yenosist_loader[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

yenosist_loader.rar
Size

18.0MB
MD5

005fd7e56e09a7b65fd83b2d46aa984f
SHA1

50648d286d3f0b7014e7bb022aa19dc955edbcb4
SHA256

e4c569d377904b9cabd9c06f079e176e9a47275f68cda96a97b09a6ce625773a
SHA512

86693cc4ed5d3d3d9c6c345139b66288f70eeef198a8b7405ecaae1b69961b27e1a777e0e5f4069c80b1ec52663d18bd52274c48a096994a0ba676f7710c75ad
SSDEEP

393216:hi/HsH9iVFR7mhzFMYF8wC8d6Q06J1rZ1nalyvhVa19HCrDRDJL:svsQVFR7wFMYFZCw7alMLowDRVL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AutoHotkey_2.0.12_setup.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoHotkey.exe
unpack001/AutoHotkey_2.0.12_setup.exe
unpack001/yenosist_loader.exe

Files

yenosist_loader.rar
.rar
AutoHotkey.exe
.exe windows:5 windows x64 arch:x64

75c4575d393c87d632a926665a508a79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
ioctlsocket
connect
WSAGetLastError
WSACleanup
shutdown
gethostname
htons
getservbyname
htonl
inet_addr
ntohs
getservbyport
gethostbyaddr
inet_ntoa
WSAAsyncSelect
recv
socket
closesocket
WSASetLastError
send
WSAStartup

winmm

joyGetDevCapsW
waveOutSetVolume
waveOutGetVolume
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerClose
mixerGetLineInfoW
mixerGetDevCapsW
mixerOpen
mciSendStringW
joyGetPosEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ImageList_GetIconSize
ImageList_Create
CreateStatusWindowW
ImageList_AddMasked
ImageList_Destroy
ImageList_ReplaceIcon

shlwapi

HashData

crypt32

CryptBinaryToStringA

psapi

GetModuleFileNameExW
GetModuleBaseNameW
GetProcessImageFileNameW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
InternetOpenW

kernel32

VirtualProtect
InitializeCriticalSection
SetErrorMode
LoadLibraryW
GetProcAddress
AddVectoredExceptionHandler
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableW
SuspendThread
ResumeThread
EnterCriticalSection
LeaveCriticalSection
OpenThread
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetModuleHandleW
MultiByteToWideChar
SystemTimeToFileTime
SetFilePointerEx
ReadFile
SetFilePointer
GlobalSize
lstrcpyA
lstrlenA
lstrcmpiA
lstrcmpA
LocalFileTimeToFileTime
CreateDirectoryA
CreateDirectoryW
IsBadReadPtr
CreateFileW
CreateFileA
WriteFile
SetFileTime
DuplicateHandle
LoadResource
LockResource
GetProcessTimes
GetCurrentDirectoryA
GetLocalTime
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileSize
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetLastError
FlushInstructionCache
RtlAddFunctionTable
GetTempPathA
HeapAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
GetProcessHeap
HeapCreate
HeapFree
HeapDestroy
GetCommandLineW
WaitForSingleObject
GetThreadLocale
VirtualQuery
GetSystemInfo
GetVersionExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
OpenProcess
GetCurrentProcessId
GetFullPathNameW
LocalFree
GetShortPathNameW
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
TerminateProcess
SetPriorityClass
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
DeleteFileW
CopyFileW
SetFileAttributesW
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
TryEnterCriticalSection
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
HeapWalk
HeapSize
SetEndOfFile
GetACP
GetFileType
GetStdHandle
FileTimeToSystemTime
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
RemoveVectoredExceptionHandler
ExitProcess
ExitThread
GetCurrentProcess
CheckRemoteDebuggerPresent
GetCurrentThread
GlobalFree
_lclose
_lopen
_lread
GetModuleFileNameA
GlobalAlloc
GetModuleHandleA
FindResourceW
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
SizeofResource
RtlCaptureContext

user32

UnregisterClassW
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
CreateWindowExW
LoadAcceleratorsW
SetClipboardViewer
ChangeClipboardChain
LoadImageW
CharLowerA
CheckMenuItem
GetMenu
BlockInput
IsWindowVisible
SetWindowTextW
GetIconInfo
SetRect
DrawTextW
AdjustWindowRectEx
SystemParametersInfoW
GetClientRect
GetWindowRect
MoveWindow
EnumChildWindows
SetActiveWindow
SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
EnumDisplayMonitors
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
ClientToScreen
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetScrollInfo
ScrollWindow
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
SetWindowLongPtrW
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
InsertMenuItemW
SetMenuDefaultItem
DestroyWindow
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetQueueStatus
MapVirtualKeyW
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
WindowFromPoint
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetScrollInfo
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
DestroyIcon
IsCharAlphaW
RemoveMenu
GetClassNameW
GetMonitorInfoW

gdi32

GetClipBox
GetPixel
BitBlt
CreateCompatibleBitmap
GetCharABCWidthsW
SetBkMode
SetBkColor
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
GetSystemPaletteEntries
FillRgn
SetTextColor
ExcludeClipRect
GetClipRgn
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
DeleteObject
CreatePatternBrush
GetDeviceCaps

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegCloseKey
RegConnectRegistryW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW

shell32

SHGetPathFromIDListW
SHFileOperationW
SHEmptyRecycleBinW
DragQueryPoint
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
ExtractIconW
DragQueryFileW
DragFinish
Shell_NotifyIconW

ole32

CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoGetObject

oleaut32

OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
VariantChangeType
VariantClear
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayDestroy
GetActiveObject
SysStringLen

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__std_terminate
__C_specific_handler
wcsrchr
_purecall
memcpy
wcschr
strchr
strstr
wcsstr
__std_exception_copy
memmove
memcmp
__RTDynamicCast
_CxxThrowException
__current_exception_context
__current_exception
__std_exception_destroy

api-ms-win-crt-convert-l1-1-0

_wtof
_wcstoi64
_wtoi64
_ultow
_ui64tow
wcstombs
wcstoul
wcstol
_itow
_wtoi
strtol
_ui64toa
_i64tow
wcstod
atof
_atoi64
strtoul
_i64toa
atoi
_ultoa
_itoa
_wcstoui64

api-ms-win-crt-string-l1-1-0

isxdigit
strcmp
toupper
_wcsdup
_wcsnicmp
wcsncpy
iswxdigit
isdigit
wcscspn
_wcsupr
_strnicmp
towupper
iswspace
iswdigit
tolower
_isctype
strcpy_s
strncpy_s
wcsncmp
strcat_s
strncmp
_stricmp
_wcsicmp

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
_expand
_callnewh
_set_new_mode
_msize
malloc

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_c_exit
_configure_wide_argv
_get_wide_winmain_command_line
_initialize_wide_environment
terminate
_set_app_type
_seh_filter_exe
_cexit
__p___wargv
__p___argc
exit
_beginthreadex
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fclose
fread
ftell
__stdio_common_vsprintf_s
fseek
fwrite
__stdio_common_vsprintf
__stdio_common_vswprintf
setvbuf
_set_fmode
__acrt_iob_func
_wfopen
__p__commode

api-ms-win-crt-utility-l1-1-0

qsort
bsearch
rand

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-math-l1-1-0

fmod
pow
sin
log
log10
__setusermatherr
floor
exp
tan
cos
ceil
atan
asin
sqrt
acos

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

ADDFILE
ADDSCRIPT
AHKASSIGN
AHKEXEC
AHKEXECUTELINE
AHKFINDFUNC
AHKFINDLABEL
AHKFUNCTION
AHKGETVAR
AHKISUNICODE
AHKLABEL
AHKPAUSE
AHKPOSTFUNCTION
AddFile
AddScript
Addfile
Addscript
AhkAssign
AhkExec
AhkExecuteLine
AhkExecuteline
AhkFindFunc
AhkFindLabel
AhkFindfunc
AhkFindlabel
AhkFunction
AhkGetVar
AhkGetvar
AhkIsUnicode
AhkIsunicode
AhkLabel
AhkPause
AhkPostFunction
AhkPostfunction
Ahkassign
Ahkexec
AhkexecuteLine
Ahkexecuteline
AhkfindFunc
AhkfindLabel
Ahkfindfunc
Ahkfindlabel
Ahkfunction
AhkgetVar
Ahkgetvar
AhkisUnicode
Ahkisunicode
Ahklabel
Ahkpause
AhkpostFunction
Ahkpostfunction
MinHookDisable
MinHookEnable
addFile
addScript
addfile
addscript
ahkAssign
ahkExec
ahkExecuteLine
ahkExecuteline
ahkFindFunc
ahkFindLabel
ahkFindfunc
ahkFindlabel
ahkFunction
ahkGetVar
ahkGetvar
ahkIsUnicode
ahkIsunicode
ahkLabel
ahkPause
ahkPostFunction
ahkPostfunction
ahkassign
ahkexec
ahkexecuteLine
ahkexecuteline
ahkfindFunc
ahkfindLabel
ahkfindfunc
ahkfindlabel
ahkfunction
ahkgetVar
ahkgetvar
ahkisUnicode
ahkisunicode
ahklabel
ahkpause
ahkpostFunction
ahkpostfunction

Sections

.text
Size: 946KB - Virtual size: 945KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AutoHotkey_2.0.12_setup.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
README.txt
yenosist_loader.exe
.exe windows:6 windows x64 arch:x64

ea665bce3f1ab7d4d6cfa9ff8cd8b857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

GetCurrentProcess
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IsWindowUnicode
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetTokenInformation

shell32

ShellExecuteA

msvcp140

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

normaliz

IdnToAscii

wldap32

ord79

crypt32

CryptQueryObject

ws2_32

htons

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

sinf

api-ms-win-crt-time-l1-1-0

_gmtime64

wtsapi32

WTSSendMessageW

Exports

Exports

-y�҆��(Be+O�� n��v��ּs��:|iI�.��aV�\��[ #8CX�Iǧ�� #f��S�[��9O��_MS] ��6��n!�8�pM��J��χ��FSش:yF��k��/��-#��D��*+�~��hjU��<��k��6��U�&�K�}ʌ$xА�n��ٷ�d5 �m��h(`�?��i�)5C��肸}n�.m��÷j{��/�̑��v��%��a�BU�y.D�@Ǻ a��B\%��Ɏ��5咃�֨�9h�p��D?ۋ��.ˌ�� ,�̠��1�UD�e�x��(�d3!�ŭq�()��D)��'�\u*�j��.I+&g��~��G��:a?�Nn�l��o�?qi��O��@GB��!aM9��JZޙ�j]�yц��}�&hv�K�Al67��(�hi��P��X��>Ꚕ�U?�G�pS��g�syD�^z�;��t�t�ٖ��'��b"��;�Қ�2I��O\�?�(��/�1�0��EN:c[��XQ�^�N�p�s��7%DP�B��K��nR�P�k�f<��d'��[�t�u�[iV-}��N�*l-%UY729�7mx]��B�<�`�9��^�W@��b��IxA�Rn�Dv�}u=.��Qe�,�>�b;��kK�ܑ1c�+�i�W�l ^ø��I�׷|�_{T6A�o�|Ԡ��>M�<�L��c��)�m4<� ��i��P*7�kq�)��F�>J�x��-� 8%��x� �v�14��<��X��۶��@��fj0�w8�K�V^� ��+e4/��$_eo1D�~_ �g�ysr�|�ɩ�b�ZI��Jd�z�g؞��)��I��#��j�c��:��T�� 2É�]��'�Ѻؗa��h��'��J��)5�lc�iUAmY�uAߩ��`L<��) �܊D5�ƺz�E�𿰨�|u�/݊�ؼL��gAV��Ook`�1h�I��B|��^�̦�w�킎֛��#X��>�U�\��(�@r��l��(��)I0��$w�!-��N��Z�}��O"��g��apfɾ��d��l��<p�-b�QK��^Mc�i�g8i�<�y��{P�|$UU?qD>1اB�@��rE*(�y��n0�〽�}N�a(�Z*�(�G7�1�c�f/�hH)�LU֟��j��X5T��[�Bzh��>��*�mH�c��18u9r��}T�b.��;di2��$��[��=�K��o[I����?g�5xR�'��y��ƿ��4{sy�!�p��e�>�1��X�5�h��x��b�r,��x�^Ӯ��@�F�,��9?H�K�o�J�� K<�~�F�<v��.��,�^ZqJ��:��2�#��oz:��=q֠�6�&ѯ*�"�095�,��ɨg��Z��Eǀo�UΈ^A�Q��8�4P�F�͝��y?(�n ��n��{}�z��h�2c>˄�s��|�}��ޙ�y�7��]E� pld��`�k��Xa��Rg4RbP��mᶣcf�� E~��/��v��->!�f�B��_9�R�J�n}��'h��$�"0�@/�{FPi_M��S��]y�L�ի��̀��?f|a(�� 4)Ft�{i�i�ĩ��^� ̆�˙��x:W��i N;z�5B_� ��sq3 �TI�G�}V��c��4}~#1��B%j��׫Y��=ډ��H��!��5�8-�~��i�/� ��[O�B��f��ޔp��)��.mϓYb��d$DH��9B�s��.T~8�)��}_��Z��Ϗt�+�4��mM�x�@ �K�"��8�S��x��٥��u�'@_�%�Ɣ��D�e<v!��"!ϲ}V�]'\>��:��ف�61�� h�-!��@��8$�6E��+P�Y��h�_\��c��|��~aH��U��<��XZ�<�i�o�ky�1��k�֫��2[8�@,0e�qD�8�l�-=�^�a�1�0i��)�� XF��6.�d�v��d�$��ڇ�mX��η� �j�Ħ�p�x��ٚ�:T[��A�;n`�\t��{�W�[7鱗3u��0lZ�h^�zc.�� Clʜ$�FLM�Gq`�w��8R��WN��CR�x��H�Fn��0�O+�[�<�S�|KQ� Z �o[��9v��3��z9��b��.P��6i��X/��?ͣ�04��+S�r�E�Y�k�A�)8� I��"��\�I�Hz�euOpQ�W��>k�j�8��^�f`<`��횥zg�w��E��C��%;[��|��U;仈�Yr�AC'W��N�q3mEk�8��q��RL�C��\��Sj?��7eK�Qj ��M�B'q��D��Y��H��dď��t�8�5 ��9�-� ��.�C#rY'�Mv�ի`�@@z�>�i\��n��9�4�!w �p�f��HIo�߃N�fnXqAn![��_��w��o!��"z�d�_��AxQ��XD�w��C#�M��_��t�m ��/��/-z�� 5j�h|�ș�*��r�UՎ(�#�\~�ҹ�O�M(h�tҁ2L B�R�̲��ch[P��kh�ͥ��+��!��TP=��]+��F��my�4L�yL=�31�$��W��]f��+�%��\��.*^�m�,��.^�l+��zl7M��xWS1��6LA��D �Xh��o8��W��T��E�[(��/'u��$G�U��x��O��N�w��xU%46t/�� k$��Z!P��BYq��ɑ��x��]�Č��Ԡ��a!��PY�rDnͯ3還�x�[��)v��R�>ryҽN{��b�}

Sections

clonaz.a
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

clonaz.g
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

clonaz.a
Size: - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

clonaz.e
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

clonaz.k
Size: - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

clonaz.b
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

clonaz.l
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75c4575d393c87d632a926665a508a79

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

comctl32

shlwapi

crypt32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

vcruntime140_1

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 946KB - Virtual size: 945KB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 14KB - Virtual size: 39KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 2.8MB - Virtual size: 2.8MB

.rsrc Size: 36KB - Virtual size: 40KB

ea665bce3f1ab7d4d6cfa9ff8cd8b857

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

shell32

msvcp140

dwmapi

imm32

d3dx11_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

.text
Size: 946KB - Virtual size: 945KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 14KB - Virtual size: 39KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 36KB - Virtual size: 40KB

clonaz.a
Size: - Virtual size: 1.1MB

clonaz.g
Size: - Virtual size: 320KB

clonaz.a
Size: - Virtual size: 342KB

clonaz.e
Size: - Virtual size: 50KB

clonaz.k
Size: - Virtual size: 10.6MB

clonaz.b
Size: 13.1MB - Virtual size: 13.1MB

clonaz.l
Size: 5KB - Virtual size: 4KB