D:\AFL&angr\my_winafl_fuzz\dynamorio\build64\clients\bin64\opcode_mix_launcher.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85.exe
Resource
win7-20240419-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85
-
Size
2.0MB
-
MD5
556ae5538a67d22eb480195b80a6f28b
-
SHA1
75b2212d48fa7999c760846e9ac09289823c3edf
-
SHA256
c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85
-
SHA512
64521525ecf12997758655b6cafdc530ee3be3488f2e040340f42e8d4c65e7b650a08837b3002165a26700c3d00fd36ab4963222826df9305ad3991302c5e292
-
SSDEEP
49152:Vrfur2+v7PZ5HOU7fiW72r+j8l7B2ZPQV9oDEGq6Tqh5z0:ZWq+zr9so
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85
Files
-
c2d7d20a459a73447cba6ef3887abfe20ae18f31c8ec964de14421d67e911f85.exe windows:5 windows x64 arch:x64
31ad9fc7c4a7497bc2d9d2f8d686f4e1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
dynamorio
islower
wcschr
tolower
_stricmp
strncat
wcsstr
wcsncpy
NtUnmapViewOfSection
NtCreateSection
RtlInitUnicodeString
NtOpenDirectoryObject
NtMapViewOfSection
_strcmpi
wcsncat
isupper
ntdll
RtlCreateHeap
NtTestAlert
NtCallbackReturn
KiRaiseUserExceptionDispatcher
KiUserExceptionDispatcher
KiUserCallbackDispatcher
KiUserApcDispatcher
NtOpenProcessToken
NtOpenThreadToken
NtQueryFullAttributesFile
NtOpenProcess
NtSetInformationThread
NtQueryAttributesFile
NtOpenThread
NtOpenFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtCreateDirectoryObject
LdrGetDllHandle
LdrUnloadDll
NtCreateThread
NtStopProfile
NtStartProfile
NtQueryIntervalProfile
NtSetIntervalProfile
NtCreateProfile
NtCancelIoFile
NtQueryPerformanceCounter
NtClearEvent
NtSetEvent
NtCreateEvent
NtRaiseHardError
NtCreateIoCompletion
NtFlushBuffersFile
NtQuerySystemTime
RtlConvertSidToUnicodeString
RtlQueryEnvironmentVariable_U
RtlInitializeCriticalSection
NtEnumerateKey
NtSetValueKey
NtQueryValueKey
NtQueryObject
NtDuplicateObject
NtClose
NtDelayExecution
NtSetInformationProcess
NtTerminateProcess
NtTerminateThread
NtResumeThread
NtSuspendThread
NtSetContextThread
NtGetContextThread
NtContinue
NtWriteVirtualMemory
NtReadVirtualMemory
RtlTryEnterCriticalSection
NtQuerySystemInformation
NtYieldExecution
NtSetInformationFile
NtOpenKey
NtCreateKey
NtCreateFile
NtQueryInformationThread
NtProtectVirtualMemory
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtOpenSection
NtQueryVirtualMemory
NtQueryInformationToken
NtQueryInformationFile
NtQueryInformationProcess
NtWriteFile
NtReadFile
NtFsControlFile
NtWaitForSingleObject
RtlLeaveCriticalSection
RtlEnterCriticalSection
LdrLoadDll
RtlDestroyHeap
LdrGetProcedureAddress
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
RtlSizeHeap
RtlValidateHeap
RtlLockHeap
RtlUnlockHeap
RtlFreeUnicodeString
RtlFreeAnsiString
RtlFreeOemString
RtlDeleteCriticalSection
NtFlushVirtualMemory
NtCreateNamedPipeFile
NtDeviceIoControlFile
NtQueryDirectoryFile
NtEnumerateValueKey
kernel32
GetCurrentProcess
RtlUnwind
FindFirstFileW
LCMapStringEx
DecodePointer
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
GetExitCodeThread
WriteConsoleW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
TerminateProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
GetLastError
SetEnvironmentVariableW
CreateFileW
GetFileAttributesW
ReadFile
CloseHandle
SetEndOfFile
FreeLibrary
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
Exports
Exports
_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
__wrap_calloc
__wrap_free
__wrap_malloc
__wrap_realloc
__wrap_strdup
decode
decode_as_bb
decode_eflags_usage
decode_first_opcode_byte
decode_from_copy
decode_memory_reference_size
decode_next_pc
decode_opcode_name
decode_sizeof
decode_sizeof_ex
decode_trace
disassemble
disassemble_from_copy
disassemble_set_syntax
disassemble_to_buffer
disassemble_with_info
dr_abort
dr_abort_with_code
dr_allow_unsafe_static_behavior
dr_annotation_pass_pc
dr_annotation_register_call
dr_annotation_register_return
dr_annotation_unregister_call
dr_annotation_unregister_return
dr_app_arg_as_cstring
dr_app_cleanup
dr_app_pc_as_jump_target
dr_app_pc_as_load_target
dr_app_pc_for_decoding
dr_app_pc_from_cache_pc
dr_app_recurlock_lock
dr_app_running_under_dynamorio
dr_app_setup
dr_app_setup_and_start
dr_app_start
dr_app_stop
dr_app_stop_and_cleanup
dr_app_stop_and_cleanup_with_stats
dr_app_take_over
dr_atomic_add32_return_sum
dr_atomic_add64_return_sum
dr_atomic_load32
dr_atomic_load64
dr_atomic_store32
dr_atomic_store64
dr_bb_exists_at
dr_call_on_clean_stack
dr_cleanup_after_call
dr_client_thread_set_suspendable
dr_clobber_retaddr_after_read
dr_close_file
dr_convert_handle_to_pid
dr_convert_pid_to_handle
dr_copy_module_data
dr_create_client_thread
dr_create_dir
dr_create_memory_dump
dr_custom_alloc
dr_custom_free
dr_delay_flush_region
dr_delete_dir
dr_delete_file
dr_delete_fragment
dr_directory_exists
dr_dup_file_handle
dr_enable_console_printing
dr_event_create
dr_event_destroy
dr_event_reset
dr_event_signal
dr_event_wait
dr_exit_process
dr_file_exists
dr_file_seek
dr_file_size
dr_file_tell
dr_flush_file
dr_flush_region
dr_flush_region_ex
dr_fprintf
dr_fragment_app_pc
dr_fragment_exists_at
dr_fragment_persistable
dr_fragment_size
dr_free_module_data
dr_get_app_PEB
dr_get_app_args
dr_get_application_name
dr_get_client_base
dr_get_client_path
dr_get_current_directory
dr_get_current_drcontext
dr_get_dr_segment_base
dr_get_dr_thread_handle
dr_get_error_code
dr_get_integer_option
dr_get_isa_mode
dr_get_logfile
dr_get_main_module
dr_get_mcontext
dr_get_microseconds
dr_get_milliseconds
dr_get_option_array
dr_get_options
dr_get_os_version
dr_get_proc_address
dr_get_proc_address_ex
dr_get_process_id
dr_get_process_id_from_drcontext
dr_get_random_seed
dr_get_random_value
dr_get_stats
dr_get_stderr_file
dr_get_stdin_file
dr_get_stdout_file
dr_get_stolen_reg
dr_get_string_option
dr_get_thread_id
dr_get_time
dr_get_tls_field
dr_get_token
dr_global_alloc
dr_global_free
dr_insert_call
dr_insert_call_ex
dr_insert_call_instrumentation
dr_insert_cbr_instrumentation
dr_insert_cbr_instrumentation_ex
dr_insert_clean_call
dr_insert_clean_call_ex
dr_insert_get_seg_base
dr_insert_get_stolen_reg_value
dr_insert_it_instrs
dr_insert_mbr_instrumentation
dr_insert_read_raw_tls
dr_insert_read_tls_field
dr_insert_restore_fpstate
dr_insert_save_fpstate
dr_insert_set_stolen_reg_value
dr_insert_ubr_instrumentation
dr_insert_write_raw_tls
dr_insert_write_tls_field
dr_is_detaching
dr_is_notify_on
dr_is_nudge_thread
dr_is_thread_native
dr_is_tracking_where_am_i
dr_is_wow64
dr_load_aux_library
dr_log
dr_lookup_aux_library_routine
dr_lookup_module
dr_lookup_module_by_name
dr_lookup_module_section
dr_map_executable_file
dr_map_file
dr_mark_safe_to_suspend
dr_mark_trace_head
dr_max_opnd_accessible_spill_slot
dr_mcontext_to_context
dr_mcontext_xmm_fields_valid
dr_mcontext_zmm_fields_valid
dr_memory_is_dr_internal
dr_memory_is_in_client
dr_memory_is_readable
dr_memory_protect
dr_merge_arith_flags
dr_messagebox
dr_module_contains_addr
dr_module_import_iterator_hasnext
dr_module_import_iterator_next
dr_module_import_iterator_start
dr_module_import_iterator_stop
dr_module_iterator_hasnext
dr_module_iterator_next
dr_module_iterator_start
dr_module_iterator_stop
dr_module_preferred_name
dr_module_set_should_instrument
dr_module_should_instrument
dr_mutex_create
dr_mutex_destroy
dr_mutex_lock
dr_mutex_mark_as_app
dr_mutex_self_owns
dr_mutex_trylock
dr_mutex_unlock
dr_nonheap_alloc
dr_nonheap_free
dr_nudge_client
dr_nudge_client_ex
dr_num_app_args
dr_open_file
dr_page_size
dr_persist_size
dr_persist_start
dr_prepare_for_call
dr_prepopulate_cache
dr_prepopulate_indirect_targets
dr_print_instr
dr_print_opnd
dr_printf
dr_query_memory
dr_query_memory_ex
dr_raw_mem_alloc
dr_raw_mem_free
dr_raw_tls_calloc
dr_raw_tls_cfree
dr_raw_tls_opnd
dr_read_file
dr_read_saved_reg
dr_recurlock_create
dr_recurlock_destroy
dr_recurlock_lock
dr_recurlock_mark_as_app
dr_recurlock_self_owns
dr_recurlock_trylock
dr_recurlock_unlock
dr_redirect_execution
dr_redirect_native_target
dr_reg_spill_slot_opnd
dr_register_bb_event
dr_register_clean_call_insertion_event
dr_register_delete_event
dr_register_end_trace_event
dr_register_exception_event
dr_register_exit_event
dr_register_filter_syscall_event
dr_register_kernel_xfer_event
dr_register_low_on_memory_event
dr_register_module_load_event
dr_register_module_unload_event
dr_register_nudge_event
dr_register_persist_patch
dr_register_persist_ro
dr_register_persist_rw
dr_register_persist_rx
dr_register_post_syscall_event
dr_register_pre_syscall_event
dr_register_restore_state_event
dr_register_restore_state_ex_event
dr_register_thread_exit_event
dr_register_thread_init_event
dr_register_trace_event
dr_remove_it_instrs
dr_rename_file
dr_replace_fragment
dr_request_synchronized_exit
dr_restore_app_stack
dr_restore_arith_flags
dr_restore_arith_flags_from_reg
dr_restore_arith_flags_from_xax
dr_restore_reg
dr_resume_all_other_threads
dr_retakeover_suspended_native_thread
dr_rwlock_create
dr_rwlock_destroy
dr_rwlock_mark_as_app
dr_rwlock_read_lock
dr_rwlock_read_unlock
dr_rwlock_self_owns_write_lock
dr_rwlock_write_lock
dr_rwlock_write_trylock
dr_rwlock_write_unlock
dr_safe_read
dr_safe_write
dr_save_arith_flags
dr_save_arith_flags_to_reg
dr_save_arith_flags_to_xax
dr_save_reg
dr_set_client_name
dr_set_client_version_string
dr_set_isa_mode
dr_set_mcontext
dr_set_process_exit_behavior
dr_set_random_seed
dr_set_tls_field
dr_sleep
dr_snprintf
dr_snwprintf
dr_sscanf
dr_standalone_exit
dr_standalone_init
dr_suspend_all_other_threads
dr_suspend_all_other_threads_ex
dr_swap_to_clean_stack
dr_switch_to_app_state
dr_switch_to_app_state_ex
dr_switch_to_dr_state
dr_switch_to_dr_state_ex
dr_symbol_export_iterator_hasnext
dr_symbol_export_iterator_next
dr_symbol_export_iterator_start
dr_symbol_export_iterator_stop
dr_symbol_import_iterator_hasnext
dr_symbol_import_iterator_next
dr_symbol_import_iterator_start
dr_symbol_import_iterator_stop
dr_syscall_get_param
dr_syscall_get_result
dr_syscall_get_result_ex
dr_syscall_intercept_natively
dr_syscall_invoke_another
dr_syscall_set_param
dr_syscall_set_result
dr_syscall_set_result_ex
dr_syscall_set_sysnum
dr_thread_alloc
dr_thread_free
dr_thread_yield
dr_trace_exists_at
dr_trace_head_at
dr_track_where_am_i
dr_try_setup
dr_try_start
dr_try_stop
dr_unlink_flush_region
dr_unload_aux_library
dr_unmap_executable_file
dr_unmap_file
dr_unregister_bb_event
dr_unregister_clean_call_insertion_event
dr_unregister_delete_event
dr_unregister_end_trace_event
dr_unregister_exception_event
dr_unregister_exit_event
dr_unregister_filter_syscall_event
dr_unregister_kernel_xfer_event
dr_unregister_low_on_memory_event
dr_unregister_module_load_event
dr_unregister_module_unload_event
dr_unregister_nudge_event
dr_unregister_persist_patch
dr_unregister_persist_ro
dr_unregister_persist_rw
dr_unregister_persist_rx
dr_unregister_post_syscall_event
dr_unregister_pre_syscall_event
dr_unregister_restore_state_event
dr_unregister_restore_state_ex_event
dr_unregister_thread_exit_event
dr_unregister_thread_init_event
dr_unregister_trace_event
dr_using_all_private_caches
dr_using_app_state
dr_using_console
dr_vfprintf
dr_virtual_query
dr_vsnprintf
dr_vsnwprintf
dr_where_am_i
dr_write_file
dr_write_saved_reg
drmemtrace_get_timestamp_from_offline_trace
drmgr_current_bb_phase
drmgr_decode_sysnum_from_wrapper
drmgr_disable_auto_predication
drmgr_exit
drmgr_get_cls_field
drmgr_get_emulated_instr_data
drmgr_get_parent_cls_field
drmgr_get_tls_field
drmgr_in_emulation_region
drmgr_init
drmgr_insert_emulation_end
drmgr_insert_emulation_start
drmgr_insert_read_cls_field
drmgr_insert_read_tls_field
drmgr_insert_write_cls_field
drmgr_insert_write_tls_field
drmgr_is_emulation_end
drmgr_is_emulation_start
drmgr_is_first_instr
drmgr_is_first_nonlabel_instr
drmgr_is_last_instr
drmgr_orig_app_instr_for_fetch
drmgr_orig_app_instr_for_operands
drmgr_pop_cls
drmgr_push_cls
drmgr_register_bb_app2app_event
drmgr_register_bb_instru2instru_event
drmgr_register_bb_instrumentation_all_events
drmgr_register_bb_instrumentation_event
drmgr_register_bb_instrumentation_ex_event
drmgr_register_bb_meta_instru_event
drmgr_register_bbdup_event
drmgr_register_bbdup_pre_event
drmgr_register_cls_field
drmgr_register_exception_event
drmgr_register_exception_event_ex
drmgr_register_kernel_xfer_event
drmgr_register_kernel_xfer_event_ex
drmgr_register_low_on_memory_event
drmgr_register_low_on_memory_event_ex
drmgr_register_low_on_memory_event_user_data
drmgr_register_module_load_event
drmgr_register_module_load_event_ex
drmgr_register_module_load_event_user_data
drmgr_register_module_unload_event
drmgr_register_module_unload_event_ex
drmgr_register_module_unload_event_user_data
drmgr_register_opcode_instrumentation_event
drmgr_register_post_syscall_event
drmgr_register_post_syscall_event_ex
drmgr_register_post_syscall_event_user_data
drmgr_register_pre_syscall_event
drmgr_register_pre_syscall_event_ex
drmgr_register_pre_syscall_event_user_data
drmgr_register_restore_state_event
drmgr_register_restore_state_ex_event
drmgr_register_restore_state_ex_event_ex
drmgr_register_thread_exit_event
drmgr_register_thread_exit_event_ex
drmgr_register_thread_exit_event_user_data
drmgr_register_thread_init_event
drmgr_register_thread_init_event_ex
drmgr_register_thread_init_event_user_data
drmgr_register_tls_field
drmgr_reserve_note_range
drmgr_set_cls_field
drmgr_set_tls_field
drmgr_unregister_bb_app2app_event
drmgr_unregister_bb_insertion_event
drmgr_unregister_bb_instru2instru_event
drmgr_unregister_bb_instrumentation_all_events
drmgr_unregister_bb_instrumentation_event
drmgr_unregister_bb_instrumentation_ex_event
drmgr_unregister_bb_meta_instru_event
drmgr_unregister_bbdup_event
drmgr_unregister_bbdup_pre_event
drmgr_unregister_cls_field
drmgr_unregister_exception_event
drmgr_unregister_kernel_xfer_event
drmgr_unregister_low_on_memory_event
drmgr_unregister_low_on_memory_event_user_data
drmgr_unregister_module_load_event
drmgr_unregister_module_load_event_user_data
drmgr_unregister_module_unload_event
drmgr_unregister_module_unload_event_user_data
drmgr_unregister_opcode_instrumentation_event
drmgr_unregister_post_syscall_event
drmgr_unregister_post_syscall_event_user_data
drmgr_unregister_pre_syscall_event
drmgr_unregister_pre_syscall_event_user_data
drmgr_unregister_restore_state_event
drmgr_unregister_restore_state_ex_event
drmgr_unregister_thread_exit_event
drmgr_unregister_thread_exit_event_user_data
drmgr_unregister_thread_init_event
drmgr_unregister_thread_init_event_user_data
drmgr_unregister_tls_field
drmodtrack_add_custom_data
drmodtrack_dump
drmodtrack_dump_buf
drmodtrack_exit
drmodtrack_init
drmodtrack_lookup
drmodtrack_lookup_segment
drmodtrack_offline_exit
drmodtrack_offline_lookup
drmodtrack_offline_read
drmodtrack_offline_write
drreg_aflags_liveness
drreg_are_aflags_dead
drreg_exit
drreg_get_app_value
drreg_init
drreg_init_and_fill_vector
drreg_is_instr_spill_or_restore
drreg_is_register_dead
drreg_max_slots_used
drreg_reservation_info
drreg_reservation_info_ex
drreg_reserve_aflags
drreg_reserve_dead_register
drreg_reserve_register
drreg_restore_all
drreg_restore_app_aflags
drreg_restore_app_values
drreg_set_bb_properties
drreg_set_vector_entry
drreg_statelessly_restore_all
drreg_statelessly_restore_app_value
drreg_unreserve_aflags
drreg_unreserve_register
drutil_exit
drutil_expand_rep_string
drutil_expand_rep_string_ex
drutil_init
drutil_insert_get_mem_addr
drutil_insert_get_mem_addr_ex
drutil_instr_is_stringop_loop
drutil_opnd_mem_size_in_bytes
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 651KB - Virtual size: 650KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 59KB - Virtual size: 278KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cspdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.nspdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.fspdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ