C:\Users\Fortn\Downloads\ImGui-Loader-main\ImGui-Loader-main\x64\Release\ImGui Loader base.pdb
General
-
Target
VIP_Loader.rar
-
Size
3.8MB
-
MD5
2371092cee31b6e87609aef458ad94a9
-
SHA1
29141397a2f48896766252f6a4d3529e048fdd75
-
SHA256
289a1b542cb6609dba778e3152783936b3ab19be70c4f034935bea9186abcaff
-
SHA512
9b3070ca036d794afdb1cff7c5919e75e1ae748c00a2a9d7e06309cebb1673ba05f0c379f94496032d1b4ceb86c3dbd04ee206ae904dce46b6e925d3f1b743ef
-
SSDEEP
98304:GlIZyHy8epKsooSY1WsfWuM8k89ZUnt+3jfdT4CM:LZwdgKsRDOuMQWt8j1W
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/VIP Loader/applecleaner.exe themida -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/VIP Loader/VIP_exp.exe unpack001/VIP Loader/applecleaner.exe
Files
-
VIP_Loader.rar.rar
-
VIP Loader/VIP_exp.exe.exe windows:6 windows x64 arch:x64
1724d6d86570a791e78745c30c07543b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
GlobalUnlock
GlobalFree
CloseHandle
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleA
WideCharToMultiByte
GlobalLock
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
MultiByteToWideChar
AreFileApisANSI
Sleep
LocalFree
user32
SetWindowLongA
GetDesktopWindow
BlockInput
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
UpdateWindow
MessageBoxA
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
GetWindowLongW
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
UnregisterClassA
RegisterClassExA
ReleaseCapture
gdi32
GetDeviceCaps
msvcp140
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1_Lockit@std@@QEAA@XZ
d3d9
Direct3DCreate9
wininet
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
urlmon
URLDownloadToFileA
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
memchr
memcmp
memcpy
api-ms-win-crt-stdio-l1-1-0
fread
fsetpos
ungetc
ftell
setvbuf
fgetpos
fwrite
_fseeki64
fseek
_wfopen
fgetc
__stdio_common_vsprintf
__stdio_common_vsscanf
fclose
fflush
__acrt_iob_func
__p__commode
fputc
_set_fmode
_get_stream_buffer_pointers
api-ms-win-crt-heap-l1-1-0
malloc
free
_callnewh
_set_new_mode
api-ms-win-crt-utility-l1-1-0
rand
qsort
srand
api-ms-win-crt-filesystem-l1-1-0
remove
_unlock_file
_lock_file
api-ms-win-crt-runtime-l1-1-0
_initterm_e
terminate
_exit
abort
_register_thread_local_exe_atexit_callback
exit
_initterm
_wassert
_seh_filter_exe
_get_narrow_winmain_command_line
_initialize_narrow_environment
system
_configure_narrow_argv
_crt_atexit
_set_app_type
_c_exit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-string-l1-1-0
strcmp
strncpy
strncmp
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
sqrtf
ceilf
__setusermatherr
sinf
cosf
acosf
Sections
.text Size: 369KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VIP Loader/applecleaner.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 60KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 13KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ