C:\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb
General
-
Target
VMX.rar
-
Size
12.7MB
-
MD5
1f6a62e9d95531bcb4bde4368180c5e8
-
SHA1
9c7da26843d8920375d4703cc97a8189e02575f7
-
SHA256
f19ab2c1ac41df09b45bb4aadad3b95f94285542c1bc11d378975c5cb0476e74
-
SHA512
7766798604fdfa90cd8bd6ce5d713d1e981b34788191a7149b28a9afd54f8767ced56610d2f44e8cd265dc7e8f390780a65e5f7944f2f443de897734dc2b71c5
-
SSDEEP
393216:3td4OpDTUhzkbJG+kccLXm50+tB1s9gUbnsz:9+qDTLdaXt+q9Vbsz
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/VMX/VMX.exe themida -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/VMX/VMX.exe unpack001/VMX/libcurl.dll unpack001/VMX/zlib1.dll
Files
-
VMX.rar.rar
-
VMX/VMX.exe.exe windows:6 windows x64 arch:x64
96577e9aa9185e1ad6e7bb3e0ae36590
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegQueryValueExA
imm32
ImmSetCompositionWindow
kernel32
FormatMessageW
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
msvcp140
??1_Lockit@std@@QEAA@XZ
oleaut32
GetErrorInfo
shell32
ShellExecuteExA
user32
UnregisterClassW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
vcruntime140
__current_exception_context
vcruntime140_1
__CxxFrameHandler4
ws2_32
WSAStartup
ucrtbase
wcstol
getenv
_unlock_file
free
localeconv
ceilf
__p___argv
fputc
iswspace
rand
d3d9
Direct3DCreate9
d3dx9_43
D3DXCreateTextureFromFileInMemory
dbghelp
ImageRvaToVa
dwmapi
DwmExtendFrameIntoClientArea
libcurl
curl_easy_cleanup
ntdll
RtlInitUnicodeString
combase
CoCreateGuid
CoTaskMemAlloc
ole32
PropVariantClear
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 456KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: - Virtual size: 392KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.imports Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp1 Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
.SCY Size: - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp2 Size: - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp3 Size: 12.8MB - Virtual size: 12.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
VMX/imgui.ini
-
VMX/libcurl.dll.dll windows:6 windows x64 arch:x64
9a4ddbe07217dde8376bb7c577388155
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
__WSAFDIsSet
listen
accept
gethostname
freeaddrinfo
getaddrinfo
inet_ntop
WSAIoctl
WSASetLastError
select
WSAStartup
WSACleanup
recvfrom
sendto
socket
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket
WSACloseEvent
inet_pton
getsockopt
setsockopt
recv
ntohs
htons
zlib1
inflateInit_
inflateInit2_
zlibVersion
inflate
inflateEnd
advapi32
CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
crypt32
CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain
bcrypt
BCryptGenRandom
kernel32
GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExW
LoadLibraryW
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
Sleep
CreateFileW
MultiByteToWideChar
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
vcruntime140
__std_type_info_destroy_list
__C_specific_handler
strstr
wcschr
memcmp
memmove
memchr
strrchr
strchr
memset
memcpy
api-ms-win-crt-string-l1-1-0
wcspbrk
strpbrk
strspn
wcsncmp
_strdup
strncmp
strcspn
wcsncpy
_wcsdup
strcmp
strncpy
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
fputs
__stdio_common_vsscanf
_read
fflush
ftell
fclose
__stdio_common_vsprintf
fputc
feof
_fileno
fgets
_wopen
_wfopen
_fseeki64
fread
_lseeki64
_write
fwrite
fseek
_close
api-ms-win-crt-convert-l1-1-0
strtoul
strtoll
wcstombs
strtol
atoi
api-ms-win-crt-time-l1-1-0
_time64
strftime
_gmtime64
api-ms-win-crt-runtime-l1-1-0
_errno
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
__sys_nerr
__sys_errlist
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-filesystem-l1-1-0
_waccess
_unlink
_wstat64
_fstat64
api-ms-win-crt-heap-l1-1-0
malloc
realloc
free
calloc
api-ms-win-crt-math-l1-1-0
_fdopen
Exports
Exports
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send
Sections
.text Size: 388KB - Virtual size: 388KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VMX/zlib1.dll.dll windows:6 windows x64 arch:x64
d879d2294039900ef484e0f01607f882
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb
Imports
vcruntime140
__std_type_info_destroy_list
__C_specific_handler
memmove
memchr
memset
memcpy
api-ms-win-crt-stdio-l1-1-0
_wopen
_write
_read
_close
__stdio_common_vsprintf
_open
_lseeki64
api-ms-win-crt-heap-l1-1-0
malloc
free
api-ms-win-crt-convert-l1-1-0
wcstombs
api-ms-win-crt-runtime-l1-1-0
_errno
strerror
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
kernel32
DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Exports
Exports
adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ