KrnlX[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KrnlX.rar
Size

17.7MB
MD5

297deb3c60150a6e098915f79d8b223d
SHA1

8069bfca60b9f9865ffdee9652b521a03e7616cc
SHA256

d7e63902be2aeb7593d0abf3da8638e3cf04248cf0d2a47facc4cfee6c99ad99
SHA512

dca568264042f86dd2a23c1520c5ce04399506b204be2d2e66c3db6e9413fcbd5b2dfb88077c9ba11175b5f06149855a26eadf7fdf0c8f36a5ec97ddcb5c049e
SSDEEP

393216:NQF9ezlFIYTqa1yiQ7TYVRyD0mQGKUsSJCv4YlkmLsECyadIglSc:NQF9ezrIYTqa1VZRyD0mQGePPlVsly1G

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/KrnlX/KrnlX.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KrnlX/KrnlX.exe
unpack001/KrnlX/bitsync.dll

Files

KrnlX.rar
.rar

Password: infected
KrnlX/KrnlX.exe
.exe windows:5 windows x64 arch:x64

Password: infected

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KrnlX.pyc
KrnlX/MS3264R_x64.dll
.dll windows:5 windows x64 arch:x64

Password: infected

d39dcbc02dc0498387eafe0e9efe0d79

Code Sign

8d:0f:66:8a:08:36:5e:4a:9b:d3:d2:a9:3d:d7:5e:71
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/07/2020, 00:00

Not After

06/07/2021, 23:59

Subject

CN=Image Line,O=Image Line,POSTALCODE=9000,STREET=Franklin Rooseveltlaan 348 D,L=Gent,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:3b:34:bd:7b:36:dc:98:02:ba:19:4f:7b:64:b7:22:93:65:35:dd:df:7f:b9:8f:ee:e6:1c:fa:ac:b9:a2:77
Signer

Actual PE Digest

08:3b:34:bd:7b:36:dc:98:02:ba:19:4f:7b:64:b7:22:93:65:35:dd:df:7f:b9:8f:ee:e6:1c:fa:ac:b9:a2:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegCreateKeyExW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRgn
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClipCursor
GetClientRect
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsW
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIconFromResource
CreateIcon
CountClipboardFormats
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharNextExA
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetVolumeLabelW
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetDllDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
MulDiv
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DosDateTimeToFileTime
DeleteTimerQueueTimer
DeleteFileW
DeleteCriticalSection
DeleteAtom
CreateTimerQueueTimer
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
ChangeTimerQueueTimer
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RectInRegion
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetRegionData
GetRandomRgn
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontFamiliesExW
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

msvcrt

memset
memcpy

shell32

SHFileOperationW
Shell_NotifyIconW
SHAppBarMessage
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

msacm32

acmMetrics

Exports

Exports

CreatePlugInstance
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 59KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KrnlX/README.md
KrnlX/bitsync.dll
.dll windows:6 windows x64 arch:x64

Password: infected

fd14fc1643e3144ade81f3d099513948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Frederik\Documents\FabFilter\Projects\Pro-Q\Windows\x64\Release VST\FabFilter Pro-Q 3.pdb

Imports

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

opengl32

glBindTexture
glTexParameteri
glTexImage2D
glPixelStorei
glTexSubImage2D
glGetString
glMatrixMode
glLoadIdentity
glShadeModel
glDisable
glTexEnvi
glEnable
glBlendFunc
glEnableClientState
glTexCoordPointer
wglGetProcAddress
glClear
glDrawElements
glDrawArrays
glDisableClientState
glScissor
glColor4f
glViewport
glOrtho
glVertexPointer
glColorPointer
wglDeleteContext
wglMakeCurrent
wglCreateContext
glGenTextures
glDeleteTextures

kernel32

HeapAlloc
HeapFree
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
FindResourceW
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
LoadResource
LockResource
SizeofResource
GetFileAttributesW
GetCurrentThreadId
GetModuleHandleW
GetModuleFileNameW
Sleep
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
GetFileType
GetProcAddress
MulDiv
CreateEventW
SetThreadPriority
GlobalLock
GlobalUnlock
LoadLibraryExW
FreeLibrary
GetLastError
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
ReadConsoleW
GetTimeZoneInformation
GetStdHandle
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
LoadLibraryW
RtlUnwind
SetStdHandle

user32

TrackPopupMenuEx
DestroyMenu
UpdateWindow
InsertMenuItemW
CreatePopupMenu
DrawTextW
FillRect
ReleaseDC
GetDC
GetAncestor
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetFocus
CallWindowProcW
SetWindowPos
GetWindowRect
GetWindowLongW
GetParent
EnumThreadWindows
wsprintfW
EnumDisplayMonitors
SetRectEmpty
IsWindowVisible
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
PostMessageW
UnregisterClassW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
RegisterClassW
GetKeyState
SetTimer
SendMessageW
SetCapture
ReleaseCapture
GetCursorPos
PtInRect
InvalidateRect
SystemParametersInfoW
MapWindowPoints
GetWindowPlacement
SetWindowPlacement
GetGUIThreadInfo
EqualRect
SetCursor
GetClassLongPtrW
BeginPaint
EndPaint
GetSystemMetrics
GetDoubleClickTime
EnableWindow
IsWindowEnabled
EndDialog
DialogBoxParamW
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
OpenClipboard
CloseClipboard
SetWindowTextW
GetClipboardData
KillTimer

gdi32

DeleteDC
SetBkColor
SwapBuffers
CreateDIBSection
CreateFontIndirectW
SetPixelFormat
SetTextColor
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
ChoosePixelFormat
GetStockObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

ole32

OleUninitialize
OleInitialize
CoCreateGuid

Exports

Exports

GetPluginFactory
VSTPluginMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 767KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 132KB - Virtual size: 132KB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

d39dcbc02dc0498387eafe0e9efe0d79

Code Sign

8d:0f:66:8a:08:36:5e:4a:9b:d3:d2:a9:3d:d7:5e:71Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

08:3b:34:bd:7b:36:dc:98:02:ba:19:4f:7b:64:b7:22:93:65:35:dd:df:7f:b9:8f:ee:e6:1c:fa:ac:b9:a2:77Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

netapi32

ole32

comctl32

msvcrt

shell32

winmm

msacm32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 247KB - Virtual size: 246KB

.bss Size: - Virtual size: 59KB

.idata Size: 20KB - Virtual size: 19KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 189B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 151KB - Virtual size: 150KB

.pdata Size: 145KB - Virtual size: 145KB

.rsrc Size: 179KB - Virtual size: 179KB

Password: infected

fd14fc1643e3144ade81f3d099513948

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 2KB - Virtual size: 1KB

8d:0f:66:8a:08:36:5e:4a:9b:d3:d2:a9:3d:d7:5e:71
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

08:3b:34:bd:7b:36:dc:98:02:ba:19:4f:7b:64:b7:22:93:65:35:dd:df:7f:b9:8f:ee:e6:1c:fa:ac:b9:a2:77
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 247KB - Virtual size: 246KB

.bss
Size: - Virtual size: 59KB

.idata
Size: 20KB - Virtual size: 19KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 189B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 151KB - Virtual size: 150KB

.pdata
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 179KB - Virtual size: 179KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 401KB - Virtual size: 400KB

.data
Size: 58KB - Virtual size: 75KB

.pdata
Size: 66KB - Virtual size: 66KB

_RDATA
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 767KB - Virtual size: 766KB

.reloc
Size: 17KB - Virtual size: 17KB