LoaderDX9_ZOOMIE[.]exe

Resubmissions

Sharing

Copy URL Twitter E-mail

General

Target

LoaderDX9_ZOOMIE.exe
Size

568KB
MD5

39ca28183fdc255cc75c5ede500a23c5
SHA1

d4e6a2e34c4575159f6a33da9f01f25bebc38051
SHA256

aa8f368e7762bb603ec272e7c000e6b0084b5b9b6ba3cbad87219a48c58cf929
SHA512

8ff78ecb7e2e60faab243f7580d630f836f707ba1632e8a92c7fbf19df6d346a9f48b42a81e51185a989a52ad6cc2ce8b0ba91714ee01164f433bbf980aa8948
SSDEEP

12288:PF/RQV+mb+/KhLjJj1y3qph0lhSMXlip0ncJD6TPJs:PF/RA+mCCptJy3Ah0lhSMXl60nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LoaderDX9_ZOOMIE.exe

Files

LoaderDX9_ZOOMIE.exe
.exe windows:6 windows x64 arch:x64

a66ea4ca7b95a61f8bd7be086ee4acac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vxvx\source\repos\vx-vx\LoaderDX9_ZOOMIE\LoaderDX9_ZOOMIE\BuildRelease\LoaderDX9_ZOOMIE.pdb

Imports

d3d9

Direct3DCreate9

kernel32

GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteProcessMemory
RtlAddFunctionTable
Sleep
GetLastError
CloseHandle
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
Process32First
OpenProcess
CreateToolhelp32Snapshot
Process32Next
GetCurrentProcess
TerminateProcess
GetVolumeInformationA
UnmapViewOfFile
GetFileAttributesA
CreateFileA
CreateFileMappingA
CreateDirectoryA
MapViewOfFile
IsDebuggerPresent
AcquireSRWLockExclusive
GlobalUnlock
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
RtlVirtualUnwind
RtlLookupFunctionEntry
MultiByteToWideChar
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable

user32

GetForegroundWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
ShowWindow
MessageBoxA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
RegisterClassExA
GetClientRect
SetCursor
SetCapture
ReleaseCapture
TrackMouseEvent
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
UpdateWindow

oleaut32

SysFreeString
SysAllocString
VariantClear

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

urlmon

URLDownloadToFileA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_local_unwind
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
_CxxThrowException
memset
__current_exception_context
__current_exception
memchr
memcmp
__C_specific_handler
memmove
memcpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fgetc
__stdio_common_vsprintf_s
fgetpos
setvbuf
__p__commode
__stdio_common_vfprintf
ungetc
__stdio_common_vsscanf
fread
fsetpos
__stdio_common_vsprintf
_wfopen
fwrite
ftell
_fseeki64
fseek
_get_stream_buffer_pointers
fclose
fflush
__acrt_iob_func
fputc

api-ms-win-crt-string-l1-1-0

strcmp
strcpy_s
strcat_s
strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-runtime-l1-1-0

abort
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
system
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
exit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
remove

api-ms-win-crt-math-l1-1-0

_ldsign
__setusermatherr
_dclass
fmodf
_fdsign
acosf
sqrtf
_fdclass
_dsign
_ldclass
sinf
ceilf
cosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a66ea4ca7b95a61f8bd7be086ee4acac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

oleaut32

imm32

msvcp140

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 472B

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 472B