LolScriptV2[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

LolScriptV2.rar
Size

17.0MB
MD5

d82bc5171956be77ff32b264e403d696
SHA1

7d8300dbda5b87e0336197cd513af2b8d850af71
SHA256

5e9f73706d4f65883e1366560184e0a915ea98396aca0d3108fd8d3cc0fc85e5
SHA512

14a658cdbf39469cdf4dbbed2a95d04e6fe1dd627ccbd1cbbe8edc8531a61f57a34dedb34ca0bea0ef8c4f6eeb88c81bb012639b0e1faa9615445065e503aacb
SSDEEP

393216:pUpUDNPviNJXpTS7w0aeK93BmOJ27noxwzhn8p6d8LJv9TLFzL:qSBPvizXpTS7vaZ0b7nWMhy6d8V9T1L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LolScript/LolScript/LolScript.exe

Files

LolScriptV2.rar
.rar
LolScript/LolScript/Installation Setup.txt
LolScript/LolScript/LXI/14A20.ini
LolScript/LolScript/LXI/BR.ini
LolScript/LolScript/LXI/CN.ini
LolScript/LolScript/LXI/EL.ini
LolScript/LolScript/LXI/ES.ini
LolScript/LolScript/LXI/FN.ini
LolScript/LolScript/LXI/Font/br.ttf
LolScript/LolScript/LXI/Font/en.ttf
LolScript/LolScript/LXI/Font/tr.ttf
LolScript/LolScript/LXI/GR.ini
LolScript/LolScript/LXI/KR.ini
LolScript/LolScript/LXI/PL.ini
LolScript/LolScript/LXI/RU.ini
LolScript/LolScript/LXI/TUR.ini
LolScript/LolScript/LXI/TW.ini
LolScript/LolScript/LXI/VN.ini
LolScript/LolScript/LXI/dd.ini
LolScript/LolScript/LXI/qq.ini
LolScript/LolScript/LXI/qs.ini
LolScript/LolScript/LolScript.exe
.exe windows:6 windows x64 arch:x64

fb301bb0f4af4cedae17be77170b1598

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFindFileNameA

mfc140u

ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord11921
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord3278
ord3172
ord11850
ord5080
ord5363
ord5552
ord9041
ord5339
ord5582
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9946
ord8901
ord1089
ord265
ord266
ord1489
ord1491
ord5706
ord3731
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord7719
ord12212
ord14088
ord8947
ord11664
ord2011
ord7668
ord12625
ord3949
ord4011
ord9089
ord14216
ord7650
ord2370
ord14210
ord12223
ord12222
ord2439
ord5183
ord8023
ord12544
ord8084
ord8167
ord2350
ord2346
ord450
ord9056
ord7235
ord6002
ord13401
ord2698
ord11902
ord5916
ord6303
ord990
ord569
ord1734
ord3056
ord4776
ord6251
ord4095
ord3164
ord8826
ord6588
ord2187
ord2475
ord3713
ord13767
ord3599
ord3697
ord4725
ord8161
ord10691
ord6729
ord7893
ord1748
ord1722
ord1700
ord8656
ord14209
ord11625
ord3718
ord2212
ord11771
ord8830
ord11415
ord11414
ord5451
ord9979
ord12967
ord9068
ord9975
ord9977
ord13187
ord9978
ord9976
ord14360
ord878
ord1369
ord2697
ord11940
ord10727
ord7913
ord2149
ord3209
ord3212
ord13397
ord6000
ord3071
ord3307
ord3308
ord3951
ord10163
ord11085
ord10704
ord8731
ord11813
ord10070
ord7393
ord983
ord1450
ord7716
ord940
ord11944
ord13513
ord13109
ord7054
ord13545
ord1641
ord2270
ord4656
ord1033
ord296
ord3756
ord6320
ord6247
ord6250
ord1111
ord1184
ord1053
ord1424
ord1091
ord6614
ord8900
ord9941
ord5555
ord12606
ord11901
ord11933
ord10124
ord7920
ord8817
ord1755
ord4445
ord280
ord4078
ord3173
ord11665
ord5240
ord8449
ord11929
ord4335
ord5245
ord6287
ord8926
ord11855
ord4828

kernel32

Process32FirstW
Thread32Next
OpenThread
Thread32First
WinExec
TerminateProcess
GetModuleFileNameA
GetModuleHandleW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetCurrentProcessId
VirtualAlloc
GetLastError
CreateFileW
DeviceIoControl
GetDriveTypeA
GetVersionExW
GetVersion
WriteFile
ReadFile
SetFilePointer
CloseHandle
CreateFileA
Sleep
GetProcAddress
OpenProcess
GetThreadTimes
CompareFileTime
GetFileAttributesW
MultiByteToWideChar
DeleteFileW
GetFileAttributesA
QueryFullProcessImageNameW
Process32NextW
MoveFileA
LoadLibraryA
RtlAddFunctionTable
FlushInstructionCache
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnmapViewOfFile
CreateFileMappingW
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLogicalDrives
GetTickCount
OutputDebugStringW
FormatMessageA
WideCharToMultiByte
GetWindowsDirectoryW
GetFileTime
GetModuleFileNameW
GetComputerNameA
GetVolumeInformationW
GetSystemDirectoryW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

LoadBitmapW
SetWindowLongW
GetWindowLongW
EnableWindow
GetSystemMenu
wsprintfW
FindWindowA
SetWindowTextA
MessageBoxA
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
SetTimer
SetDlgItemTextA
GetDlgItem
SendMessageW
AppendMenuW

gdi32

CreatePatternBrush

advapi32

OpenProcessToken
CryptCreateHash
GetUserNameA
GetCurrentHwProfileA
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

oleaut32

VariantClear

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Random_device@std@@YAIXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Strcoll
_Strxfrm
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
_To_wide
_Current_get
_Stat
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Open_dir
_To_byte
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Read_dir
_Close_dir
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
?eof@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z

ntdll

RtlInitUnicodeString

winhttp

WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
memchr
_CxxThrowException
memmove
__current_exception_context
__current_exception
__C_specific_handler
memset
strchr
strstr
__std_type_info_compare
_purecall
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_errno
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fgetc
fputc
ungetc
_get_stream_buffer_pointers
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fread
__acrt_iob_func
__p__commode
_set_fmode
fclose
fwrite

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free
_set_new_mode
realloc
_recalloc

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-string-l1-1-0

_wcsicmp
toupper
towlower

api-ms-win-crt-convert-l1-1-0

mbstowcs
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
_stat64i32

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZOO
Size: - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.U:4
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.km0
Size: 18.2MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb301bb0f4af4cedae17be77170b1598

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

msvcp140

ntdll

winhttp

version

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 166KB

.rdata Size: - Virtual size: 57KB

.data Size: - Virtual size: 8.6MB

.pdata Size: - Virtual size: 14KB

.ZOO Size: - Virtual size: 7.3MB

.U:4 Size: 6KB - Virtual size: 6KB

.km0 Size: 18.2MB - Virtual size: 18.2MB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 2KB - Virtual size: 33KB

.text
Size: - Virtual size: 166KB

.rdata
Size: - Virtual size: 57KB

.data
Size: - Virtual size: 8.6MB

.pdata
Size: - Virtual size: 14KB

.ZOO
Size: - Virtual size: 7.3MB

.U:4
Size: 6KB - Virtual size: 6KB

.km0
Size: 18.2MB - Virtual size: 18.2MB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 2KB - Virtual size: 33KB