00ece52cd4feab266c82425d9f0cc2e0[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

00ece52cd4feab266c82425d9f0cc2e0.bin
Size

11.0MB
MD5

00ece52cd4feab266c82425d9f0cc2e0
SHA1

0f3e1dd6a51eb15c42876f1a6c745058f42aee5e
SHA256

18154447143c0d95f477077e9e3ffebc588e99bf0fa19a198ae3501808d582c3
SHA512

2359dd07ec2c04ae215d30d47ba63ef3a2af09d416510fb20d598332e1d77c379dd4417edfdfb3f937a852777f7dc4046556755225eb3a83fb6253853820f142
SSDEEP

98304:zjsC521tvS4T8mYcLmqBK3TiXHfOBolp/v/yjSSqP2X:zj7g1nRY0Bqrolp/v6uR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00ece52cd4feab266c82425d9f0cc2e0.bin

Files

00ece52cd4feab266c82425d9f0cc2e0.bin
.exe windows:6 windows x64 arch:x64

2cc98c4a72f9de6326e4556b9c8551fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\xenia\build\bin\Windows\Release\xenia.pdb

Imports

kernel32

WakeAllConditionVariable
SleepConditionVariableSRW
GetModuleHandleA
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoA
GetSystemPowerStatus
CompareStringA
GetModuleHandleExW
LoadLibraryExW
SetThreadExecutionState
GlobalMemoryStatusEx
VerifyVersionInfoW
GetOverlappedResult
CreateFileA
FormatMessageW
CancelIo
SetEnvironmentVariableA
InitializeConditionVariable
TryEnterCriticalSection
MulDiv
GetTickCount
Process32Next
CreateToolhelp32Snapshot
Process32First
OutputDebugStringW
SetErrorMode
GetFileSizeEx
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
LoadLibraryA
VirtualQuery
VirtualAlloc
VirtualFree
RemoveVectoredContinueHandler
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
GetFileSize
GetSystemInfo
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
WakeConditionVariable
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetEnvironmentVariableA
GetConsoleMode
ExitProcess
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
FormatMessageA
WaitForSingleObject
VirtualProtect
FlushInstructionCache
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteTimerQueueTimer
GlobalAddAtomW
GlobalDeleteAtom
CreateTimerQueueTimer
GetThreadContext
GetSystemTimeAsFileTime
AllocConsole
AttachConsole
GetStdHandle
FreeLibrary
LocalFree
LoadLibraryW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
CreateFileW
FindClose
SetEndOfFile
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
TlsGetValue
SleepEx
CreateSemaphoreW
GetModuleHandleW
GetThreadId
GetProcAddress
SwitchToThread
QueueUserAPC
ResetEvent
CreateThread
RaiseException
GetThreadPriority
PulseEvent
TlsAlloc
WaitForSingleObjectEx
TerminateThread
GetCurrentThread
SetEvent
GetLastError
CreateEventW
CancelWaitableTimer
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
ReleaseSemaphore
CreateWaitableTimerW
SetProcessAffinityMask
GetCurrentProcess
TlsSetValue
SetWaitableTimer
SetThreadAffinityMask
QueryPerformanceCounter
GetCurrentProcessId
K32GetModuleBaseNameA
CloseHandle
QueryPerformanceFrequency
Sleep
OpenProcess
GetCurrentThreadId
IsDebuggerPresent
OutputDebugStringA
WriteConsoleW

user32

RegisterClassW
AttachThreadInput
RemovePropW
UnhookWindowsHookEx
SetLayeredWindowAttributes
GetClipboardSequenceNumber
CreateIconFromResource
GetKeyboardState
MonitorFromRect
GetWindowTextLengthW
GetDoubleClickTime
IsIconic
GetClassInfoExW
KillTimer
ClipCursor
GetUpdateRect
IsRectEmpty
GetForegroundWindow
GetClipCursor
TrackMouseEvent
GetRawInputData
PeekMessageW
SetTimer
UnregisterClassW
GetSystemMetrics
CallNextHookEx
GetPropW
GetMenu
GetWindowRect
CallWindowProcW
GetMessageExtraInfo
RegisterClassExA
UnregisterDeviceNotification
UnregisterClassA
CreateWindowExA
RegisterDeviceNotificationW
SetActiveWindow
RegisterWindowMessageA
MessageBoxA
GetDesktopWindow
SystemParametersInfoW
DrawTextW
GetDlgItem
SystemParametersInfoA
DialogBoxIndirectParamW
EndDialog
MessageBoxW
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
CreateMenu
GetWindowThreadProcessId
AppendMenuW
GetMenuInfo
GetClientRect
SetWindowLongW
SetCursor
EnumDisplayMonitors
DrawMenuBar
LoadCursorW
LoadIconW
SetPropW
SetFocus
DestroyMenu
SetMenu
ValidateRect
SetMenuInfo
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
DestroyIcon
GetCapture
ShowWindow
GetClassLongPtrW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
MonitorFromWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
CreateIconFromResourceEx
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
GetMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetRawInputDeviceList
GetRawInputDeviceInfoA
PostThreadMessageW
SetWindowRgn
ToUnicode
GetKeyboardLayout
MapVirtualKeyW
EnumDisplaySettingsW
EnableMenuItem
EnumDisplayDevicesW
IsClipboardFormatAvailable
ChangeDisplaySettingsExW
RegisterRawInputDevices
SetCursorPos
CreateIconIndirect
CopyImage
GetWindowTextW
SetForegroundWindow
MonitorFromPoint
PtInRect
GetParent
FlashWindowEx
SetWindowsHookExW
SetCapture
IntersectRect

ole32

CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
PropVariantClear

ntdll

RtlDeleteFunctionTable
RtlCaptureStackBackTrace
VerSetConditionMask
RtlVirtualUnwind
RtlInstallFunctionTableCallback
RtlLookupFunctionEntry
RtlCaptureContext

dwmapi

DwmSetWindowAttribute

shlwapi

ord219

dxgi

CreateDXGIFactory1

wsock32

recvfrom
inet_ntoa
sendto
socket
connect
send
WSAGetLastError
htonl
listen
shutdown
ioctlsocket
setsockopt
accept
bind
closesocket
ntohl
WSAStartup
select
__WSAFDIsSet
recv

bcrypt

BCryptGenRandom
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider

imm32

ImmGetCandidateListW
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionStringW
ImmAssociateContext
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmNotifyIME

msvcp140

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Mtx_trylock
_Thrd_hardware_concurrency
_Thrd_yield
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Cnd_init_in_situ
_Cnd_wait
_Cnd_broadcast
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Mbrtowc
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Cnd_timedwait
_Mtx_current_owns
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
memchr
memcpy
memcmp
__std_type_info_compare
memset
__RTtypeid
__std_type_info_name
memmove
__C_specific_handler
strrchr
strchr
__std_terminate
__RTDynamicCast
_purecall
strstr
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_aligned_free
realloc
calloc
free
_callnewh
malloc
_aligned_malloc
_aligned_realloc

api-ms-win-crt-math-l1-1-0

exp2f
llrint
log2f
acos
asin
atan
cos
_fdpcomp
round
trunc
cosh
exp2
ldexp
nanf
exp
fabs
log
sin
sinh
tan
__setusermatherr
lroundf
log2
tanh
_ldsign
_fdsign
hypot
_dclass
atan2
pow
_fdopen
scalbnf
_dsign
sqrt
sinf
lround
_copysign
tanf
_fdclass
_ldclass
acosf
asinf
atan2f
atanf
cosf
expf
truncf
fmod
roundf
fmodf
log10
frexp
log10f
logf
powf
sqrtf
scalbn

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
exit
_seh_filter_exe
_register_onexit_function
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_initialize_onexit_table
_get_wpgmptr
_exit
_invalid_parameter_noinfo_noreturn
quick_exit
_beginthreadex
terminate
abort
_c_exit
_register_thread_local_exe_atexit_callback
signal
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

freopen_s
fgetc
_isatty
fgetpos
setvbuf
ungetc
fsetpos
_get_stream_buffer_pointers
__stdio_common_vfprintf
__stdio_common_vsscanf
_open_osfhandle
__acrt_iob_func
__p__commode
fputc
_set_fmode
_fseeki64
_ftelli64
fputs
_wfopen
_chsize_s
fread
__stdio_common_vsprintf_s
fseek
fopen
ferror
ftell
__stdio_common_vsprintf
fclose
fflush
fwrite
fgets
_fileno
__stdio_common_vsnprintf_s

api-ms-win-crt-time-l1-1-0

strftime
_mkgmtime64
_gmtime64
_mktime64
_time64
_localtime64
clock

api-ms-win-crt-string-l1-1-0

isdigit
ispunct
iscntrl
isalnum
isxdigit
isalpha
isupper
isgraph
strspn
tolower
strcspn
isprint
islower
_wcsnicmp
strncmp
isspace
toupper
_strdup
strncpy
_strnicmp
_wcsicmp
_stricmp
_strrev
strcmp

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
getenv

api-ms-win-crt-convert-l1-1-0

wcstombs
atof
strtoll
strtol
strtoull
strtoul
atoi
strtod

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

gdi32

CreateBitmap
CreateDCW
CreateDIBSection
DeleteObject
SelectObject
GetTextExtentPoint32A
CreateCompatibleDC
GetTextMetricsW
DeleteDC
CreateFontIndirectW
GetDeviceGammaRamp
GetDeviceCaps
BitBlt
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
CreateCompatibleBitmap
GetDIBits
CreateRectRgn
CombineRgn
GetICMProfileW
SetDeviceGammaRamp
GetStockObject

shell32

DragFinish
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW
ExtractIconExW

winmm

waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveInClose
waveInPrepareHeader
waveOutWrite
timeEndPeriod
timeBeginPeriod
waveInGetNumDevs
waveOutGetDevCapsW
waveInReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutClose
waveInGetDevCapsW
waveOutOpen
waveOutReset
waveOutGetNumDevs
waveInOpen
waveOutGetErrorTextW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiGetDeviceInterfaceDetailA
CM_Get_Device_IDA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 393KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cc98c4a72f9de6326e4556b9c8551fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

ntdll

dwmapi

shlwapi

dxgi

wsock32

bcrypt

imm32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

gdi32

shell32

winmm

setupapi

version

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 393KB - Virtual size: 6.0MB

.pdata Size: 233KB - Virtual size: 233KB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 393KB - Virtual size: 6.0MB

.pdata
Size: 233KB - Virtual size: 233KB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 36KB - Virtual size: 36KB