround
round
_ldsign
_dsign
_fdsign
_dclass
_fdclass
_ldclass
pow
ldexp
atan2f
acosf
sqrtf
tan
frexp
sqrt
floor
sin
acos
asin
atan2
ceil
cos
exp
fmod
log
log10

api-ms-win-crt-string-l1-1-0

strncpy
_strdup
_stricmp
isdigit
isalnum
strcpy_s
strspn
strcmp
strcspn
isalpha
isupper
tolower
strcoll
islower
toupper
isblank
isxdigit
isspace
ispunct
isgraph
iscntrl
strpbrk
strncmp

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtod
strtoul
strtol
wcstombs
atof
_ecvt_s
atoi

api-ms-win-crt-stdio-l1-1-0

fsetpos
__stdio_common_vsprintf_s
fgetpos
fgets
_ftelli64
_wfopen_s
tmpnam
_fseeki64
fwrite
fclose
_get_stream_buffer_pointers
__stdio_common_vsprintf
tmpfile
fputs
_pclose
clearerr
fgetc
ungetc
ferror
getc
freopen
_fileno
_close
_popen
_open
fputc
fopen
feof
ftell
fflush
__acrt_iob_func
setvbuf
__stdio_common_vsscanf
_wfopen
__stdio_common_vfprintf
fseek
fread

api-ms-win-crt-filesystem-l1-1-0

remove
_fstat64
rename
_lock_file
_access
_unlock_file
_unlink
_stat64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_difftime64
_time64
_mktime64
_gmtime64
clock

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9aa2106b22a565066bb38bf14aa0ad8f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

ws2_32

advapi32

crypt32

bcrypt

kernel32

user32

shell32

msvcp140

winmm

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 11.2MB - Virtual size: 11.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 219KB - Virtual size: 653KB

.pdata Size: 340KB - Virtual size: 339KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 11.2MB - Virtual size: 11.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 219KB - Virtual size: 653KB

.pdata
Size: 340KB - Virtual size: 339KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 32KB - Virtual size: 32KB