privateloader | WinRAR-ZIP-Archiv (neu)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WinRAR-ZIP-Archiv (neu).zip
Size

12.0MB
MD5

ea4879082a8db56b82db559cb5802999
SHA1

7836f9a51ef4151aeae93794b2c22f800f29065c
SHA256

a339b4547c45142edade860479c9f1d26f86ffde9e036e376c9d71e0d869b5ac
SHA512

d05a90aca009e138ee1d925c1891adc036524ede63b795b1a5f654078d2776514c406e6da201994285dafedec61bd5089331805735bd74ab484a53ff6aed64bc
SSDEEP

196608:rHfhE5g23WIl930roxk/BybaexjPuUMI2yGLdESACpFGxi4K4WMoFRXRxlVJCpi+:r/hCX34tyLxBMAGLdMyExXK4mZRxlHL+

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Custom.dll
unpack001/Kebab Chefs! - Restaurant Simulator.exe
unpack001/SteamOverlay64.dll
unpack001/winmm.dll

Files

WinRAR-ZIP-Archiv (neu).zip
.zip
Custom.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kebab Chefs! - Restaurant Simulator.exe
.exe windows:6 windows x64 arch:x64

fd60dddc87379c239e8ac49516966c3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\artifacts\WindowsPlayer\Win64_nondev_m_r\WindowsPlayer_Master_mono_x64.pdb

Imports

unityplayer

UnityMain

kernel32

GetModuleHandleExW
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OnlineFix.ini
SteamOverlay64.dll
.dll windows:6 windows x64 arch:x64

fd9c9736fbc202d1a20e83d97ea0979b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
LoadLibraryExW
ExitProcess
CloseHandle
WriteConsoleW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

OnlineFix

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnityPlayer.dll
.dll windows:6 windows x64 arch:x64

93ca03aa69d361fee0f3aa7251ec93b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/07/2018, 00:00

Not After

10/07/2021, 23:59

Subject

CN=Unity Technologies Aps,OU=Core Developer Services,O=Unity Technologies Aps,L=København K,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:92:a8:a5:d2:e4:cb:85:ca:43:49:04:11:80:ee:1a:7e:45:80:ac
Signer

Actual PE Digest

5b:92:a8:a5:d2:e4:cb:85:ca:43:49:04:11:80:ee:1a:7e:45:80:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildslave\unity\build\artifacts\UnityPlayer\Win64_nondev_m_r\UnityPlayer_Win64_mono_x64.pdb

Imports

kernel32

Thread32Next
RtlLookupFunctionEntry
RtlVirtualUnwind
GetModuleFileNameA
GetEnvironmentVariableA
GetCurrentDirectoryA
GetFileAttributesA
SetLastError
CreateMutexA
GetThreadContext
ReadProcessMemory
GlobalAlloc
GlobalUnlock
GlobalLock
LoadLibraryW
GetUserDefaultUILanguage
ExpandEnvironmentStringsW
GetCurrentDirectoryW
CreateFileA
GetTempPathW
DebugBreak
CreateThread
GlobalMemoryStatusEx
GetSystemInfo
GetSystemDirectoryA
FormatMessageW
GetComputerNameW
GetSystemPowerStatus
GetOverlappedResult
CancelIo
ResetEvent
GetTickCount
GetStartupInfoA
SetConsoleCtrlHandler
SetDllDirectoryW
SleepEx
RaiseException
GetThreadTimes
SwitchToThread
SetThreadPriority
GetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
AttachConsole
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ReleaseSemaphore
GetLocalTime
GetTimeZoneInformation
IsDebuggerPresent
CreateSemaphoreExW
TlsAlloc
TlsFree
GetNativeSystemInfo
VirtualQuery
GetFileSize
SetFilePointerEx
SetFilePointer
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
ReadFile
GetTempFileNameW
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileExW
WriteConsoleW
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
CreateToolhelp32Snapshot
SetConsoleMode
SetStdHandle
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
HeapFree
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapQueryInformation
HeapSize
HeapReAlloc
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
GetVersionExW
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
DuplicateHandle
VerifyVersionInfoA
ExpandEnvironmentStringsA
InitializeCriticalSectionEx
GetTickCount64
GlobalMemoryStatus
GetFileType
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
ReadConsoleInputW
FlushConsoleInputBuffer
SetThreadAffinityMask
GetStdHandle
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCommandLineW
SetErrorMode
ResumeThread
SuspendThread
OpenThread
GetCurrentThreadId
TerminateProcess
GetErrorMode
SetUnhandledExceptionFilter
RtlCaptureContext
SystemTimeToFileTime
ReplaceFileW
MoveFileExW
CopyFileW
GetModuleHandleW
GetModuleFileNameW
VirtualFree
Thread32First
LocalFree
IsValidCodePage
GetProcessId
CreateProcessW
GetExitCodeProcess
LocalAlloc
VirtualProtect
RtlUnwind
VirtualAlloc
GetSystemTime
CreatePipe
SetHandleInformation
OutputDebugStringA
WriteFile
SetEnvironmentVariableW
SetFileTime
WaitForMultipleObjects
CreateEventW
LoadLibraryExW
GetCurrentThread
GetCurrentProcess
GetLastError
GetModuleHandleA
MultiByteToWideChar
WaitForSingleObject
Sleep
CreateEventA
WaitForSingleObjectEx
VerifyVersionInfoW
CloseHandle
CreateEventExW
WaitForMultipleObjectsEx
SetEvent
VerSetConditionMask
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcessId
TlsSetValue
TlsGetValue

user32

EnumDisplaySettingsA
GetCaretBlinkTime
DestroyWindow
CreateWindowExW
ShowWindow
UpdateWindow
GetDesktopWindow
EnumDisplayDevicesA
MonitorFromWindow
ReleaseDC
PeekMessageA
MsgWaitForMultipleObjects
TrackMouseEvent
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetSystemMetrics
AllowSetForegroundWindow
GetDC
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
CreateIconIndirect
EnumDisplaySettingsW
SetWindowLongA
AdjustWindowRectEx
GetWindowPlacement
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
MonitorFromRect
SetWindowLongPtrW
GetThreadDesktop
GetUserObjectInformationA
RegisterWindowMessageA
SendMessageTimeoutA
DefWindowProcW
SetWindowPos
IsIconic
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
SetForegroundWindow
GetClientRect
GetWindowRect
ScreenToClient
GetWindowLongA
SetWindowLongPtrA
GetParent
EnumWindows
UnregisterClassW
RegisterClassExW
DialogBoxParamW
EndDialog
SetDlgItemTextA
SetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
CopyRect
OffsetRect
LoadIconA
GetKeyboardLayoutNameW
TranslateMessage
DispatchMessageA
GetMessagePos
GetMessageTime
GetMessageExtraInfo
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetDoubleClickTime
IsWindowVisible
GetKeyState
GetAsyncKeyState
GetKeyNameTextW
SetCapture
ReleaseCapture
GetWindowLongPtrW
ClipCursor
SetCursorPos
SetWindowTextW
ValidateRect
DragDetect
KillTimer
SetTimer
GetFocus
GetActiveWindow
SetFocus
RegisterClassW
PostQuitMessage
SendMessageW
GetMessageA
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
SystemParametersInfoW
PtInRect
ClientToScreen
GetCursorPos
ShowCursor

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
PropVariantCopy
PropVariantClear

shlwapi

PathCanonicalizeW
PathFileExistsW
SHDeleteKeyW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW

advapi32

CryptImportKey
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetUserNameA
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
CryptCreateHash
CryptGetHashParam
CryptEncrypt

gdi32

CreateBitmap
DeleteObject
CreateDIBSection
ChoosePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW

opengl32

wglGetCurrentDC
wglMakeCurrent
wglCreateContext
wglGetCurrentContext
wglGetProcAddress
wglDeleteContext

winmm

waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveInGetNumDevs
waveOutOpen
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
timeGetTime
timeBeginPeriod
waveInGetDevCapsA
waveInOpen
waveInGetDevCapsW
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInReset
waveInStart
waveOutClose
timeEndPeriod

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantChangeType
VariantClear

imm32

ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetOpenStatus
ImmGetContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser

bcrypt

BCryptGenRandom

hid

HidP_SetUsageValue
HidP_SetUsages
HidP_GetData
HidP_MaxDataListLength
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetAttributes

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain

ws2_32

htonl
WSASocketA
WSAGetLastError
WSASetLastError
send
select
recv
ntohs
listen
inet_addr
htons
getsockname
ioctlsocket
connect
closesocket
bind
sendto
__WSAFDIsSet
setsockopt
shutdown
socket
gethostname
WSAStartup
WSACleanup
WSAIoctl
getaddrinfo
getsockopt
WSASendDisconnect
gethostbyaddr
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAWaitForMultipleEvents
accept
freeaddrinfo
getnameinfo
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSARecvFrom
recvfrom
ntohl
getpeername
gethostbyname
getprotobyname

dwmapi

DwmGetWindowAttribute

Exports

Exports

UnityMain

Sections

.text
Size: 20.0MB - Virtual size: 20.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlllist.txt
winmm.dll
.dll windows:6 windows x64 arch:x64

d87c96e86984e394d8b76e8b7350cb52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
ReadConsoleW
CreateFileW
RtlUnwind

user32

MessageBoxA
MessageBoxW

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OnlineFix
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 916KB - Virtual size: 915KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 512B - Virtual size: 12B

fd60dddc87379c239e8ac49516966c3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unityplayer

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 2KB - Virtual size: 1KB

fd9c9736fbc202d1a20e83d97ea0979b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 672B

.reloc Size: 2KB - Virtual size: 1KB

93ca03aa69d361fee0f3aa7251ec93b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5b:92:a8:a5:d2:e4:cb:85:ca:43:49:04:11:80:ee:1a:7e:45:80:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

ole32

shlwapi

setupapi

advapi32

gdi32

shell32

opengl32

.text
Size: 916KB - Virtual size: 915KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 672B

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5b:92:a8:a5:d2:e4:cb:85:ca:43:49:04:11:80:ee:1a:7e:45:80:ac
Signer

.text
Size: 20.0MB - Virtual size: 20.0MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 249KB - Virtual size: 1.1MB

.pdata
Size: 1002KB - Virtual size: 1002KB

.rodata
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 89KB - Virtual size: 88KB

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB