010ff9e53004537946eb25b85bcc23691c0cc1b5b7b06e7b01dd663482a7abe0

Sharing

Copy URL Twitter E-mail

General

Target

010ff9e53004537946eb25b85bcc23691c0cc1b5b7b06e7b01dd663482a7abe0
Size

760KB
MD5

f5ecf1723b80c10fea46c632376719e3
SHA1

b043337962c769e7a50e3566dabb87efe2ccb2fb
SHA256

010ff9e53004537946eb25b85bcc23691c0cc1b5b7b06e7b01dd663482a7abe0
SHA512

1d770de62ca12ae7c6407ea36312b5731464f2cc858fe5f031756dfedbf996a42c06f9e85f287d79057b58ac533a9c00358e578664812ae7bc9c07017f47e2dc
SSDEEP

12288:Q1CmaSvhwyNFCvgr1xYrfcdSpOG6ZRof3LVzOrd3kS+PYtYplfq4D:QEmLvPFjxrF03JzOd33+PYt2fq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
010ff9e53004537946eb25b85bcc23691c0cc1b5b7b06e7b01dd663482a7abe0

Files

010ff9e53004537946eb25b85bcc23691c0cc1b5b7b06e7b01dd663482a7abe0
.dll windows:6 windows x86 arch:x86

5443cfc9f1e3bd5fae63a8713aeea88b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Documents\My Documents\Visual Studio 2019\Projects\rsmods-develop\Release\xinput1_3.pdb

Imports

winmm

midiInGetDevCapsA
midiInStop
midiOutClose
midiOutLongMsg
midiOutGetNumDevs
midiOutShortMsg
midiInUnprepareHeader
midiInGetNumDevs
midiInAddBuffer
midiOutGetDevCapsA
midiInStart
midiInGetDevCapsW
midiOutUnprepareHeader
midiInPrepareHeader
midiInReset
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInClose

kernel32

GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetModuleHandleA
Sleep
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
AllocConsole
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetEnvironmentStringsW
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleFileNameW
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentProcessId
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
GetStringTypeW
GetCPInfo
HeapSize
WriteConsoleW
GetFileSizeEx
GetSystemTimeAsFileTime
SetLastError
FormatMessageA
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CloseHandle
GetLastError
GetFileInformationByHandleEx
LocalFree
GetCurrentThreadId
WaitForSingleObjectEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx

user32

GetKeyState
CallWindowProcW
FindWindowW
SetWindowPos
GetWindowRect
GetAsyncKeyState
PostMessageW
SetWindowLongW
MessageBoxA

shell32

ShellExecuteA

ole32

CoCreateInstance

d3dx9_43

D3DXCreateFontA
D3DXCreateTextureFromFileW
D3DXCreateTexture

gdiplus

GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipBitmapLockBits
GdipFree
GdipSetLinePresetBlend
GdipDisposeImage
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateLineBrushI
GdiplusStartup

Exports

Exports

XInputEnable
XInputGetBatteryInformation
XInputGetCapabilities
XInputGetDSoundAudioDeviceGuids
XInputGetKeystroke
XInputGetState
XInputSetState

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5443cfc9f1e3bd5fae63a8713aeea88b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

ole32

d3dx9_43

gdiplus

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 568KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 6KB - Virtual size: 66KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 568KB - Virtual size: 568KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 6KB - Virtual size: 66KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 30KB - Virtual size: 30KB