VmxWoofPatchedbyflxxdz[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

VmxWoofPatchedbyflxxdz.rar
Size

8.1MB
MD5

7258fe28517d39f28de1c159af43ae9e
SHA1

a4cf4ea9b9712fc89dff17bf5d2ad0686c3538fb
SHA256

23ae7a274402b9b76202ff3db70b42672e29c7191ed05cd657941906ebb12dd9
SHA512

57a27c150c5d11d869f6c7d49ded64d8d8332e5554e192f9c27e565d42da90b991c5eb8823b7637853e2be1c7031a1275c6c8e93808a3f63769279453faa04d7
SSDEEP

196608:U0F3/4IPFg2x7m27rQ89NWKv+26bxDtHhwLSp:lFBPFnmKjubxBHeLSp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Patchedbyflxxdz/gg.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Patchedbyflxxdz/gg.exe
unpack001/Patchedbyflxxdz/libcurl.dll
unpack001/Patchedbyflxxdz/zlib1.dll

Files

VmxWoofPatchedbyflxxdz.rar
.rar
Patchedbyflxxdz/gg.exe
.exe windows:6 windows x64 arch:x64

6f43251188ad951090a515b5cc6fbb15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges
RegCloseKey
LookupPrivilegeValueA
GetUserNameA
OpenProcessToken
RegOpenKeyExW
ConvertSidToStringSidW
RegQueryValueExW
GetTokenInformation
LookupPrivilegeValueW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

kernel32

FormatMessageW
GetLastError
SetEvent
GetCurrentThread
TerminateThread
CloseHandle
FreeConsole
QueueUserAPC
LocalFree
DeleteCriticalSection
SleepEx
FormatMessageA
CreateIoCompletionPort
GetExitCodeProcess
InterlockedPushEntrySList
SetFileInformationByHandle
GetFullPathNameW
CreateFileW
GetLocaleInfoEx
EnterCriticalSection
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
Sleep
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
DeviceIoControl
CreateFileA
LoadLibraryExA
VirtualAlloc
VirtualFree
K32GetModuleFileNameExW
LoadLibraryW
GetModuleHandleW
GetSystemTimeAsFileTime
RaiseException
GetFileAttributesW
GetEnvironmentVariableW
CreateEventW
PostQueuedCompletionStatus
WaitForSingleObject
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
LeaveCriticalSection
GetFileInformationByHandleEx
GlobalLock
GlobalFree
AreFileApisANSI
GlobalAlloc
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SetThreadPriority
WaitForMultipleObjects
UnhandledExceptionFilter
GetCurrentProcess
HeapFree
GetProcessHeap
GetTempPathW
TerminateProcess
HeapAlloc

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Thrd_join
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo

shell32

ShellExecuteExA

user32

UnregisterClassW
RegisterClassExW
CreateWindowExW
MessageBoxA
MoveWindow
DefWindowProcA
TranslateMessage
SendMessageA
SetWindowPos
DestroyWindow
GetWindowRect
DispatchMessageA
LoadImageA
UpdateWindow
ShowWindow
GetKeyState
LoadCursorA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
PeekMessageA
GetDesktopWindow
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture
SetCursorPos
PostQuitMessage
GetCursorPos

vcruntime140

__current_exception_context
__current_exception
memset
memcpy
memcpy
_CxxThrowException
_purecall
__C_specific_handler
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memcmp
memchr
__std_type_info_compare

vcruntime140_1

__CxxFrameHandler4

ws2_32

WSAStartup
setsockopt
WSACleanup
closesocket
WSASend
select
htonl
WSASetLastError
WSAStringToAddressW
WSASocketW
ioctlsocket
htons
WSAGetLastError
connect
WSARecv
getsockopt
htonl

ucrtbase

wcstol
getenv
_unlock_file
_mkdir
_lock_file
free
malloc
_set_new_mode
_callnewh
localeconv
___lc_codepage_func
_configthreadlocale
ceilf
sinf
cosf
__setusermatherr
acosf
_dsign
fmodf
sqrtf
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_wassert
_Exit
_initterm_e
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
_set_app_type
_invalid_parameter_noinfo_noreturn
exit
_seh_filter_exe
_cexit
abort
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
_errno
terminate
system
_invalid_parameter_noinfo
_beginthreadex
_register_onexit_function
__p___argc
fputc
fsetpos
_fseeki64
ungetc
setvbuf
_get_stream_buffer_pointers
ftell
__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fgetc
__stdio_common_vfprintf
fseek
fclose
fgetpos
iswspace
_stricmp
wcscat_s
strncmp
strncpy
strcmp
rand
qsort

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

dbghelp

ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader

dwmapi

DwmExtendFrameIntoClientArea

libcurl

curl_easy_cleanup
curl_easy_setopt
curl_easy_perform
curl_global_cleanup
curl_easy_strerror
curl_easy_init
curl_global_init

ntdll

RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlInitAnsiString

combase

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

ole32

PropVariantClear

Sections

.text
Size: 454KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 381KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Patchedbyflxxdz/imgui.ini
Patchedbyflxxdz/libcurl.dll
.dll windows:6 windows x64 arch:x64

9a4ddbe07217dde8376bb7c577388155

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb

Imports

ws2_32

htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
__WSAFDIsSet
listen
accept
gethostname
freeaddrinfo
getaddrinfo
inet_ntop
WSAIoctl
WSASetLastError
select
WSAStartup
WSACleanup
recvfrom
sendto
socket
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket
WSACloseEvent
inet_pton
getsockopt
setsockopt
recv
ntohs
htons

zlib1

inflateInit_
inflateInit2_
zlibVersion
inflate
inflateEnd

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

bcrypt

BCryptGenRandom

kernel32

GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExW
LoadLibraryW
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
Sleep
CreateFileW
MultiByteToWideChar
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strstr
wcschr
memcmp
memmove
memchr
strrchr
strchr
memset
memcpy

api-ms-win-crt-string-l1-1-0

wcspbrk
strpbrk
strspn
wcsncmp
_strdup
strncmp
strcspn
wcsncpy
_wcsdup
strcmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputs
__stdio_common_vsscanf
_read
fflush
ftell
fclose
__stdio_common_vsprintf
fputc
feof
_fileno
fgets
_wopen
_wfopen
_fseeki64
fread
_lseeki64
_write
fwrite
fseek
_close

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
wcstombs
strtol
atoi

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-runtime-l1-1-0

_errno
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
__sys_nerr
__sys_errlist

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_waccess
_unlink
_wstat64
_fstat64

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
calloc

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Patchedbyflxxdz/zlib1.dll
.dll windows:6 windows x64 arch:x64

d879d2294039900ef484e0f01607f882

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memchr
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

_wopen
_write
_read
_close
__stdio_common_vsprintf
_open
_lseeki64

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_errno
strerror
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit

kernel32

DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f43251188ad951090a515b5cc6fbb15

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

imm32

kernel32

msvcp140

oleaut32

shell32

user32

vcruntime140

vcruntime140_1

ws2_32

ucrtbase

d3d9

d3dx9_43

dbghelp

dwmapi

libcurl

ntdll

combase

ole32

Sections

.text Size: 454KB - Virtual size: 456KB

Size: 381KB - Virtual size: 392KB

Size: 40KB - Virtual size: 124KB

Size: 23KB - Virtual size: 24KB

Size: 11KB - Virtual size: 12KB

Size: 2KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.themida Size: 6.8MB - Virtual size: 6.8MB

.boot Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 12KB - Virtual size: 12KB

9a4ddbe07217dde8376bb7c577388155

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

zlib1

advapi32

crypt32

bcrypt

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 388KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 10KB - Virtual size: 11KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

d879d2294039900ef484e0f01607f882

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 454KB - Virtual size: 456KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.themida
Size: 6.8MB - Virtual size: 6.8MB

.boot
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 12KB - Virtual size: 12KB

.text
Size: 388KB - Virtual size: 388KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 10KB - Virtual size: 11KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 108B