xenia_canary[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xenia_canary.exe
Size

9.6MB
MD5

5a0ee2f10217e38ecb1c90095c159202
SHA1

6d0c8aed2bafe71a95b7fd29df8e9f6a85750e81
SHA256

a95c115afdba7e41f3dde4d05f7aa5be01c273f65ef8f63accdbb8947db7c9a7
SHA512

f21e293e9ea932c7b0556aaafb65f33f2614e4b909355ba6fcf99d6b3378b9ad4ee492d71820823f9206b469ac4d51b4edbe2e842f119105e2f22e801f1d2a10
SSDEEP

49152:9WO8b5UpkG7PrpbK/6foDRUZDeci/Nr4to4nLtEHFelMZ703t0TN5q1H4iQvNMrM:UTOzr8qmItEl0GN5yqBiZ5ccA4lvCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xenia_canary.exe

Files

xenia_canary.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ad34328af473e30044eec711fd7deb7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\xenia-canary\xenia-canary\build\bin\Windows\Release\xenia_canary.pdb

Imports

kernel32

SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SetUnhandledExceptionFilter
FormatMessageA
GetProcAddress
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoA
GetSystemPowerStatus
CompareStringA
GetModuleHandleExW
LoadLibraryExW
SetThreadExecutionState
GlobalMemoryStatusEx
VerifyVersionInfoW
GetOverlappedResult
CreateFileA
FormatMessageW
WaitForSingleObject
CancelIo
InitializeConditionVariable
GetEnvironmentVariableA
ReleaseSemaphore
MulDiv
GetTickCount
Process32Next
CreateToolhelp32Snapshot
Process32First
OutputDebugStringW
SetErrorMode
GetFileSizeEx
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
LoadLibraryA
VirtualAlloc
VirtualFree
RemoveVectoredContinueHandler
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
GetFileSize
GetSystemInfo
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetEnvironmentVariableA
K32GetModuleInformation
GetCurrentThread
GetLastError
GetModuleHandleA
GetCurrentProcess
WriteProcessMemory
GetConsoleMode
GetModuleFileNameA
ExitProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
FlushInstructionCache
VirtualProtect
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteTimerQueueTimer
GlobalAddAtomW
GlobalDeleteAtom
CreateTimerQueueTimer
GetThreadContext
GetSystemTimeAsFileTime
AllocConsole
AttachConsole
GetStdHandle
FreeLibrary
LocalFree
LoadLibraryW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
CreateFileW
FindClose
SetEndOfFile
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
IsDebuggerPresent
TlsGetValue
SleepEx
CreateSemaphoreW
GetModuleHandleW
GetThreadId
QueueUserAPC
CreateThread
RaiseException
CloseHandle
GetThreadPriority
TlsAlloc
WaitForSingleObjectEx
TerminateThread
Sleep
CreateEventW
CancelWaitableTimer
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
GetCurrentThreadId
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetProcessAffinityMask
TlsSetValue
SetWaitableTimer
SetThreadAffinityMask
OutputDebugStringA
WriteConsoleW

user32

EnumDisplayDevicesW
EnumDisplaySettingsW
GetDoubleClickTime
IsIconic
GetClassInfoExW
KillTimer
ClipCursor
GetUpdateRect
IsRectEmpty
GetForegroundWindow
GetClipCursor
TrackMouseEvent
GetRawInputData
PeekMessageW
SetTimer
UnregisterClassW
GetSystemMetrics
CallNextHookEx
GetPropW
GetMenu
GetWindowRect
CallWindowProcW
GetMessageExtraInfo
RegisterClassExA
UnregisterDeviceNotification
UnregisterClassA
CreateWindowExA
RegisterDeviceNotificationW
RegisterWindowMessageA
GetDesktopWindow
SystemParametersInfoW
DrawTextW
GetDlgItem
SystemParametersInfoA
DialogBoxIndirectParamW
EndDialog
GetRawInputDeviceList
GetRawInputDeviceInfoA
PostThreadMessageW
RegisterRawInputDevices
SetCursorPos
CreateIconIndirect
CopyImage
GetWindowTextW
SetForegroundWindow
MessageBoxW
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
CreateMenu
EnableMenuItem
AppendMenuW
GetMenuInfo
ChangeDisplaySettingsExW
SetWindowLongW
SetCursor
EnumDisplayMonitors
DrawMenuBar
LoadCursorW
LoadIconW
SetPropW
SetFocus
DestroyMenu
SetMenu
ValidateRect
SetMenuInfo
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
DestroyIcon
GetCapture
ShowWindow
GetClassLongPtrW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
MonitorFromWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
CreateIconFromResourceEx
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
GetMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
PtInRect
GetParent
FlashWindowEx
SetWindowsHookExW
IntersectRect
SetLayeredWindowAttributes
UnhookWindowsHookEx
CreateIconFromResource
AttachThreadInput
IsClipboardFormatAvailable
GetClipboardSequenceNumber
SetCapture
MonitorFromPoint
MapVirtualKeyW
MessageBoxA
GetClientRect
RegisterClassW
GetKeyboardState
RemovePropW
SetActiveWindow
MonitorFromRect
GetWindowTextLengthW
GetWindowThreadProcessId
SetWindowRgn
ToUnicode
GetKeyboardLayout

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegGetValueW

ole32

CLSIDFromString
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoUninitialize

ntdll

RtlCaptureStackBackTrace
RtlCaptureContext
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
RtlDeleteFunctionTable

dwmapi

DwmSetWindowAttribute

shlwapi

ord219

dxgi

CreateDXGIFactory1

winmm

waveOutGetErrorTextW
waveOutGetDevCapsW
waveInGetNumDevs
waveInReset
waveInUnprepareHeader
waveOutWrite
waveOutGetNumDevs
waveOutClose
waveInGetDevCapsW
waveOutReset
waveInOpen
PlaySoundW
timeBeginPeriod
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutOpen
waveInPrepareHeader
timeEndPeriod
waveOutUnprepareHeader
waveInClose

wsock32

listen
getsockname
send
__WSAFDIsSet
socket
connect
recvfrom
recv
getsockopt
sendto
inet_ntoa
ntohl
setsockopt
closesocket
bind
WSAStartup
accept
ioctlsocket
htonl
WSAGetLastError
shutdown
select

bcrypt

BCryptDestroyKey
BCryptGenRandom
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptEncrypt

imm32

ImmNotifyIME
ImmSetCompositionStringW
ImmAssociateContext
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmGetCandidateListW
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

msvcp140

?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
_Mtx_trylock
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Thrd_hardware_concurrency
_Mtx_current_owns
_Cnd_timedwait
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
_Mbrtowc
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Thrd_yield
_Query_perf_frequency
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
?id@?$numpunct@D@std@@2V0locale@2@A
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_signal
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??0ctype_base@std@@QEAA@_K@Z
??1ctype_base@std@@UEAA@XZ
_Toupper
_Tolower
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Cnd_init_in_situ
?id@?$numpunct@_W@std@@2V0locale@2@A

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__current_exception_context
__current_exception
strrchr
__std_type_info_compare
strstr
__RTtypeid
__std_type_info_name
__C_specific_handler
strchr
__std_terminate
memchr
memcpy
memcmp
memmove
_purecall
_CxxThrowException
__std_exception_copy
__RTDynamicCast
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fopen
fputc
_open_osfhandle
freopen_s
__p__commode
fwrite
_ftelli64
_set_fmode
__stdio_common_vswprintf
fputs
__stdio_common_vfprintf
ftell
fseek
fgetpos
fopen_s
ferror
fgets
_wfopen
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
fflush
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fclose
__acrt_iob_func
_isatty
__stdio_common_vsnprintf_s
_fileno
setvbuf
_chsize_s
fgetc
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_aligned_free
_set_new_mode
_callnewh
realloc
free
calloc
malloc
_aligned_realloc
_aligned_malloc

api-ms-win-crt-math-l1-1-0

frexp
cosh
exp
llrint
log
acos
sin
sinh
asin
atan
tan
__setusermatherr
fabs
log2f
exp2f
tanh
hypot
_dclass
atan2
pow
sqrt
sinf
_dsign
fminf
roundf
_fdclass
scalbnf
_ldclass
acosf
asinf
lround
round
trunc
_copysign
truncf
atan2f
exp2
ldexp
atanf
scalbn
cosf
expf
lroundf
fmod
fmodf
_fdopen
log10
log10f
logf
powf
_fdsign
_ldsign
log2
nanf
sqrtf
tanf
cos

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
wcstombs
strtoull
atoi
strtod
atof
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

exit
_crt_atexit
abort
strerror
terminate
_beginthreadex
quick_exit
_cexit
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wpgmptr
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_errno
_register_thread_local_exe_atexit_callback
signal
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-time-l1-1-0

asctime
_localtime64
_mkgmtime64
_time64
_gmtime64
_mktime64
clock

api-ms-win-crt-string-l1-1-0

isupper
isalpha
isxdigit
isalnum
iscntrl
ispunct
isdigit
islower
toupper
strspn
isprint
strcmp
_wcsnicmp
_wcsicmp
_strrev
tolower
isgraph
_stricmp
strncmp
strncpy
isspace
_strnicmp
_strdup
strcspn

api-ms-win-crt-utility-l1-1-0

qsort
bsearch

gdi32

SelectObject
CreateBitmap
DeleteObject
CreateDIBSection
GetDeviceGammaRamp
CreateDCW
SetDeviceGammaRamp
GetICMProfileW
GetTextExtentPoint32A
CreateCompatibleDC
GetTextMetricsW
DeleteDC
GetDeviceCaps
GetStockObject
CreateFontIndirectW
BitBlt
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
CreateCompatibleBitmap
GetDIBits
CreateRectRgn
CombineRgn

shell32

DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
ExtractIconExW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
CM_Get_Device_IDA
CM_Locate_DevNodeA
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleaut32

SysFreeString

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cold
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ad34328af473e30044eec711fd7deb7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ntdll

dwmapi

shlwapi

dxgi

winmm

wsock32

bcrypt

imm32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

gdi32

shell32

setupapi

version

oleaut32

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.cold Size: 42KB - Virtual size: 41KB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 274KB - Virtual size: 5.7MB

.pdata Size: 188KB - Virtual size: 187KB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.cold
Size: 42KB - Virtual size: 41KB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 274KB - Virtual size: 5.7MB

.pdata
Size: 188KB - Virtual size: 187KB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 36KB - Virtual size: 35KB