xenia_canary[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

xenia_canary.zip
Size

3.4MB
MD5

ec8fcc61ea05b747b49a92cae39a7ca8
SHA1

014e3046a215db9dbcecf089d7197226e2c1d0db
SHA256

850cc46cca9f0dd21de11e7d162fdc38985f47cbe09c3339c37390594c37f783
SHA512

c0f22f4bb4fb357575c4c258556707524cdb0131e9b3419bce1a0cb7fb004c7c5e23fc257fa00a287c1e70d55a6f7d73f6d2bd28bf27f768b7f28737d88d4b9b
SSDEEP

98304:Hxn/RE3XSofpuA8izf/2vbg58fAU6j6ynPMyJC5kcM:Hxn/Gxfpl8QH2vqUMxvC5VM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xenia_canary.exe

Files

xenia_canary.zip
.zip
LICENSE
xenia_canary.exe
.exe windows:6 windows x64 arch:x64

e4e99e71a2e3048a558f07eee038d114

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\xenia-canary\xenia-canary\build\bin\Windows\Release\xenia_canary.pdb

Imports

kernel32

GetSystemPowerStatus
GetLocaleInfoA
InitializeSRWLock
CompareStringA
GetModuleHandleExW
GetFileTime
LoadLibraryExW
SetThreadExecutionState
GlobalMemoryStatusEx
VerifyVersionInfoW
GetOverlappedResult
ResetEvent
CreateFileA
FormatMessageW
WaitForSingleObject
CancelIo
SetEnvironmentVariableA
GetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
MulDiv
GetTickCount
OutputDebugStringW
SetErrorMode
GetFileSizeEx
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
LoadLibraryA
VirtualAlloc
VirtualFree
RemoveVectoredContinueHandler
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
GetFileSize
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
GetConsoleMode
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
SetUnhandledExceptionFilter
FormatMessageA
GetProcAddress
K32GetModuleInformation
GetCurrentThread
GetLastError
GetModuleHandleA
GetCurrentProcess
WriteProcessMemory
GetModuleFileNameA
ExitProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
MoveFileExW
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindFirstFileExW
CreateDirectoryW
GetLocaleInfoEx
FlushInstructionCache
VirtualProtect
GetSystemInfo
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteTimerQueueTimer
GlobalAddAtomW
GlobalDeleteAtom
CreateTimerQueueTimer
GetThreadContext
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetSystemTimeAsFileTime
AllocConsole
AttachConsole
GetStdHandle
FreeLibrary
LocalFree
LoadLibraryW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
QueryPerformanceFrequency
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
CreateFileW
FindClose
SetEndOfFile
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
IsDebuggerPresent
TlsGetValue
SleepEx
CreateSemaphoreW
GetModuleHandleW
GetThreadId
QueueUserAPC
CreateThread
RaiseException
CloseHandle
GetThreadPriority
TlsAlloc
WaitForSingleObjectEx
TerminateThread
Sleep
CreateEventW
CancelWaitableTimer
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
GetCurrentThreadId
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetProcessAffinityMask
TlsSetValue
SetWaitableTimer
SetThreadAffinityMask
OutputDebugStringA
WriteConsoleW

user32

MsgWaitForMultipleObjects
UnregisterClassW
GetSystemMetrics
CallNextHookEx
FillRect
GetPropW
GetMenu
GetWindowRect
CallWindowProcW
GetMessageExtraInfo
RegisterClassExA
UnregisterDeviceNotification
UnregisterClassA
CreateWindowExA
RegisterDeviceNotificationW
RegisterWindowMessageA
GetDesktopWindow
GetRawInputDeviceList
GetRawInputDeviceInfoA
PostThreadMessageW
RegisterRawInputDevices
SetCursorPos
SystemParametersInfoW
CreateIconIndirect
CopyImage
GetWindowTextW
SetForegroundWindow
PtInRect
GetParent
FlashWindowEx
SetWindowsHookExW
IntersectRect
SetLayeredWindowAttributes
UnhookWindowsHookEx
CreateIconFromResource
AttachThreadInput
RegisterClassW
GetKeyboardState
RemovePropW
SetActiveWindow
MonitorFromRect
GetWindowTextLengthW
GetWindowThreadProcessId
SetWindowRgn
ToUnicode
GetKeyboardLayout
MapVirtualKeyW
EnumDisplaySettingsW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
ChangeDisplaySettingsExW
IsClipboardFormatAvailable
GetClipboardSequenceNumber
DrawTextW
GetDlgItem
MessageBoxW
GetCursorPos
ReleaseDC
PeekMessageW
ReleaseCapture
CreateMenu
EnableMenuItem
AppendMenuW
GetMenuInfo
GetClientRect
SetWindowLongW
SetCursor
SetCapture
DrawMenuBar
LoadCursorW
LoadIconW
SetPropW
SetFocus
DestroyMenu
SetMenu
ValidateRect
SetMenuInfo
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
DestroyIcon
GetCapture
ShowWindow
GetClassLongPtrW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
MonitorFromWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
CreateIconFromResourceEx
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
GetMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
GetClipCursor
GetAsyncKeyState
SystemParametersInfoA
DialogBoxIndirectParamW
EndDialog
SetTimer
TrackMouseEvent
GetForegroundWindow
GetUpdateRect
MessageBoxA
GetRawInputData
ClipCursor
KillTimer
GetClassInfoExW
IsIconic
InvalidateRect
GetDoubleClickTime
OpenClipboard

advapi32

RegQueryValueExW
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegGetValueW

ole32

CoCreateInstance
PropVariantClear
CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoUninitialize

ntdll

RtlCaptureStackBackTrace
RtlCaptureContext
RtlDeleteFunctionTable
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
VerSetConditionMask

dwmapi

DwmSetWindowAttribute

shlwapi

ord219

dxgi

CreateDXGIFactory1

winmm

waveInGetNumDevs
waveOutGetDevCapsW
waveInReset
waveInUnprepareHeader
waveInClose
waveInPrepareHeader
waveOutClose
waveOutWrite
waveInGetDevCapsW
waveOutReset
waveInOpen
waveOutGetErrorTextW
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveInStart
waveInAddBuffer
waveOutGetNumDevs
timeBeginPeriod
timeEndPeriod
PlaySoundW

wsock32

ntohl
shutdown
listen
accept
bind
htonl
getsockname
send
socket
connect
ioctlsocket
recvfrom
WSAStartup
recv
getsockopt
select
sendto
inet_ntoa
setsockopt
WSAGetLastError
__WSAFDIsSet
closesocket

bcrypt

BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom

imm32

ImmAssociateContext
ImmSetCompositionStringW
ImmNotifyIME
ImmGetCandidateListW
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

msvcp140

_Thrd_hardware_concurrency
_Thrd_yield
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Cnd_timedwait
_Xtime_get_ticks
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
_Thrd_join
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_init_in_situ
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Xruntime_error@std@@YAXPEBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?global@locale@std@@SA?AV12@AEBV12@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Mbrtowc
_Strxfrm
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Cnd_wait
_Cnd_signal
?exceptions@ios_base@std@@QEAAXH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??0ctype_base@std@@QEAA@_K@Z
??1ctype_base@std@@UEAA@XZ
_Toupper
_Tolower
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?fail@ios_base@std@@QEBA_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?xalloc@ios_base@std@@SAHXZ
?iword@ios_base@std@@QEAAAEAJH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_trylock

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
strrchr
memchr
__std_exception_destroy
__RTDynamicCast
memset
_CxxThrowException
memcpy
__current_exception_context
__current_exception
__std_type_info_compare
strstr
__std_exception_copy
__RTtypeid
__std_type_info_name
__C_specific_handler
strchr
__std_terminate
_purecall
memmove

api-ms-win-crt-stdio-l1-1-0

fflush
fsetpos
setvbuf
fread
_fseeki64
fwrite
__stdio_common_vswprintf
fputs
ftell
fseek
ungetc
fopen_s
__p__commode
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
_set_fmode
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vfprintf
_isatty
__stdio_common_vsnprintf_s
_fileno
fclose
fread_s
fputc
fgetc
fgets
freopen_s
__stdio_common_vsprintf
_open_osfhandle
_chsize_s
_wfopen
_ftelli64
fopen
ferror
fgetpos

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
malloc
free
realloc
_callnewh
calloc
_set_new_mode
_aligned_realloc
_aligned_free

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol
strtoull
atof
strtoll
strtod
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_get_wpgmptr
_register_onexit_function
_initialize_onexit_table
exit
_set_app_type
_configure_wide_argv
_initialize_wide_environment
abort
_get_wide_winmain_command_line
_initterm
signal
_initterm_e
_exit
strerror
_c_exit
terminate
_beginthreadex
quick_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_errno
_crt_atexit

api-ms-win-crt-time-l1-1-0

clock
_time64
_localtime64
_mkgmtime64
_mktime64
_gmtime64
asctime

api-ms-win-crt-math-l1-1-0

frexp
pow
acos
__setusermatherr
sqrt
asin
atan
sinf
cos
cosh
exp
_dclass
scalbnf
_fdclass
_ldclass
fabs
acosf
atan2
exp2f
lround
_copysign
truncf
asinf
atan2f
scalbn
atanf
cosf
lroundf
expf
fmod
fmodf
fminf
roundf
log10
log10f
log2f
nanf
logf
powf
round
trunc
llrint
log
exp2
ldexp
sqrtf
sin
_dsign
_fdsign
_ldsign
sinh
tan
tanh
_fdopen
hypot
tanf

api-ms-win-crt-string-l1-1-0

isdigit
islower
strcmp
_strdup
tolower
_strrev
_strnicmp
_wcsicmp
_wcsnicmp
isspace
strncpy
iscntrl
isalnum
isxdigit
strspn
isalpha
strcspn
isprint
toupper
isupper
isgraph
strncmp
_stricmp
ispunct

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

gdi32

CreateDCW
SetDeviceGammaRamp
GetICMProfileW
DeleteDC
CreateDIBSection
CreateBitmap
DeleteObject
GetStockObject
GetDeviceGammaRamp
GetDeviceCaps
BitBlt
GetTextExtentPoint32A
GetTextMetricsW
CreateFontIndirectW
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
CreateCompatibleBitmap
GetDIBits
SelectObject
CreateCompatibleDC
CreateRectRgn
CombineRgn
CreateSolidBrush

shell32

CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW
ExtractIconExW
DragQueryFileW
DragFinish
DragAcceptFiles

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiGetClassDevsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-crt-environment-l1-1-0

getenv

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cold
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e99e71a2e3048a558f07eee038d114

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ntdll

dwmapi

shlwapi

dxgi

winmm

wsock32

bcrypt

imm32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

gdi32

shell32

setupapi

version

api-ms-win-crt-environment-l1-1-0

oleaut32

Exports

Exports

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.cold Size: 45KB - Virtual size: 45KB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 124KB - Virtual size: 5.6MB

.pdata Size: 202KB - Virtual size: 202KB

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.cold
Size: 45KB - Virtual size: 45KB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 124KB - Virtual size: 5.6MB

.pdata
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 37KB - Virtual size: 36KB