2024-06-02_4e8ab57381d7f1a98cc7ea79824f88ef_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-02_4e8ab57381d7f1a98cc7ea79824f88ef_magniber
Size

27.4MB
MD5

4e8ab57381d7f1a98cc7ea79824f88ef
SHA1

f14629bcfb5283b809abab30c3c44ae5ea647d1f
SHA256

c65547ee0afb6b2cd256166b225763c7b899b5e6836222091e1118c1a2a7e819
SHA512

c082f46a6ac92f90c8c673c27e25af92e1b71f005ededa31c590373ceb39d1b4124a03d9635d15cac177f7bc2adf335e09ab5c6596c2cb0b4c4a62bb58c2638a
SSDEEP

786432:hwjsGfQ8E0i2a3Y/rWCm2XQ/XiT4xaRN230D50A5:hwjxfQ8E0i24Y6C0/XiT4IR830D50Y

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-02_4e8ab57381d7f1a98cc7ea79824f88ef_magniber

Files

2024-06-02_4e8ab57381d7f1a98cc7ea79824f88ef_magniber
.exe windows:5 windows x86 arch:x86

04db4eb797aff4daf3da3bf44f45726f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\28c9b33a6b85af1d\build.msvc\Win32\Client-Release\WindowsClient\RobloxPlayerBeta.pdb

Imports

sensapi

IsNetworkAlive

urlmon

UrlMkSetSessionOption

fmod

?getUserData@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAPAX@Z
?set3DListenerAttributes@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_VECTOR@@000@Z
?setBypass@DSP@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setParameterFloat@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HM@Z
?getParameterFloat@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HPAMPADH@Z
FMOD_Memory_Initialize
FMOD_Memory_GetStats
FMOD_System_Create
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?getNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?getDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@PAHPAW4FMOD_SPEAKERMODE@@2@Z
?setDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?getDriver@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@HW4FMOD_SPEAKERMODE@@H@Z
?getSoftwareFormat@System@FMOD@@QAG?AW4FMOD_RESULT@@PAHPAW4FMOD_SPEAKERMODE@@0@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?set3DSettings@System@FMOD@@QAG?AW4FMOD_RESULT@@MMM@Z
?setUserData@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAX@Z
?unlock@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAX0II@Z
?lock@Sound@FMOD@@QAG?AW4FMOD_RESULT@@IIPAPAX0PAI1@Z
?isRecording@System@FMOD@@QAG?AW4FMOD_RESULT@@HPA_N@Z
?recordStart@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAVSound@2@_N@Z
?getRecordPosition@System@FMOD@@QAG?AW4FMOD_RESULT@@HPAI@Z
?getRecordDriverInfo@System@FMOD@@QAG?AW4FMOD_RESULT@@HPADHPAUFMOD_GUID@@PAHPAW4FMOD_SPEAKERMODE@@2PAI@Z
?getRecordNumDrivers@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?getMeteringInfo@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAUFMOD_DSP_METERING_INFO@@0@Z
?getMeteringEnabled@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PA_N0@Z
?setMeteringEnabled@DSP@FMOD@@QAG?AW4FMOD_RESULT@@_N0@Z
?setParameterData@DSP@FMOD@@QAG?AW4FMOD_RESULT@@HPAXI@Z
?disconnectFrom@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@PAVDSPConnection@2@@Z
?addInput@DSP@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@PAPAVDSPConnection@2@W4FMOD_DSPCONNECTION_TYPE@@@Z
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getCurrentSound@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSound@2@@Z
?setLoopCount@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?setFrequency@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?set3DMinMaxDistance@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@MM@Z
?set3DAttributes@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_VECTOR@@00@Z
?getNumDSPs@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?removeDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAVDSP@2@@Z
?getDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAPAVDSP@2@@Z
?getMode@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setMode@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?getPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPaused@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?stop@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getOpenState@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAW4FMOD_OPENSTATE@@PAIPA_N2@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?getDefaults@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAMPAH@Z
?release@Sound@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PAVSound@2@PAVChannelGroup@2@_NPAPAVChannel@2@@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
FMOD_Sound_GetUserData
FMOD_Sound_Release
?setChannelFormat@DSP@FMOD@@QAG?AW4FMOD_RESULT@@IHW4FMOD_SPEAKERMODE@@@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@_NPAPAVDSPConnection@2@@Z
?addDSP@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@HPAVDSP@2@@Z
?getMute@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setMute@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?setVolume@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getSystemObject@ChannelControl@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSystem@2@@Z
?setReverbProperties@System@FMOD@@QAG?AW4FMOD_RESULT@@HPBUFMOD_REVERB_PROPERTIES@@@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?createDSPByType@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_DSP_TYPE@@PAPAVDSP@2@@Z
?createDSP@System@FMOD@@QAG?AW4FMOD_RESULT@@PBUFMOD_DSP_DESCRIPTION@@PAPAVDSP@2@@Z
?getCPUUsage@System@FMOD@@QAG?AW4FMOD_RESULT@@PAM0000@Z
?getChannelsPlaying@System@FMOD@@QAG?AW4FMOD_RESULT@@PAH0@Z
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ

kernel32

GetUserGeoID
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
LocalFree
FileTimeToSystemTime
lstrcpynW
lstrcpyW
InterlockedExchange
VirtualAlloc
VirtualFree
GetCurrentProcess
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
SetErrorMode
InitializeCriticalSection
ReleaseSemaphore
DuplicateHandle
GetSystemInfo
lstrcmpiA
lstrlenW
CreateSemaphoreA
GetACP
GetLocalTime
SizeofResource
FindResourceW
FindResourceExW
DeleteFileA
MoveFileA
WriteProcessMemory
WriteFile
CompareFileTime
CreateFileA
FindFirstFileA
FindNextFileA
ExitProcess
IsDebuggerPresent
LoadLibraryExA
IsDBCSLeadByte
DecodePointer
GetShortPathNameW
IsWow64Process
ReplaceFileW
GetModuleHandleExA
SearchPathW
OpenEventW
CreateFileMappingW
WriteProfileStringW
VerSetConditionMask
TryEnterCriticalSection
GetFileSizeEx
GetStdHandle
ReadFile
SetFilePointer
SetFilePointerEx
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
LoadLibraryW
GetModuleHandleW
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringW
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
AttachConsole
WriteConsoleW
VirtualQuery
GetThreadContext
SetThreadContext
ResumeThread
GetTempPathA
FindFirstChangeNotificationA
GlobalMemoryStatusEx
GetVersion
FormatMessageA
SleepEx
GlobalUnlock
VerifyVersionInfoA
TlsFree
CreateWaitableTimerA
SetWaitableTimer
GetLogicalProcessorInformation
DeviceIoControl
SetEndOfFile
FindClose
GetFileTime
SetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
GlobalHandle
GlobalLock
FindNextFileW
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
GetGeoInfoA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetStdHandle
FlushFileBuffers
WaitForMultipleObjectsEx
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
GetProfileStringA
FindResourceA
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryA
CreateFileMappingA
CreateMutexA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SystemTimeToFileTime
GetSystemTime
MulDiv
LoadResource
Sleep
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
SetLastError
GetCurrentThreadId
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
RemoveDirectoryW
GetFullPathNameW
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
TerminateProcess
GetStartupInfoW
UnhandledExceptionFilter
GetStringTypeW
LCMapStringW
CompareStringW
GetCPInfo
CreateEventW
GetNativeSystemInfo
GetFileAttributesW
CopyFileW
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetVersionExA
SetUnhandledExceptionFilter
CreateProcessA
FreeConsole
GetProcessAffinityMask
InterlockedExchangeAdd
InterlockedCompareExchange
EncodePointer
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualProtect
GlobalAlloc
GlobalFree
GetLocaleInfoW
ExpandEnvironmentStringsA
EnumSystemLocalesW
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DestroyWindow
ShowWindowAsync
MoveWindow
SetWindowPos
CreateDialogIndirectParamA
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
MessageBoxA
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetParent
GetClassNameA
GetWindow
DefWindowProcW
LoadCursorA
LoadStringA
MonitorFromWindow
GetMonitorInfoA
IsChild
ShowWindow
GetWindowPlacement
EnumDisplayDevicesA
GetWindowInfo
EnumWindows
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadCursorW
GetClassInfoExW
PostMessageW
SendMessageW
PeekMessageW
UnregisterClassW
GetSystemMetrics
GetWindowRect
MapWindowPoints
SetRectEmpty
GetWindowThreadProcessId
LoadStringW
LoadKeyboardLayoutA
OpenClipboard
CloseClipboard
GetClipboardData
MapVirtualKeyA
MapVirtualKeyExA
SetCursor
GetCursorPos
ClipCursor
SetRect
GetRawInputData
RegisterRawInputDevices
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
RegisterClassExW
CreateWindowExW
SetTimer
UpdateWindow
LoadIconW
EndDialog
SetWindowContextHelpId
LoadIconA
MapDialogRect
FindWindowA
RegisterClassExA
DefWindowProcA
PostMessageA
SendMessageA
RegisterWindowMessageA
UnregisterClassA
GetClassInfoExA
CreateWindowExA
IsWindow
GetAsyncKeyState
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
SetWindowPlacement
CallWindowProcA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SwapBuffers
ChoosePixelFormat
GetDIBits
GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetPixelFormat

advapi32

RegDeleteKeyA
CryptImportKey
CryptGenRandom
CryptDestroyKey
CryptDestroyHash
RegQueryInfoKeyW
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
CryptVerifySignatureA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData

shell32

ShellExecuteA
ShellExecuteW
SHGetFolderPathAndSubDirW
SHGetFolderPathW

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibraries
CoTaskMemRealloc
StringFromGUID2

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen

shlwapi

PathRemoveFileSpecA
StrCmpW
PathAppendA
PathFileExistsA
PathStripPathA
PathAddBackslashA

dbghelp

MiniDumpWriteDump

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptQueryObject
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertGetNameStringA
CertFreeCertificateContext

wintrust

WinVerifyTrust

iphlpapi

IcmpCreateFile
GetAdaptersAddresses
IcmpSendEcho

wininet

InternetSetCookieA

psapi

GetModuleInformation
GetProcessMemoryInfo

winmm

timeGetDevCaps
timeGetTime
timeEndPeriod
timeSetEvent
timeBeginPeriod

powrprof

CallNtPowerInformation

ws2_32

recvfrom
getnameinfo
__WSAFDIsSet
gethostbyname
WSAStartup
WSACleanup
closesocket
connect
htons
send
sendto
socket
WSAGetLastError
getaddrinfo
freeaddrinfo
htonl
bind
ioctlsocket
getpeername
getsockname
getsockopt
ntohs
recv
select
setsockopt
gethostname
WSASetLastError
WSAIoctl
inet_addr
inet_ntoa

opengl32

glTexParameteri
glTexParameterf
glReadPixels
wglGetProcAddress
wglCreateContext
wglDeleteContext
glTexImage2D
glPixelStorei
glGetTexImage
glGenTextures
glDeleteTextures
glDrawElements
wglGetCurrentContext
wglMakeCurrent
glTexSubImage2D
glClearStencil
glGetIntegerv
glGetString
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glDrawArrays
glColorMask
glCopyTexSubImage2D
glCullFace
glDepthFunc
glDepthMask
glDisable
glEnable
glPolygonOffset
glReadBuffer
glStencilFunc
glStencilMask
glStencilOp
glViewport
wglGetCurrentDC

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

wtsapi32

WTSSendMessageW

Exports

Exports

?g_postStaticInitFn@@3P6AHXZA
?g_preStaticInitFn@@3P6AHXZA
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 915KB - Virtual size: 914KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04db4eb797aff4daf3da3bf44f45726f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sensapi

urlmon

fmod

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

dbghelp

version

crypt32

wintrust

iphlpapi

wininet

psapi

winmm

powrprof

ws2_32

opengl32

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 12.0MB - Virtual size: 12.0MB

.zero Size: 14KB - Virtual size: 13KB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 1.2MB - Virtual size: 3.3MB

.tls Size: 512B - Virtual size: 21B

.gfids Size: 4KB - Virtual size: 3KB

.vmp0 Size: 1.5MB - Virtual size: 1.5MB

.vmp1 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 915KB - Virtual size: 914KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 12.0MB - Virtual size: 12.0MB

.zero
Size: 14KB - Virtual size: 13KB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 1.2MB - Virtual size: 3.3MB

.tls
Size: 512B - Virtual size: 21B

.gfids
Size: 4KB - Virtual size: 3KB

.vmp0
Size: 1.5MB - Virtual size: 1.5MB

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 915KB - Virtual size: 914KB

.rsrc
Size: 94KB - Virtual size: 94KB