RDR2_FamilyMenu_1_2_7[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

RDR2_FamilyMenu_1_2_7.rar
Size

7.2MB
MD5

398e8c129388d84ffa00ec634e28b286
SHA1

49e959c173b968e173aebfc31ff7741185785b9b
SHA256

a7fdbf23fdd80e423807cccfa82a5efb873f63cece1824bafbd2481261b11957
SHA512

b6b0b7a398440d361c0ba8079cb41608b1ea1e9516637d914e341ebc653ca6aa3dbce2e2e7eef91240c9c2cbf59f2cb32d306e791fd7e31a11b1b83071a44294
SSDEEP

196608:Dw7kG0jHZtb72n/MrTZJy57u+0MexLbVFAKQ5bhIm:07QJ72ncZJohd4LbVMbhT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RDR2_FamilyMenu_1_2_7/FamilyRDR2.dll
unpack001/RDR2_FamilyMenu_1_2_7/RDR2Loader.exe

Files

RDR2_FamilyMenu_1_2_7.rar
.rar
RDR2_FamilyMenu_1_2_7/FamilyRDR/Fonts/Fonts.ttf
RDR2_FamilyMenu_1_2_7/FamilyRDR/Hotkeys.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/de_DE.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/en_GB.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/ru_RU.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/tr_TR.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/zh_CN.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Language/zh_TW.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Listing/Listing.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Lua/Family.lua
RDR2_FamilyMenu_1_2_7/FamilyRDR/Settings.json
RDR2_FamilyMenu_1_2_7/FamilyRDR/Ytd/FamilyRes.ytd
RDR2_FamilyMenu_1_2_7/FamilyRDR2.dll
.dll windows:6 windows x64 arch:x64

5008ce6d51c5cbdd1a05396eff88d57f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vulkan-1

vkDestroyInstance
vkCmdPipelineBarrier
vkCmdCopyBufferToImage
vkCmdDrawIndexed
vkCmdBindVertexBuffers
vkCmdBindIndexBuffer
vkCmdBindDescriptorSets
vkCmdSetViewport
vkCmdBindPipeline
vkAllocateDescriptorSets
vkDestroyDescriptorSetLayout
vkCreateDescriptorSetLayout
vkDestroySampler
vkCreateSampler
vkDestroyPipelineLayout
vkCreatePipelineLayout
vkCmdPushConstants
vkCmdSetScissor
vkDestroyPipeline
vkCreateGraphicsPipelines
vkUpdateDescriptorSets
vkDestroyShaderModule
vkCreateShaderModule
vkDestroyImage
vkCreateImage
vkDestroyBuffer
vkCreateBuffer
vkGetImageMemoryRequirements
vkGetBufferMemoryRequirements
vkBindImageMemory
vkBindBufferMemory
vkFlushMappedMemoryRanges
vkUnmapMemory
vkMapMemory
vkFreeMemory
vkAllocateMemory
vkGetPhysicalDeviceMemoryProperties
vkGetSwapchainImagesKHR
vkCmdEndRenderPass
vkCmdBeginRenderPass
vkResetCommandBuffer
vkEndCommandBuffer
vkBeginCommandBuffer
vkFreeCommandBuffers
vkAllocateCommandBuffers
vkDestroyCommandPool
vkCreateCommandPool
vkCreateRenderPass
vkDestroyFramebuffer
vkCreateFramebuffer
vkDestroyDescriptorPool
vkCreateDescriptorPool
vkDestroyImageView
vkCreateImageView
vkDestroySemaphore
vkCreateSemaphore
vkWaitForFences
vkResetFences
vkDestroyFence
vkCreateFence
vkDeviceWaitIdle
vkQueueSubmit
vkGetDeviceQueue
vkDestroyDevice
vkCreateDevice
vkGetDeviceProcAddr
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceProperties
vkEnumeratePhysicalDevices
vkCreateInstance

winmm

timeGetTime

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCPInfoExW
InitOnceComplete
InitOnceBeginInitialize
GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
WakeAllConditionVariable
UnhandledExceptionFilter
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
LocalFree
SleepConditionVariableSRW
IsDebuggerPresent
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
LoadLibraryA
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
SetLastError
FormatMessageA
LoadLibraryExA
FreeLibrary
VirtualFree
VirtualAlloc
GetSystemInfo
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
OpenThread
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetTickCount
GetTickCount64
QueryPerformanceCounter
Sleep
GetCurrentThread
GetCurrentThreadId
VirtualQuery
DisableThreadLibraryCalls
GetModuleFileNameA
GlobalUnlock
GlobalLock
DeleteFileA
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetModuleInformation
GetStdHandle
GetCurrentProcessId
AllocConsole
FreeConsole
AttachConsole
GetConsoleMode
SetConsoleMode
SetConsoleOutputCP
SetConsoleTitleA
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
CopyFileA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
lstrcpyW
VirtualProtect
CloseHandle
CreateThread
FreeLibraryAndExitThread
GetProcAddress
GetLastError
InitializeSListHead

user32

LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
TrackMouseEvent
EmptyClipboard
SetClipboardData
GetClientRect
SendInput
GetKeyState
FindWindowA
GetForegroundWindow
MapVirtualKeyA
keybd_event
GetKeyNameTextA
GetClipboardData
CloseClipboard
OpenClipboard
GetAsyncKeyState

msvcp140

_Cnd_unregister_at_thread_exit
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_register_at_thread_exit
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Query_perf_counter
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
_Thrd_detach
_Thrd_yield
_Cnd_do_broadcast_at_thread_exit
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_join
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Xtime_get_ticks
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1_Locinfo@std@@QEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
_Mtx_unlock

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

vcruntime140

memset
memcpy
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
__std_terminate
memcmp
memmove
strrchr
__std_type_info_destroy_list
__intrinsic_setjmp
__current_exception_context
__current_exception
_purecall
longjmp
strstr
__std_type_info_compare
__C_specific_handler
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
_beginthreadex
terminate
_initterm
_initterm_e
abort
exit
system
_crt_atexit
strerror
_seh_filter_dll
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

toupper
strspn
isxdigit
isspace
strcoll
isblank
strncmp
_strdup
isdigit
isalnum
strcmp
strncpy
strpbrk
tolower
iscntrl
isgraph
isalpha
isupper
islower
ispunct

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
tmpnam
setvbuf
ungetc
fgets
tmpfile
_popen
_pclose
fclose
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_ftelli64
clearerr
ftell
__acrt_iob_func
feof
ferror
fseek
freopen
getc
__stdio_common_vfprintf
_wfopen
fopen

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_lock_file
_unlock_file
remove
rename
_findclose
_findfirst64i32
_findnext64i32

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-time-l1-1-0

_mktime64
_gmtime64
strftime
_difftime64
_time64
clock
_localtime64_s
_localtime64

api-ms-win-crt-math-l1-1-0

acos
asin
atan2
ceil
exp
fmod
log
log10
tan
floor
sqrtf
acosf
llround
_ldclass
_fdclass
_fdsign
_dclass
modf
_isnan
_finite
_ldsign
_dsign
sinf
cosf
ldexp
sqrt
sin
ceilf
frexp
pow
cos

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtod

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale
localeconv

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDR2_FamilyMenu_1_2_7/RDR2Loader.exe
.exe windows:6 windows x64 arch:x64

35e28e8ac6155eee763d809a15399701

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
lstrcmpA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
WriteProcessMemory
CloseHandle
GetProcAddress
VirtualAllocEx
CreateRemoteThread
WriteConsoleW
CreateFileW
HeapSize
Process32First
Process32Next
GetModuleFileNameA
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
RtlUnwind

user32

wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5008ce6d51c5cbdd1a05396eff88d57f

Headers

DLL Characteristics

File Characteristics

Imports

vulkan-1

winmm

kernel32

user32

msvcp140

imm32

d3dcompiler_47

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 1.0MB - Virtual size: 1.1MB

.pdata Size: 205KB - Virtual size: 204KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 147KB - Virtual size: 146KB

35e28e8ac6155eee763d809a15399701

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 8KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 1.0MB - Virtual size: 1.1MB

.pdata
Size: 205KB - Virtual size: 204KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 147KB - Virtual size: 146KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 2KB