4dbdd4c0743998d6ecb0359797518490_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4dbdd4c0743998d6ecb0359797518490_NeikiAnalytics.exe
Size

1.2MB
MD5

4dbdd4c0743998d6ecb0359797518490
SHA1

1fbb802780bc6909c7c7242607ae837d094733e9
SHA256

e692ae3006136dab5aca6ff5b57859069d6a2964657814d503bd2d4838a0aa4e
SHA512

6d7f90a2f31cbf15f42ce895580af06527c826a588feb55406f885dda9cdc53c4dd828a58751c5fe88941e9d4794840de037f0d6795982c242dcfbfbad827079
SSDEEP

12288:d16fxZhihZxxuHShX9pXI7vgbrWVQhTCYHvRktx/aICF9flefuKaO0VQ/:d1UHhSZxxuHS7C743TvRk6NwG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dbdd4c0743998d6ecb0359797518490_NeikiAnalytics.exe

Files

4dbdd4c0743998d6ecb0359797518490_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

f7e73244267a9b2fdf7994ddc47e0156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vds.pdb

Imports

user32

MessageBoxW
PostThreadMessageW
GetMessageW
DispatchMessageW
CharNextW
RegisterDeviceNotificationW
UnregisterDeviceNotification
LoadStringW
PeekMessageW
DefWindowProcW

msvcrt

__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
memset
_XcptFilter
_callnewh
malloc
free
_ltow
_onexit
??1type_info@@UEAA@XZ
memcpy
swscanf_s
memcmp
wcscpy_s
towupper
_fmode
wcsncmp
wcsstr
_wtol
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
rand
time
srand
_commode
?terminate@@YAXXZ
_wcsnicmp
_wcsicmp
_vsnwprintf
_CxxThrowException
__C_specific_handler
_amsg_exit
_purecall
__CxxFrameHandler3
__dllonexit
_unlock
_lock

atl

ord17
ord32
ord23
ord18
ord57
ord16
ord20
ord30

ntdll

RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlAdjustPrivilege
NtQueryVolumeInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDeleteResource
RtlAcquireResourceShared

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

ReadFile
GetDriveTypeW
FindFirstVolumeW
RemoveDirectoryW
GetFileAttributesW
FindNextVolumeW
SetFilePointerEx
WriteFile
GetVolumePathNameW
DefineDosDeviceW
CreateFileW
DeleteVolumeMountPointW
QueryDosDeviceW
FindVolumeClose

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
OpenProcessToken
CreateThread
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentProcess
GetStartupInfoW
ResumeThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
SetEvent
ReleaseSemaphore
CreateEventW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
MakeAbsoluteSD
IsValidSid
GetLengthSid
AddAccessAllowedAce
FreeSid
AdjustTokenPrivileges
DuplicateTokenEx
MakeSelfRelativeSD

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
ControlService

api-ms-win-service-management-l1-1-0

DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceObjectSecurity
SetServiceObjectSecurity

setupapi

CM_Get_Parent
SetupDiCallClassInstaller
SetupDiGetCustomDevicePropertyW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
SetupDiGetDeviceInterfaceDetailW
CM_Reenumerate_DevNode_Ex
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

osuninst

IsUninstallImageValid

vdsutil

?Remove@CRtlMap@@QEAAHAEAVCRtlEntry@@@Z
OpenDevice
GetDeviceName
GetDeviceAndMediaType
GetDiskLayout
GetPartitionInformation
?RegisterHandle@CVdsPnPNotificationBase@@QEAAKPEAXPEAPEAX@Z
?Append@CPrvEnumObject@@QEAAJPEAUIUnknown@@@Z
?Reset@CPrvEnumObject@@UEAAJXZ
IsVdsLoggingEnabled
VdsTraceExW
GuidToString
?InsertUnique@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
IsNoAutoMount
IsEfiFirmware
?Clear@CPrvEnumObject@@QEAAXXZ
LockDismountVolume
GetDeviceNumber
IsDriveLetter
?Next@CPrvEnumObject@@UEAAJKPEAPEAUIUnknown@@PEAK@Z
?Skip@CPrvEnumObject@@UEAAJK@Z
?Clone@CPrvEnumObject@@UEAAJPEAPEAUIEnumVdsObject@@@Z
??0CVdsAsyncObjectBase@@QEAA@XZ
??1CVdsAsyncObjectBase@@QEAA@XZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QEAAXJK@Z
?Signal@CVdsAsyncObjectBase@@QEAAXXZ
VdsIscsiIpAddressToString
VdsWmiFindInstanceOfClass
VdsWmiGetUlonglongFromInstance
?QueryStatus@CVdsAsyncObjectBase@@UEAAJPEAJPEAK@Z
VdsIscsiIpsecIdToIpAddress
VdsIscsiCheckEqualIpAddress
VdsIscsiIpAddressToIpsecId
WriteBootCode
CoFreeStringArray
GetFMIFSFormatEx2Routine
GetFMIFSEnableCompressionRoutine
RemoveTempVolumeName
MountVolume
GetFileSystemRecognitionName
GetFMIFSGetDefaultFilesystemRoutine
AssignTempVolumeName
GetVolumeName
GetVolumeDiskExtentInfo
GarbageCollectDriveLetters
LockVolume
DeleteNetworkShare
GetVolumeUniqueId
GetVolumeGuidPathnames
DeleteBcdObjects
VdsIscsiCacheSessionDevices
VdsWmiGetObjectInVariantObjectArray
VdsIscsiGetIpAddressFromInstance
VdsWmiCreateClassInstance
VdsWmiSetUlongInInstance
VdsWmiCreateVariantArray
VdsWmiSetUlonglongInInstance
VdsWmiGetMethodArgumentObject
VdsWmiSetObjectInInstance
VdsWmiCallMethod
?UnregisterHandle@CVdsPnPNotificationBase@@QEAAXPEAX@Z
GetDeviceManufacturerInfo
?Insert@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
GetStorageAccessAlignmentProperty
IsDiskClustered
IsDiskReadOnly
IsDiskCurrentStateReadOnly
CreateDeviceInfoSet
GetDeviceId
GetDeviceRegistryPropertyByInfo
VdsAllocateEmptyString
GetDeviceRegistryPropertyByInst
GetDeviceLocationEx
VdsDoesDiskHaveArcPath
GetBootFromDiskNumber
GetDiskOfflineReason
GetDiskRedundancyCount
VdsAllocateString
GetDiskIdentifiers
?WaitImpl@CVdsAsyncObjectBase@@QEAAJPEAJ@Z
VdsTrace
ReleaseRundownProtection
?Initialize@CVdsPnPNotificationBase@@QEAAKXZ
?Initialize@CVdsAsyncObjectBase@@SAKXZ
AcquireRundownProtection
IsWinPE
?Remove@CRtlList@@QEAAXAEAVCRtlListIter@@@Z
?InsertTailPointer@CRtlList@@QEAAHPEAX@Z
?Uninitialize@CVdsAsyncObjectBase@@SAXXZ
?Uninitialize@CVdsPnPNotificationBase@@QEAAXXZ
?Next@CRtlMapIter@@QEAAAEAV1@XZ
?Begin@CRtlMap@@QEAA?AVCRtlMapIter@@XZ
VdsTraceW
?GetEntryPointer@CRtlListIter@@QEAAPEAXXZ
VdsInitializeCriticalSection
?RemoveAll@CRtlMap@@QEAAXH@Z
??1CRtlMap@@UEAA@XZ
StopReferenceHistory
WaitForRundownProtectionRelease
StartReferenceHistory
InitializeRundownProtection
VdsDisableCOMFatalExceptionHandling
??1CGlobalResource@@QEAA@XZ
UnInitializeGlobalResouce
?Initialize@CGlobalResource@@QEAAJXZ
??0CGlobalResource@@QEAA@XZ
RemoveEventSource
VdsHeapAlloc
AddEventSource
InitializeSecurityDescriptorHelper
LogInfo
LogError
VdsHeapFree
AllocateAndGetVolumePathName
?Find@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAV2@@Z
??0CRtlList@@QEAA@P6AXPEAVCRtlEntry@@@Z@Z
??1CRtlList@@QEAA@XZ
?Begin@CRtlList@@QEAA?AVCRtlListIter@@XZ
?End@CRtlList@@QEAA?AVCRtlListIter@@XZ
?RemoveAll@CRtlList@@QEAAXXZ
?GetEntry@CRtlListIter@@QEAAPEAVCRtlEntry@@XZ
?Next@CRtlListIter@@QEAAAEAV1@XZ
?Prev@CRtlListIter@@QEAAAEAV1@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z
??1CVdsCallTracer@@QEAA@XZ
??0CRtlMap@@QEAA@KP6AXPEAVCRtlEntry@@@Z1@Z
?FindPtr@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAPEAV2@@Z
?Detach@CVdsWmiVariantObjectArrayEnum@@QEAAJXZ
VdsWmiCopyFromVariantByteArray
VdsWmiGetObjectFromInstance
VdsWmiGetUlongFromInstance
VdsWmiGetByteFromInstance
?Next@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAPEAUIWbemClassObject@@@Z
?Attach@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAUtagVARIANT@@@Z
VdsWmiConnectToNamespace
??1CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
??0CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
InvalidateDiskCache
GetInterfaceDetailData
?InsertHeadPointer@CRtlList@@QEAAHPEAX@Z
IsClientSKU
GetMediaGeometryEx
IsRunningOnAMD64
VdsTraceEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-kernel32-legacy-l1-1-1

FindNextVolumeMountPointW
FindVolumeMountPointClose
SetVolumeMountPointW
FindFirstVolumeMountPointW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

Exports

Exports

??0?$CVdsCoTaskPtr@G@@QEAA@XZ
??0?$CVdsHandleImpl@$0?0@@QEAA@XZ
??0?$CVdsHandleImpl@$0A@@@QEAA@XZ
??0?$CVdsHeapPtr@D@@QEAA@XZ
??0?$CVdsHeapPtr@G@@QEAA@XZ
??0?$CVdsHeapPtr@J@@QEAA@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@D@@QEAA@XZ
??0?$CVdsPtr@G@@QEAA@XZ
??0?$CVdsPtr@J@@QEAA@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0CPrvEnumObject@@QEAA@XZ
??0CRtlSharedLock@@QEAA@XZ
??0CVdsCriticalSection@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QEAA@XZ
??0CVdsUnlockIt@@QEAA@AEAJ@Z
??1?$CVdsCoTaskPtr@G@@QEAA@XZ
??1?$CVdsHandleImpl@$0?0@@QEAA@XZ
??1?$CVdsHandleImpl@$0A@@@QEAA@XZ
??1?$CVdsHeapPtr@D@@QEAA@XZ
??1?$CVdsHeapPtr@G@@QEAA@XZ
??1?$CVdsHeapPtr@J@@QEAA@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@D@@QEAA@XZ
??1?$CVdsPtr@G@@QEAA@XZ
??1?$CVdsPtr@J@@QEAA@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1CPrvEnumObject@@QEAA@XZ
??1CRtlSharedLock@@QEAA@XZ
??1CVdsCriticalSection@@QEAA@XZ
??1CVdsPnPNotificationBase@@QEAA@XZ
??1CVdsUnlockIt@@QEAA@XZ
??4?$CVdsHandleImpl@$0?0@@QEAAPEAXPEAX@Z
??4?$CVdsHandleImpl@$0A@@@QEAAPEAXPEAX@Z
??4?$CVdsHeapPtr@D@@QEAAPEADPEAD@Z
??4?$CVdsHeapPtr@G@@QEAAPEAGPEAG@Z
??4?$CVdsHeapPtr@J@@QEAAPEAJPEAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAAPEAUFMIFS_DEF_FS_OUT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINTS@@PEAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@PEAU1@@Z
??8?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??8?$CVdsHandleImpl@$0A@@@QEBA_NPEAX@Z
??8?$CVdsPtr@D@@QEBA_NPEAD@Z
??8?$CVdsPtr@G@@QEBA_NPEAG@Z
??8?$CVdsPtr@J@@QEBA_NPEAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBA_NPEAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBA_NPEAU_AUCTION_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBA_NPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??9?$CVdsPtr@G@@QEBA_NPEAG@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBA_NPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@J@@QEAAAEAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAAAEAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
??B?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
??B?$CVdsPtr@G@@QEBAPEAGXZ
??B?$CVdsPtr@J@@QEBAPEAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBAPEAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEBAPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??I?$CVdsHandleImpl@$0?0@@QEAAPEAPEAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QEAAXXZ
??_FCRtlMap@@QEAAXXZ
?AcquireRead@CRtlSharedLock@@AEAAXXZ
?AcquireWrite@CRtlSharedLock@@AEAAXXZ
?AllowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Attach@?$CVdsPtr@G@@QEAAXPEAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAXPEAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAAXPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0?0@@QEAAXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QEAAHXZ
?Detach@?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
?Detach@?$CVdsPtr@G@@QEAAPEAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Downgrade@CRtlSharedLock@@AEAAXXZ
?GetOutputType@CVdsAsyncObjectBase@@QEAA?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QEAAHXZ
?Release@CRtlSharedLock@@AEAAXXZ
?SetOutput@CVdsAsyncObjectBase@@QEAAXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QEAAXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QEAAXXZ
?Upgrade@CRtlSharedLock@@AEAAXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QEAAXXZ
?m_ExtraLogging@CVdsTraceSettings@@QEAAHXZ
?m_NoDebuggerLogging@CVdsTraceSettings@@QEAAHXZ

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7e73244267a9b2fdf7994ddc47e0156

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

atl

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

setupapi

osuninst

vdsutil

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

Exports

Exports

Sections

.text Size: 311KB - Virtual size: 311KB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 311KB - Virtual size: 311KB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB