xdlolxd[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xdlolxd.rar
Size

150KB
MD5

1e12b0bfa5baccd97a6f9ca1e8844cdc
SHA1

2dbb61c1a742889eb7533f8cc8aa318a45d7794c
SHA256

5b14bba6b298c90e5cf89dd2d74cebaf8ad9c0f2c590ff53ac192cbbc423731a
SHA512

110b4d17566d5b32485aa199383ee992c65b78fd81bfb9a091c445c2606a310002707243a03f60c013529847a25c90b581f599dbf1238c4d0ed96bc3cb323ebd
SSDEEP

3072:1efR/A/1RxYp61okmo3oNIM+pxFNDz2FGKB3CmKyKctT/fcT:1efO/1ROpiTf3NM+32FXBymictDET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yuyu/yuyu external.exe

Files

xdlolxd.rar
.rar
yuyu/imgui.ini
yuyu/yuyu external.exe
.exe windows:6 windows x64 arch:x64

c84088f501b7e245cb9dafed3575a9e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\hgh50\Downloads\External-ImGui-Base-master\External-ImGui-Base-master\x64\Release\External ImGui Base.pdb

Imports

kernel32

GetCurrentProcessId
WideCharToMultiByte
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Process32First
Module32Next
Module32First
CreateToolhelp32Snapshot
MultiByteToWideChar
CreateThread
OpenProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReadProcessMemory
K32GetModuleFileNameExA
CloseHandle
Sleep
GetProcessId
Process32Next
GetCurrentProcess

user32

ScreenToClient
GetCapture
IsChild
TrackMouseEvent
SetCapture
SetCursor
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindowThreadProcessId
GetWindow
DispatchMessageA
GetWindowRect
CreateWindowExA
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
GetClientRect
SetFocus
LoadCursorA
DestroyWindow
SetWindowPos
GetClassNameA
LoadIconA
DefWindowProcA
GetForegroundWindow
GetWindowTextA
ClientToScreen
SetWindowLongA
GetAsyncKeyState
ShowWindow
TranslateMessage

msvcp140

?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?_Throw_Cpp_error@std@@YAXH@Z

d3d9

Direct3DCreate9Ex

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
__C_specific_handler
memcpy
memcmp
memchr
__current_exception_context
__current_exception
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_set_app_type
_crt_atexit
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
_set_fmode
fseek
fclose
fflush
__p__commode
ftell
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
_stricmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
ceilf
cosf
fmodf
__setusermatherr
acosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c84088f501b7e245cb9dafed3575a9e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

d3d9

dwmapi

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 188B

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 188B