9b2eeaea3b33982f4975ff9a26b71439ebf1f12faa6b1e03cb0fb7e384724f8b

Sharing

Copy URL Twitter E-mail

General

Target

9b2eeaea3b33982f4975ff9a26b71439ebf1f12faa6b1e03cb0fb7e384724f8b
Size

966KB
MD5

ee5eb1d17057ec3640523ec83b27a343
SHA1

d13285364cb1b0b316e28830fa64692847121d32
SHA256

9b2eeaea3b33982f4975ff9a26b71439ebf1f12faa6b1e03cb0fb7e384724f8b
SHA512

612152dfa347c548b77b67bf54504e1e9a44480409182f0c216f4619c2cbfbf3ddc4dbfc05e13f8a5a327e887ae3f5ead4562ee1e44889b1b0a5336106470300
SSDEEP

24576:BQZlv1xlnmIvaXhsMxbEYeucQM/r0ayJ+Wp21C/DQ:Gobv7cQM/ruJY1C/DQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b2eeaea3b33982f4975ff9a26b71439ebf1f12faa6b1e03cb0fb7e384724f8b

Files

9b2eeaea3b33982f4975ff9a26b71439ebf1f12faa6b1e03cb0fb7e384724f8b
.dll windows:5 windows x86 arch:x86

1d7f2061e003b57de5a5d793a8f1b23a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\GitHub\Downloaded Projects\sadx-mod-loader\bin\SADXModLoader.pdb

Imports

shlwapi

PathFindExtensionA
PathFindFileNameA

dbghelp

MiniDumpWriteDump
ImageDirectoryEntryToData
ImageNtHeader

gdiplus

GdipFree
GdipAlloc
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup

kernel32

TerminateProcess
UnhandledExceptionFilter
CopyFileW
SetLastError
AreFileApisANSI
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
GetModuleHandleExA
GetModuleFileNameA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
LoadLibraryW
GetModuleFileNameW
AllocConsole
SetConsoleTitleW
SetConsoleCtrlHandler
GetLastError
FormatMessageW
LocalFree
DisableThreadLibraryCalls
FindFirstFileExW
FindNextFileW
FindClose
FindFirstFileA
CreateFileA
GetNativeSystemInfo
VirtualAlloc
lstrcmpiA
CreateDirectoryA
CompareStringA
lstrlenA
GetCommandLineW
lstrcmpA
GetConsoleWindow
LoadLibraryA
GetModuleHandleA
GetVersionExA
IsProcessorFeaturePresent
VirtualFree
GetFileAttributesW
GetFileAttributesA
WriteProcessMemory
QueryPerformanceCounter
GetFileInformationByHandle
GetCurrentDirectoryW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemInfo
RaiseException
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
FindNextFileA

user32

GetAsyncKeyState
SetForegroundWindow
UpdateWindow
ShowWindow
CreateWindowExA
LoadAcceleratorsA
EnumDisplayMonitors
GetSystemMetrics
RegisterClassA
LoadCursorW
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorW
PeekMessageA
DefWindowProcA
GetClientRect
SendMessageA
SetFocus
SendMessageW
GetWindowLongW
LoadImageW
SetWindowPos
AdjustWindowRectEx
ShowCursor
SetWindowLongA
GetWindowLongA
GetWindowRect
wsprintfA
SetWindowLongW
CallWindowProcW
MapVirtualKeyW
SetWindowTextA
PostQuitMessage
MessageBoxA
MessageBoxW

gdi32

GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW

msvcp140

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xlength_error@std@@YAXPBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z

vcruntime140

__std_terminate
__CxxFrameHandler3
_setjmp3
__std_exception_destroy
__std_exception_copy
strrchr
strstr
memmove
__CxxFrameHandler
memchr
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
memset
memcpy
__std_type_info_compare
longjmp

api-ms-win-crt-string-l1-1-0

strncmp
tolower
_strdup
towlower
strncpy
isdigit
strcat_s
isspace
_stricmp
strncpy_s
strnlen

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_errno
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
strerror
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-stdio-l1-1-0

fgetpos
fopen
_fseeki64
feof
fgets
fseek
fwrite
fread
ftell
__stdio_common_vswprintf
ungetc
fputc
setvbuf
fgetc
fsetpos
_get_stream_buffer_pointers
__acrt_iob_func
fputs
fread_s
fopen_s
__stdio_common_vswprintf_s
_wfopen
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fclose
freopen
fflush

api-ms-win-crt-convert-l1-1-0

strtod
wcstol
_wtoi
atoi
wcstof
strtoull
strtoll
strtof
strtol
strtoul

api-ms-win-crt-filesystem-l1-1-0

_wchdir
_lock_file
_wmkdir
_unlock_file
_mkdir

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
calloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-math-l1-1-0

_libm_sse2_asin_precise
copysign
_finite
_CIacos
floor
_CIpow
_except1
_ftol
_libm_sse2_cos_precise
_CIatan2
_dtest
ceil
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise

api-ms-win-crt-time-l1-1-0

_localtime64_s
_localtime64
_time64
wcsftime

api-ms-win-crt-environment-l1-1-0

_wgetcwd

Sections

.text
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7f2061e003b57de5a5d793a8f1b23a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dbghelp

gdiplus

kernel32

user32

gdi32

advapi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 781KB - Virtual size: 781KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 18KB - Virtual size: 47KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 781KB - Virtual size: 781KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 18KB - Virtual size: 47KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB