Exela Ware[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Exela Ware.zip
Size

14.5MB
MD5

8c321d700607d278042dbf393a99fd50
SHA1

cfedcccf5bce2b6b2504078687185fe41d27189c
SHA256

4fdd64961541ec92ec3371d96a1debbc4d3ef7c2154ccff414278d345d597c5d
SHA512

bdedc72b6ddb8f2faf1b5dd53279ecd55e9bd7087499da6c5eb969867f73d515c9c6c880810204f9dd1180ced0fe440a8ff04adbc835f233032955137a51f335
SSDEEP

393216:2SXMTcD2bh5q+msb6Y6qz+jtj7jNUjx/qVb5BSXAw:2oMTcDBE6YOjtj7ij5qb+XAw

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Exela.exe	pyinstaller

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Exela.exe
unpack001/ffmpeg.dll
unpack001/libEGL.dll
unpack001/vulkan-1.dll

Files

Exela Ware.zip
.zip
Exela.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Stub.pyc
ExelaDLL.dll
LICENSE
bin/ca.pak
bin/cs.pak
bin/da.pak
bin/de.pak
bin/en-GB.pak
bin/en-US.pak
bin/es-419.pak
bin/es.pak
bin/et.pak
bin/fa.pak
bin/fi.pak
bin/fil.pak
bin/fr.pak
bin/he.pak
bin/hr.pak
bin/hu.pak
bin/id.pak
bin/it.pak
bin/ja.pak
bin/ko.pak
bin/lt.pak
bin/lv.pak
bin/ms.pak
bin/nb.pak
bin/nl.pak
bin/pl.pak
bin/pt-BR.pak
bin/pt-PT.pak
bin/ro.pak
bin/sk.pak
bin/sl.pak
bin/sv.pak
bin/sw.pak
bin/tr.pak
bin/vi.pak
bin/zh-CN.pak
bin/zh-TW.pak
chrome_100_percent.pak
chrome_200_percent.pak
ffmpeg.dll
.dll windows:5 windows x64 arch:x64

6ed82d3226365ffafff2c57c1935d352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ffmpeg.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

av_buffer_create
av_buffer_get_opaque
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_free
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_cpu_flags
av_image_check_size
av_init_packet
av_log_set_level
av_malloc
av_max_alloc
av_new_packet
av_packet_copy_props
av_packet_get_side_data
av_packet_unref
av_rdft_calc
av_rdft_end
av_rdft_init
av_read_frame
av_rescale_q
av_samples_get_buffer_size
av_seek_frame
av_strerror
avcodec_align_dimensions
avcodec_alloc_context3
avcodec_decode_video2
avcodec_descriptor_get
avcodec_descriptor_next
avcodec_find_decoder
avcodec_flush_buffers
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_send_packet
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_open_input
avio_alloc_context
avio_close

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libEGL.dll
.dll windows:5 windows x64 arch:x64

585861b958c9f1fe9cc0324e1020a230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libEGL.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

eglBindAPI
eglBindTexImage
eglChooseConfig
eglClientWaitSync
eglClientWaitSyncKHR
eglCopyBuffers
eglCreateContext
eglCreateDeviceANGLE
eglCreateImage
eglCreateImageKHR
eglCreateNativeClientBufferANDROID
eglCreatePbufferFromClientBuffer
eglCreatePbufferSurface
eglCreatePixmapSurface
eglCreatePlatformPixmapSurface
eglCreatePlatformPixmapSurfaceEXT
eglCreatePlatformWindowSurface
eglCreatePlatformWindowSurfaceEXT
eglCreateStreamKHR
eglCreateStreamProducerD3DTextureANGLE
eglCreateSync
eglCreateSyncKHR
eglCreateWindowSurface
eglDebugMessageControlKHR
eglDestroyContext
eglDestroyImage
eglDestroyImageKHR
eglDestroyStreamKHR
eglDestroySurface
eglDestroySync
eglDestroySyncKHR
eglDupNativeFenceFDANDROID
eglGetCompositorTimingANDROID
eglGetCompositorTimingSupportedANDROID
eglGetConfigAttrib
eglGetConfigs
eglGetCurrentContext
eglGetCurrentDisplay
eglGetCurrentSurface
eglGetDisplay
eglGetError
eglGetFrameTimestampSupportedANDROID
eglGetFrameTimestampsANDROID
eglGetMscRateANGLE
eglGetNativeClientBufferANDROID
eglGetNextFrameIdANDROID
eglGetPlatformDisplay
eglGetPlatformDisplayEXT
eglGetProcAddress
eglGetSyncAttrib
eglGetSyncAttribKHR
eglGetSyncValuesCHROMIUM
eglHandleGPUSwitchANGLE
eglInitialize
eglLabelObjectKHR
eglMakeCurrent
eglPostSubBufferNV
eglPresentationTimeANDROID
eglProgramCacheGetAttribANGLE
eglProgramCachePopulateANGLE
eglProgramCacheQueryANGLE
eglProgramCacheResizeANGLE
eglQueryAPI
eglQueryContext
eglQueryDebugKHR
eglQueryDeviceAttribEXT
eglQueryDeviceStringEXT
eglQueryDisplayAttribANGLE
eglQueryDisplayAttribEXT
eglQueryStreamKHR
eglQueryStreamu64KHR
eglQueryString
eglQueryStringiANGLE
eglQuerySurface
eglQuerySurfacePointerANGLE
eglReacquireHighPowerGPUANGLE
eglReleaseDeviceANGLE
eglReleaseHighPowerGPUANGLE
eglReleaseTexImage
eglReleaseThread
eglSetBlobCacheFuncsANDROID
eglSignalSyncKHR
eglStreamAttribKHR
eglStreamConsumerAcquireKHR
eglStreamConsumerGLTextureExternalAttribsNV
eglStreamConsumerGLTextureExternalKHR
eglStreamConsumerReleaseKHR
eglStreamPostD3DTextureANGLE
eglSurfaceAttrib
eglSwapBuffers
eglSwapBuffersWithDamageKHR
eglSwapBuffersWithFrameTokenANGLE
eglSwapInterval
eglTerminate
eglWaitClient
eglWaitGL
eglWaitNative
eglWaitSync
eglWaitSyncKHR

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
scripts/IY.lua
snapshot_blob.bin
v8_context_snapshot.bin
version
vk_swiftshader_icd.json
vulkan-1.dll
.dll windows:5 windows x64 arch:x64

21c5b88eff7d67aaad312ae7a9ae2733

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vulkan-1.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesExW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

cfgmgr32

CM_Get_Child
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Sibling
CM_Locate_DevNodeW
CM_Open_DevNode_Key

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

vkAcquireNextImage2KHR
vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindBufferMemory2
vkBindImageMemory
vkBindImageMemory2
vkCmdBeginQuery
vkCmdBeginRenderPass
vkCmdBeginRenderPass2
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdClearColorImage
vkCmdClearDepthStencilImage
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdCopyImageToBuffer
vkCmdCopyQueryPoolResults
vkCmdDispatch
vkCmdDispatchBase
vkCmdDispatchIndirect
vkCmdDraw
vkCmdDrawIndexed
vkCmdDrawIndexedIndirect
vkCmdDrawIndexedIndirectCount
vkCmdDrawIndirect
vkCmdDrawIndirectCount
vkCmdEndQuery
vkCmdEndRenderPass
vkCmdEndRenderPass2
vkCmdExecuteCommands
vkCmdFillBuffer
vkCmdNextSubpass
vkCmdNextSubpass2
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdResetEvent
vkCmdResetQueryPool
vkCmdResolveImage
vkCmdSetBlendConstants
vkCmdSetDepthBias
vkCmdSetDepthBounds
vkCmdSetDeviceMask
vkCmdSetEvent
vkCmdSetLineWidth
vkCmdSetScissor
vkCmdSetStencilCompareMask
vkCmdSetStencilReference
vkCmdSetStencilWriteMask
vkCmdSetViewport
vkCmdUpdateBuffer
vkCmdWaitEvents
vkCmdWriteTimestamp
vkCreateBuffer
vkCreateBufferView
vkCreateCommandPool
vkCreateComputePipelines
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDescriptorUpdateTemplate
vkCreateDevice
vkCreateDisplayModeKHR
vkCreateDisplayPlaneSurfaceKHR
vkCreateEvent
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineCache
vkCreatePipelineLayout
vkCreateQueryPool
vkCreateRenderPass
vkCreateRenderPass2
vkCreateSampler
vkCreateSamplerYcbcrConversion
vkCreateSemaphore
vkCreateShaderModule
vkCreateSharedSwapchainsKHR
vkCreateSwapchainKHR
vkCreateWin32SurfaceKHR
vkDestroyBuffer
vkDestroyBufferView
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDescriptorUpdateTemplate
vkDestroyDevice
vkDestroyEvent
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineCache
vkDestroyPipelineLayout
vkDestroyQueryPool
vkDestroyRenderPass
vkDestroySampler
vkDestroySamplerYcbcrConversion
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateDeviceLayerProperties
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumerateInstanceVersion
vkEnumeratePhysicalDeviceGroups
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferDeviceAddress
vkGetBufferMemoryRequirements
vkGetBufferMemoryRequirements2
vkGetBufferOpaqueCaptureAddress
vkGetDescriptorSetLayoutSupport
vkGetDeviceGroupPeerMemoryFeatures
vkGetDeviceGroupPresentCapabilitiesKHR
vkGetDeviceGroupSurfacePresentModesKHR
vkGetDeviceMemoryCommitment
vkGetDeviceMemoryOpaqueCaptureAddress
vkGetDeviceProcAddr
vkGetDeviceQueue
vkGetDeviceQueue2
vkGetDisplayModeProperties2KHR
vkGetDisplayModePropertiesKHR
vkGetDisplayPlaneCapabilities2KHR
vkGetDisplayPlaneCapabilitiesKHR
vkGetDisplayPlaneSupportedDisplaysKHR
vkGetEventStatus
vkGetFenceStatus
vkGetImageMemoryRequirements
vkGetImageMemoryRequirements2
vkGetImageSparseMemoryRequirements
vkGetImageSparseMemoryRequirements2
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceDisplayPlaneProperties2KHR
vkGetPhysicalDeviceDisplayPlanePropertiesKHR
vkGetPhysicalDeviceDisplayProperties2KHR
vkGetPhysicalDeviceDisplayPropertiesKHR
vkGetPhysicalDeviceExternalBufferProperties
vkGetPhysicalDeviceExternalFenceProperties
vkGetPhysicalDeviceExternalSemaphoreProperties
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFeatures2
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceFormatProperties2
vkGetPhysicalDeviceImageFormatProperties
vkGetPhysicalDeviceImageFormatProperties2
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceMemoryProperties2
vkGetPhysicalDevicePresentRectanglesKHR
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceProperties2
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceQueueFamilyProperties2
vkGetPhysicalDeviceSparseImageFormatProperties
vkGetPhysicalDeviceSparseImageFormatProperties2
vkGetPhysicalDeviceSurfaceCapabilities2KHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormats2KHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetPhysicalDeviceWin32PresentationSupportKHR
vkGetPipelineCacheData
vkGetQueryPoolResults
vkGetRenderAreaGranularity
vkGetSemaphoreCounterValue
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkMergePipelineCaches
vkQueueBindSparse
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetCommandPool
vkResetDescriptorPool
vkResetEvent
vkResetFences
vkResetQueryPool
vkSetEvent
vkSignalSemaphore
vkTrimCommandPool
vkUnmapMemory
vkUpdateDescriptorSetWithTemplate
vkUpdateDescriptorSets
vkWaitForFences
vkWaitSemaphores

Sections

.text
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 2KB - Virtual size: 1KB

6ed82d3226365ffafff2c57c1935d352

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 462KB - Virtual size: 461KB

.data Size: 14KB - Virtual size: 1.1MB

.pdata Size: 43KB - Virtual size: 43KB

.00cfg Size: 512B - Virtual size: 40B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 12KB - Virtual size: 12KB

585861b958c9f1fe9cc0324e1020a230

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 19KB

.pdata Size: 15KB - Virtual size: 15KB

.00cfg Size: 512B - Virtual size: 40B

.tls Size: 512B - Virtual size: 289B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

21c5b88eff7d67aaad312ae7a9ae2733

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

cfgmgr32

advapi32

Exports

Exports

Sections

.text Size: 502KB - Virtual size: 502KB

.rdata Size: 170KB - Virtual size: 170KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 20KB - Virtual size: 20KB

.00cfg Size: 512B - Virtual size: 40B

.tls Size: 512B - Virtual size: 17B

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 462KB - Virtual size: 461KB

.data
Size: 14KB - Virtual size: 1.1MB

.pdata
Size: 43KB - Virtual size: 43KB

.00cfg
Size: 512B - Virtual size: 40B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 19KB

.pdata
Size: 15KB - Virtual size: 15KB

.00cfg
Size: 512B - Virtual size: 40B

.tls
Size: 512B - Virtual size: 289B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 502KB - Virtual size: 502KB

.rdata
Size: 170KB - Virtual size: 170KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 20KB - Virtual size: 20KB

.00cfg
Size: 512B - Virtual size: 40B

.tls
Size: 512B - Virtual size: 17B

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 3KB - Virtual size: 3KB