ImGui Loader base[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ImGui Loader base.exe
Size

956KB
MD5

a4ff161d3b5bf3a40c5824f1872df7c5
SHA1

be7a406408c6dd617cbb2dade22908eb722f20cc
SHA256

5c8947366c380650434aeac239b8544196da918890880aae1805440c653d9b41
SHA512

3622c3e667ba29eb9662c85ed35ff4854449dd8c7abf7551f63cf0a82519eae0e0a69f4ae40722bff33f7a61a73a175dfc620e413fb8dad49b46f2cf29441391
SSDEEP

24576:Mlqwg67Z1j5/jIal0Kl5uKkI/+NGWnUG:Ij1jA00kGNXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ImGui Loader base.exe

Files

ImGui Loader base.exe
.exe windows:6 windows x64 arch:x64

27f63668fcf721c25947879966b48840

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\jvall\Downloads\fixed_loader\fixed loader\agagna3\KeyAuth-ImGui-main\x64\Release\ImGui Loader base.pdb

Imports

kernel32

GetLocaleInfoEx
FindClose
FindFirstFileW
GetFileSizeEx
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
GetLastError
EnterCriticalSection
LocalFree
AreFileApisANSI
CreateFileA
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
CloseHandle
WaitForMultipleObjects
PeekNamedPipe
ReadFile
Sleep
QueryPerformanceCounter
VerifyVersionInfoW
FreeLibrary
VerSetConditionMask
HeapAlloc
GetFileAttributesExW
GetCurrentProcessId
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
CreateThread
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
HeapDestroy
GetCurrentThreadId
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
CreateFileW

user32

PeekMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
GetWindowRect
PostQuitMessage
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
UnregisterClassA
GetClientRect
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW

gdi32

GetDeviceCaps

shell32

SHCreateDirectoryExA
ShellExecuteA
SHGetFolderPathA

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

urlmon

URLDownloadToFileA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3d9

Direct3DCreate9

normaliz

IdnToAscii

wldap32

ord26
ord27
ord32
ord200
ord35
ord301
ord79
ord22
ord33
ord30
ord143
ord217
ord46
ord41
ord50
ord45
ord60
ord211

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
bind
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
closesocket
ntohl
__WSAFDIsSet
WSAGetLastError
select
getaddrinfo
gethostname
sendto
freeaddrinfo
recvfrom
recv
send

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
strrchr
memset
memmove
memcpy
__current_exception_context
memchr
_CxxThrowException
strchr
strstr
__std_terminate
__std_exception_copy
__current_exception
memcmp
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
realloc
_set_new_mode
_callnewh

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64
_localtime64_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_write
_close
_read
__p__commode
fopen
fputc
_pclose
fgets
__stdio_common_vsprintf_s
ftell
__acrt_iob_func
fflush
fclose
fseek
__stdio_common_vsscanf
fread
fwrite
_wfopen
_open
_lseeki64
__stdio_common_vsprintf
feof
_popen
fputs

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtod
strtol
strtoull
atoi

api-ms-win-crt-string-l1-1-0

strpbrk
tolower
strncmp
strcmp
strcspn
strncpy
strcat_s
strspn
_strdup
isupper

api-ms-win-crt-runtime-l1-1-0

abort
_configure_narrow_argv
_initialize_narrow_environment
_wassert
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_invalid_parameter_noinfo_noreturn
_errno
system
_cexit
terminate
_seh_filter_exe
strerror
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
_set_app_type
_get_narrow_winmain_command_line
_beginthreadex
_initterm
_getpid
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

ceilf
sqrtf
acosf
fmodf
cosf
__setusermatherr
sinf
_dclass

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_stat64
_fstat64

advapi32

ConvertSidToStringSidA
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
OpenProcessToken

Sections

.text
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27f63668fcf721c25947879966b48840

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

msvcp140

urlmon

imm32

d3d9

normaliz

wldap32

crypt32

ws2_32

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

advapi32

Sections

.text Size: 736KB - Virtual size: 736KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 736KB - Virtual size: 736KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB