citra-room[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

citra-room.exe
Size

5.6MB
MD5

f4fd2e661e4a6f0b6f1f1f0fbde88695
SHA1

8fa56dbf9bafce6a743c6e1eddd442b6e80710d9
SHA256

77941df19c07b1e6f1d52e3336c8885cfc7b2b61185070008c5655ffa10673c7
SHA512

4e5d174c744cf336ec76d8b23b6b0b42819681667ea2bd166124ea1f071efca0edceef16f43db6f7ca2cdd81aa15fc6945774472b35002c8e9af2119de68f0f3
SSDEEP

98304:0x5GwnxUKGPF++MMSDf55/XVB+Pehs/0vW8Lu/JvyB5g5vrrMGskWP/lmSFBFKkN:Be+YRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
citra-room.exe

Files

citra-room.exe
.exe windows:6 windows x64 arch:x64

37a26b9a8985d4965906f9a3950ae282

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

kernel32

CloseHandle
CopyFileW
CreateDirectoryW
CreateFileA
CreateFileW
CreateMutexA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadTimes
GetTimeZoneInformation
InitOnceExecuteOnce
InitializeCriticalSection
IsProcessorFeaturePresent
LeaveCriticalSection
LocalFree
MoveFileExA
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
RemoveDirectoryW
SetConsoleMode
SetConsoleTextAttribute
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

libc++

_Unwind_Resume
_ZNKSt11logic_error4whatEv
_ZNKSt13runtime_error4whatEv
_ZNKSt3__110error_code7messageEv
_ZNKSt3__114error_category10equivalentERKNS_10error_codeEi
_ZNKSt3__114error_category10equivalentEiRKNS_15error_conditionE
_ZNKSt3__114error_category23default_error_conditionEi
_ZNKSt3__119__shared_weak_count13__get_deleterERKSt9type_info
_ZNKSt3__123__match_any_but_newlineIcE6__execERNS_7__stateIcEE
_ZNKSt3__16locale4nameEv
_ZNKSt3__16locale9has_facetERNS0_2idE
_ZNKSt3__16locale9use_facetERNS0_2idE
_ZNKSt3__18ios_base6getlocEv
_ZNKSt9exception4whatEv
_ZNSt11logic_errorC2EPKc
_ZNSt11logic_errorC2ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE
_ZNSt12length_errorD0Ev
_ZNSt12length_errorD1Ev
_ZNSt12out_of_rangeD0Ev
_ZNSt12out_of_rangeD1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorC2ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt13runtime_errorD2Ev
_ZNSt16invalid_argumentD0Ev
_ZNSt16invalid_argumentD1Ev
_ZNSt20bad_array_new_lengthC1Ev
_ZNSt20bad_array_new_lengthD1Ev
_ZNSt3__111__call_onceERVmPvPFvS2_E
_ZNSt3__111regex_errorC1ENS_15regex_constants10error_typeE
_ZNSt3__111regex_errorD1Ev
_ZNSt3__111this_thread9sleep_forERKNS_6chrono8durationIxNS_5ratioILx1ELx1000000000EEEEE
_ZNSt3__112__next_primeEy
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcy
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEyc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6assignEyc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertEyPKcy
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6resizeEyc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7replaceEyyPKcy
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7replaceEyyyc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSERKS5_
_ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6appendEyw
_ZNSt3__112system_errorC1ENS_10error_codeEPKc
_ZNSt3__112system_errorC1ENS_10error_codeERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE
_ZNSt3__112system_errorD0Ev
_ZNSt3__112system_errorD1Ev
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE4readEPcx
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE7putbackEc
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev
_ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE3putEc
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5flushEv
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED2Ev
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEj
_ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEy
_ZNSt3__113random_deviceC2ERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE
_ZNSt3__113random_deviceD1Ev
_ZNSt3__113random_deviceclEv
_ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
_ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
_ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED2Ev
_ZNSt3__114error_categoryD2Ev
_ZNSt3__115__get_classnameEPKcb
_ZNSt3__115__thread_structC1Ev
_ZNSt3__115__thread_structD1Ev
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE4syncEv
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5imbueERKNS_6localeE
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5uflowEv
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6setbufEPcx
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsgetnEPcx
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsputnEPKcx
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE7seekoffExNS_8ios_base7seekdirEj
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE7seekposENS_4fposI9_MbstatetEEj
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE8overflowEi
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9pbackfailEi
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9showmanycEv
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9underflowEv
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev
_ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev
_ZNSt3__115recursive_mutex4lockEv
_ZNSt3__115recursive_mutex6unlockEv
_ZNSt3__115recursive_mutexC1Ev
_ZNSt3__115recursive_mutexD1Ev
_ZNSt3__115system_categoryEv
_ZNSt3__116__libcpp_tls_setElPv
_ZNSt3__116generic_categoryEv
_ZNSt3__117iostream_categoryEv
_ZNSt3__118condition_variable10notify_allEv
_ZNSt3__118condition_variable10notify_oneEv
_ZNSt3__118condition_variable15__do_timed_waitERNS_11unique_lockINS_5mutexEEENS_6chrono10time_pointINS5_12system_clockENS5_8durationIxNS_5ratioILx1ELx1000000000EEEEEEE
_ZNSt3__118condition_variable4waitERNS_11unique_lockINS_5mutexEEE
_ZNSt3__119__shared_weak_count14__release_weakEv
_ZNSt3__119__shared_weak_count4lockEv
_ZNSt3__119__shared_weak_countD2Ev
_ZNSt3__119__thread_local_dataEv
_ZNSt3__120__get_collation_nameEPKc
_ZNSt3__120__throw_system_errorEiPKc
_ZNSt3__122__libcpp_thread_createEPPvPFS0_S0_ES0_
_ZNSt3__122__libcpp_thread_isnullEPKPv
_ZNSt3__125notify_all_at_thread_exitERNS_18condition_variableENS_11unique_lockINS_5mutexEEE
_ZNSt3__130__libcpp_thread_get_current_idEv
_ZNSt3__13cinE
_ZNSt3__14coutE
_ZNSt3__14stoiERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEPyi
_ZNSt3__15ctypeIcE2idE
_ZNSt3__15mutex4lockEv
_ZNSt3__15mutex6unlockEv
_ZNSt3__16chrono12steady_clock3nowEv
_ZNSt3__16chrono12system_clock3nowEv
_ZNSt3__16locale5facet16__on_zero_sharedEv
_ZNSt3__16locale5facetD2Ev
_ZNSt3__16localeC1ERKS0_
_ZNSt3__16localeC1Ev
_ZNSt3__16localeD1Ev
_ZNSt3__16thread4joinEv
_ZNSt3__16thread6detachEv
_ZNSt3__16threadD1Ev
_ZNSt3__17codecvtIcc9_MbstatetE2idE
_ZNSt3__17collateIcE2idE
_ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv
_ZNSt3__18ios_base4initEPv
_ZNSt3__18ios_base5clearEj
_ZNSt3__18ios_base7failureC1EPKcRKNS_10error_codeE
_ZNSt3__18ios_base7failureC1ERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEERKNS_10error_codeE
_ZNSt3__18ios_base7failureD0Ev
_ZNSt3__18ios_base7failureD1Ev
_ZNSt3__18ios_base7failureD2Ev
_ZNSt3__18numpunctIcE2idE
_ZNSt3__18numpunctIwE2idE
_ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev
_ZNSt3__19to_stringEi
_ZNSt3__19to_stringEy
_ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_
_ZNSt8bad_castC1Ev
_ZNSt8bad_castD1Ev
_ZNSt9bad_allocC1Ev
_ZNSt9bad_allocC2Ev
_ZNSt9bad_allocD1Ev
_ZNSt9bad_allocD2Ev
_ZNSt9exceptionD2Ev
_ZSt15set_new_handlerPFvvE
_ZSt18uncaught_exceptionv
_ZSt19uncaught_exceptionsv
_ZSt9terminatev
_ZTIPKh
_ZTIPKi
_ZTIPh
_ZTIb
_ZTIh
_ZTIi
_ZTIj
_ZTVN10__cxxabiv116__enum_type_infoE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv119__pointer_type_infoE
_ZTVN10__cxxabiv120__function_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt3__112system_errorE
_ZTVNSt3__113basic_ostreamIcNS_11char_traitsIcEEEE
_ZTVNSt3__18ios_base7failureE
_ZTVSt12length_error
_ZTVSt12out_of_range
_ZTVSt16invalid_argument
_ZThn16_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
_ZThn16_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
_ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev
_ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev
_ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev
_ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev
_ZTv0_n24_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
_ZTv0_n24_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
_ZdaPv
_ZdlPv
_ZdlPvSt11align_val_t
_ZdlPvy
_ZdlPvySt11align_val_t
_Znay
_Znwy
_ZnwySt11align_val_t
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_seh0

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
mbstowcs
strtod
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-private-l1-1-0

__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove
strchr
strrchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_chsize_s
_close
_dup
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_isatty
_open
_read
_wfsopen
_write
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
ungetc

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
_strnicmp
isalnum
isalpha
isspace
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strspn
tolower
toupper
wcslen

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceilf
exp2
log
pow

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_wgetcwd

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_time64
_tzset
clock

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst64
_findnext64
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_wchdir
_wrename
_wstat64

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

WSACleanup
WSAGetLastError
WSARecvFrom
WSASendTo
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket

api-ms-win-crt-utility-l1-1-0

qsort
rand
rand_s

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

bcrypt

BCryptGenRandom

Exports

Exports

_ZN5boost13serialization16singleton_module4lockEv
_ZN5boost13serialization16singleton_module6unlockEv
_ZN5boost13serialization16singleton_module8get_lockEv
_ZN5boost13serialization16singleton_module9is_lockedEv
_ZZN5boost13serialization16singleton_module8get_lockEvE4lock

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/42
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/53
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37a26b9a8985d4965906f9a3950ae282

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

libc++

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

shell32

ole32

ws2_32

api-ms-win-crt-utility-l1-1-0

crypt32

winmm

advapi32

bcrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 983KB - Virtual size: 982KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 29KB - Virtual size: 55KB

.pdata Size: 82KB - Virtual size: 82KB

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 364KB - Virtual size: 363KB

.reloc Size: 51KB - Virtual size: 50KB

/4 Size: 17KB - Virtual size: 16KB

/18 Size: 130KB - Virtual size: 130KB

/30 Size: 50KB - Virtual size: 49KB

/42 Size: 120KB - Virtual size: 120KB

/53 Size: 8KB - Virtual size: 8KB

/67 Size: 97KB - Virtual size: 97KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 983KB - Virtual size: 982KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 29KB - Virtual size: 55KB

.pdata
Size: 82KB - Virtual size: 82KB

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 364KB - Virtual size: 363KB

.reloc
Size: 51KB - Virtual size: 50KB

/4
Size: 17KB - Virtual size: 16KB

/18
Size: 130KB - Virtual size: 130KB

/30
Size: 50KB - Virtual size: 49KB

/42
Size: 120KB - Virtual size: 120KB

/53
Size: 8KB - Virtual size: 8KB

/67
Size: 97KB - Virtual size: 97KB