Dx12ImguiExample[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Dx12ImguiExample.exe
Size

3.6MB
MD5

7723e396293ab1378e6fd61bdb50bc52
SHA1

27696c3c8d9307e4e124e6e9be9a13ee773b8ec4
SHA256

8027bbfe846b93242e5441cbf4f0b13a9812f6edf0bbefc93bc33045c53de552
SHA512

3deaf1c0f440b9fc0a8d934fd6163e0df3dd85976c8689bd3a6bb9a80a3545d1e0610a68002e7ca7e6927216ae3c39598d1720405b2c2213689071638020cde9
SSDEEP

49152:BETUjG/iAEunyNQ2h/qNwffAj3g/bTqSk6y0Ervg/4nwhqmhtHfm8vTeTlDR/7rP:BEIjB/lgQ/6SkE5lO8vGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dx12ImguiExample.exe

Files

Dx12ImguiExample.exe
.exe windows:6 windows x64 arch:x64

226c89e40fb815d52aec616632a35b4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

FindFirstFileW
FindClose
OutputDebugStringW
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
Sleep
IsProcessorFeaturePresent
GlobalAddAtomA
GetLastError
CreateDirectoryA
GlobalFindAtomA
SetUnhandledExceptionFilter
VirtualFree
DeviceIoControl
VirtualAlloc
GetFileInformationByHandleEx
AreFileApisANSI
GetThreadContext
LoadLibraryW
GetCurrentThread
QueryFullProcessImageNameA
MapViewOfFile
IsDebuggerPresent
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
QueryFullProcessImageNameW
GetModuleFileNameA
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
CreateFileMappingW
CreateFileW
GetCurrentThreadId
HeapReAlloc
GetModuleHandleA
CloseHandle
GetProcAddress
GetCurrentProcessId
GetTempPathW
MultiByteToWideChar
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GlobalAlloc
GlobalFree
HeapAlloc
GetFileAttributesExW
CreateFileA
GlobalLock
WideCharToMultiByte
GlobalUnlock
VirtualProtect
SetLastError
OpenProcess
GetModuleHandleW
GetCurrentProcess
TerminateProcess
UnmapViewOfFile
HeapDestroy

user32

GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
GetCursorPos
MessageBoxW
MessageBoxA
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
LoadCursorW
ReleaseCapture
SetClipboardData
GetWindowLongW
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
DestroyWindow
SetWindowPos
SetCursorPos
GetClipboardData
EmptyClipboard
ScreenToClient
CloseClipboard
GetKeyState
OpenClipboard
GetWindowTextW
UpdateWindow
PostQuitMessage
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
EnumWindows
GetWindowTextA
PeekMessageW
SetWindowLongA
DispatchMessageW
ShowWindow
RegisterClassExW
CreateWindowExW
GetSystemMetrics
UnregisterClassW

advapi32

CryptImportKey
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
RegCreateKeyW
RegDeleteTreeW
RegCloseKey
RegSetKeyValueW
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
RegOpenKeyW
CryptCreateHash
CryptGenRandom
CryptGetHashParam

shell32

ShellExecuteW
ShellExecuteA

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
_Thrd_id
_Thrd_join
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

ntdll

NtQuerySystemInformation
RtlVirtualUnwind
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

normaliz

IdnToAscii

wldap32

ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertFreeCertificateChainEngine
CertGetNameStringA
CertEnumCertificatesInStore
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore

ws2_32

ioctlsocket
htonl
listen
__WSAFDIsSet
select
getaddrinfo
closesocket
recv
send
WSAGetLastError
WSACleanup
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
freeaddrinfo
ntohl
WSAStartup
gethostname
sendto
recvfrom
accept

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
strchr
memset
memmove
memcpy
memcmp
__current_exception_context
_CxxThrowException
__C_specific_handler
strstr
wcsstr
__std_terminate
__std_exception_destroy
__current_exception
memchr
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
fputc
fopen
__acrt_iob_func
_lseeki64
fclose
fseek
__stdio_common_vfprintf
fwrite
feof
fputs
_read
_write
_close
_popen
_pclose
fgets
_open
fread
fflush
__stdio_common_vsscanf
_wfopen
fgetc
__stdio_common_vsprintf
fgetpos
setvbuf
ungetc
_get_stream_buffer_pointers
_set_fmode
_fseeki64
fsetpos

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
free
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

exit
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
abort
_errno
strerror
__sys_nerr
_resetstkoflw
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
_configure_narrow_argv
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

strcspn
strcmp
strpbrk
strncpy
tolower
_stricmp
_strdup
isupper
strncmp
strspn

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_wremove
_lock_file
_access
_unlink
_stat64
_unlock_file
remove

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr
fmodf
cosf
acosf
ceilf
_dclass
fmin
sqrtf
sinf

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtod
atoi
strtoll
strtol

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 972KB - Virtual size: 975KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

226c89e40fb815d52aec616632a35b4b

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dx11_43

kernel32

user32

advapi32

shell32

msvcp140

ntdll

d3dcompiler_43

dwmapi

imm32

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 748KB - Virtual size: 748KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 972KB - Virtual size: 975KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 972KB - Virtual size: 975KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 1KB