691f34095431a336fb811cbccbd91050_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

691f34095431a336fb811cbccbd91050_NeikiAnalytics.exe
Size

1.2MB
MD5

691f34095431a336fb811cbccbd91050
SHA1

bd9e71c3bf966b5d5bb5bb4cc9471e28549ecb5c
SHA256

74ea530d115ff7ca5574419d5ce46719ee3da043f9b95925fa0631991250a432
SHA512

8d24d0333131a2bfa38fcc2a7d385d951c4ada5b8227fa084e0dd628364ad1da5fb6f04a4055a867e62561f7969ba09786cfddf86b8660540a2ac95b31890aca
SSDEEP

24576:GX+KvEHpr6nIKCiT+sqjnhMgeiCl7G0nehbGZpbD:4+uG16nIUSDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691f34095431a336fb811cbccbd91050_NeikiAnalytics.exe

Files

691f34095431a336fb811cbccbd91050_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

ec628b5a9b2bf8043ba39cad195b6b8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vds.pdb

Imports

user32

RegisterDeviceNotificationW
DispatchMessageW
GetMessageW
UnregisterDeviceNotification
DefWindowProcW
PostThreadMessageW
MessageBoxW
LoadStringW
CharNextW
CharPrevW
PeekMessageW

msvcrt

memcmp
_initterm
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memcpy
_exit
towupper
??0exception@@QEAA@AEBV0@@Z
memmove
swscanf_s
_onexit
__dllonexit
_XcptFilter
wcsstr
_wtol
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
rand
time
srand
_wcsnicmp
_wcsicmp
_vsnwprintf
_unlock
_amsg_exit
__wgetmainargs
_wcmdln
_ltow
_callnewh
??0exception@@QEAA@AEBQEBD@Z
__set_app_type
__CxxFrameHandler4
??3@YAXPEAX@Z
wcsncmp
_purecall
__C_specific_handler
free
_lock
?terminate@@YAXXZ
malloc
_commode
wcscat_s
realloc
wcscpy_s
_fmode
exit
__setusermatherr
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memset
_cexit
_CxxThrowException
__CxxFrameHandler3

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
ReleaseSemaphore
CreateEventW

ntdll

RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
RtlInitializeResource
RtlConvertExclusiveToShared
RtlAdjustPrivilege
NtQueryVolumeInformationFile
RtlConvertSharedToExclusive
RtlAcquireResourceExclusive

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CLSIDFromString
CoRegisterClassObject
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CoRevokeClassObject
CoInitializeEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadResource
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW
lstrlenW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
DuplicateTokenEx
AdjustTokenPrivileges
MakeAbsoluteSD
IsValidSid
GetLengthSid
AddAccessAllowedAce
FreeSid
MakeSelfRelativeSD

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
CreateServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
SetServiceObjectSecurity
QueryServiceObjectSecurity

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
ResumeThread
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThread
OpenProcessToken
SetThreadToken
GetCurrentThreadId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

devobj

DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjDeleteDevice
DevObjGetDeviceInterfaceDetail
DevObjCreateDeviceInfoList

api-ms-win-core-file-l1-1-0

DeleteVolumeMountPointW
DefineDosDeviceW
ReadFile
GetFileAttributesW
GetVolumePathNameW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
WriteFile
RemoveDirectoryW
CreateFileW
GetDriveTypeW
FindFirstVolumeW
SetFilePointerEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

cfgmgr32

CM_Reenumerate_DevNode_Ex

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
FindFirstVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-devices-config-l1-1-1

CM_Get_Parent
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vdsutil

?Initialize@CVdsPnPNotificationBase@@QEAAKXZ
ReleaseRundownProtection
IsRunningOnAMD64
IsClientSKU
?InsertHeadPointer@CRtlList@@QEAAHPEAX@Z
GetInterfaceDetailData
InvalidateDiskCache
??0CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
??1CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
VdsWmiConnectToNamespace
?Attach@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAUtagVARIANT@@@Z
?Next@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAPEAUIWbemClassObject@@@Z
VdsWmiGetByteFromInstance
VdsWmiGetUlongFromInstance
VdsWmiGetObjectFromInstance
VdsWmiCopyFromVariantByteArray
?Detach@CVdsWmiVariantObjectArrayEnum@@QEAAJXZ
?Find@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAV2@@Z
VdsTrace
?Insert@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
?FindPtr@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAPEAV2@@Z
?Remove@CRtlMap@@QEAAHAEAVCRtlEntry@@@Z
OpenDevice
GetDeviceName
GetDeviceAndMediaType
GetDiskLayout
GetPartitionInformation
?RegisterHandle@CVdsPnPNotificationBase@@QEAAKPEAXPEAPEAX@Z
?Append@CPrvEnumObject@@QEAAJPEAUIUnknown@@@Z
?Reset@CPrvEnumObject@@UEAAJXZ
IsVdsLoggingEnabled
VdsTraceExW
GuidToString
?InsertUnique@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
IsNoAutoMount
IsEfiFirmware
?Clear@CPrvEnumObject@@QEAAXXZ
LockDismountVolume
GetDeviceNumber
IsDriveLetter
?Next@CPrvEnumObject@@UEAAJKPEAPEAUIUnknown@@PEAK@Z
?Skip@CPrvEnumObject@@UEAAJK@Z
?Clone@CPrvEnumObject@@UEAAJPEAPEAUIEnumVdsObject@@@Z
??0CVdsAsyncObjectBase@@QEAA@XZ
??1CVdsAsyncObjectBase@@QEAA@XZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QEAAXJK@Z
?Signal@CVdsAsyncObjectBase@@QEAAXXZ
VdsIscsiIpAddressToString
VdsWmiFindInstanceOfClass
VdsWmiGetUlonglongFromInstance
?QueryStatus@CVdsAsyncObjectBase@@UEAAJPEAJPEAK@Z
VdsIscsiIpsecIdToIpAddress
VdsIscsiCheckEqualIpAddress
VdsIscsiIpAddressToIpsecId
WriteBootCode
CoFreeStringArray
GetFMIFSFormatEx2Routine
GetFMIFSEnableCompressionRoutine
RemoveTempVolumeName
MountVolume
GetFileSystemRecognitionName
GetFMIFSGetDefaultFilesystemRoutine
AssignTempVolumeName
AcquireRundownProtection
GetVolumeDiskExtentInfo
GarbageCollectDriveLetters
LockVolume
DeleteNetworkShare
GetVolumeUniqueId
GetVolumeGuidPathnames
DeleteBcdObjects
VdsIscsiCacheSessionDevices
VdsWmiGetObjectInVariantObjectArray
VdsIscsiGetIpAddressFromInstance
VdsWmiCreateClassInstance
VdsWmiSetUlongInInstance
VdsWmiCreateVariantArray
VdsWmiSetUlonglongInInstance
VdsWmiGetMethodArgumentObject
VdsWmiSetObjectInInstance
VdsWmiCallMethod
?UnregisterHandle@CVdsPnPNotificationBase@@QEAAXPEAX@Z
GetDeviceManufacturerInfo
GetMediaGeometryEx
GetStorageAccessAlignmentProperty
IsDiskClustered
IsDiskReadOnly
IsDiskCurrentStateReadOnly
CreateDeviceInfoSet
GetDeviceId
GetDeviceRegistryPropertyByInfo
VdsAllocateEmptyString
GetDeviceRegistryPropertyByInst
GetDeviceLocationEx
VdsDoesDiskHaveArcPath
GetBootFromDiskNumber
GetDiskOfflineReason
GetDiskRedundancyCount
VdsAllocateString
GetDiskIdentifiers
?WaitImpl@CVdsAsyncObjectBase@@QEAAJPEAJ@Z
IsWinPE
StartReferenceHistory
InitializeRundownProtection
VdsDisableCOMFatalExceptionHandling
UnInitializeGlobalResouce
?Initialize@CGlobalResource@@QEAAJXZ
??0CGlobalResource@@QEAA@XZ
RemoveEventSource
VdsHeapAlloc
AddEventSource
InitializeSecurityDescriptorHelper
LogInfo
LogError
?Remove@CRtlList@@QEAAXAEAVCRtlListIter@@@Z
VdsHeapFree
AllocateAndGetVolumePathName
VdsTraceEx
??0CRtlList@@QEAA@P6AXPEAVCRtlEntry@@@Z@Z
??1CRtlList@@QEAA@XZ
?Begin@CRtlList@@QEAA?AVCRtlListIter@@XZ
?End@CRtlList@@QEAA?AVCRtlListIter@@XZ
?RemoveAll@CRtlList@@QEAAXXZ
?GetEntry@CRtlListIter@@QEAAPEAVCRtlEntry@@XZ
?InsertTailPointer@CRtlList@@QEAAHPEAX@Z
?Uninitialize@CVdsAsyncObjectBase@@SAXXZ
?Uninitialize@CVdsPnPNotificationBase@@QEAAXXZ
?Next@CRtlMapIter@@QEAAAEAV1@XZ
?Next@CRtlListIter@@QEAAAEAV1@XZ
?Prev@CRtlListIter@@QEAAAEAV1@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z
??1CVdsCallTracer@@QEAA@XZ
??0CRtlMap@@QEAA@KP6AXPEAVCRtlEntry@@@Z1@Z
?Initialize@CVdsAsyncObjectBase@@SAKXZ
?Begin@CRtlMap@@QEAA?AVCRtlMapIter@@XZ
VdsTraceW
?GetEntryPointer@CRtlListIter@@QEAAPEAXXZ
VdsInitializeCriticalSection
?RemoveAll@CRtlMap@@QEAAXH@Z
??1CRtlMap@@UEAA@XZ
StopReferenceHistory
GetVolumeName
WaitForRundownProtectionRelease
??1CGlobalResource@@QEAA@XZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$CVdsCoTaskPtr@G@@QEAA@XZ
??0?$CVdsHandleImpl@$0?0@@QEAA@XZ
??0?$CVdsHandleImpl@$0A@@@QEAA@XZ
??0?$CVdsHeapPtr@D@@QEAA@XZ
??0?$CVdsHeapPtr@G@@QEAA@XZ
??0?$CVdsHeapPtr@J@@QEAA@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@D@@QEAA@XZ
??0?$CVdsPtr@G@@QEAA@XZ
??0?$CVdsPtr@J@@QEAA@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0CPrvEnumObject@@QEAA@XZ
??0CRtlSharedLock@@QEAA@XZ
??0CVdsCriticalSection@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QEAA@XZ
??0CVdsUnlockIt@@QEAA@AEAJ@Z
??1?$CVdsCoTaskPtr@G@@QEAA@XZ
??1?$CVdsHandleImpl@$0?0@@QEAA@XZ
??1?$CVdsHandleImpl@$0A@@@QEAA@XZ
??1?$CVdsHeapPtr@D@@QEAA@XZ
??1?$CVdsHeapPtr@G@@QEAA@XZ
??1?$CVdsHeapPtr@J@@QEAA@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@D@@QEAA@XZ
??1?$CVdsPtr@G@@QEAA@XZ
??1?$CVdsPtr@J@@QEAA@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1CPrvEnumObject@@QEAA@XZ
??1CRtlSharedLock@@QEAA@XZ
??1CVdsCriticalSection@@QEAA@XZ
??1CVdsPnPNotificationBase@@QEAA@XZ
??1CVdsUnlockIt@@QEAA@XZ
??4?$CVdsHandleImpl@$0?0@@QEAAPEAXPEAX@Z
??4?$CVdsHandleImpl@$0A@@@QEAAPEAXPEAX@Z
??4?$CVdsHeapPtr@D@@QEAAPEADPEAD@Z
??4?$CVdsHeapPtr@G@@QEAAPEAGPEAG@Z
??4?$CVdsHeapPtr@J@@QEAAPEAJPEAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAAPEAUFMIFS_DEF_FS_OUT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINTS@@PEAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@PEAU1@@Z
??8?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??8?$CVdsHandleImpl@$0A@@@QEBA_NPEAX@Z
??8?$CVdsPtr@D@@QEBA_NPEAD@Z
??8?$CVdsPtr@G@@QEBA_NPEAG@Z
??8?$CVdsPtr@J@@QEBA_NPEAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBA_NPEAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBA_NPEAU_AUCTION_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBA_NPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??9?$CVdsPtr@G@@QEBA_NPEAG@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBA_NPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@J@@QEAAAEAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAAAEAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
??B?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
??B?$CVdsPtr@G@@QEBAPEAGXZ
??B?$CVdsPtr@J@@QEBAPEAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBAPEAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEBAPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??I?$CVdsHandleImpl@$0?0@@QEAAPEAPEAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QEAAXXZ
??_FCRtlMap@@QEAAXXZ
?AcquireRead@CRtlSharedLock@@AEAAXXZ
?AcquireWrite@CRtlSharedLock@@AEAAXXZ
?AllowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Attach@?$CVdsPtr@G@@QEAAXPEAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAXPEAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAAXPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0?0@@QEAAXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QEAAHXZ
?Detach@?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
?Detach@?$CVdsPtr@G@@QEAAPEAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Downgrade@CRtlSharedLock@@AEAAXXZ
?GetOutputType@CVdsAsyncObjectBase@@QEAA?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QEAAHXZ
?Release@CRtlSharedLock@@AEAAXXZ
?SetOutput@CVdsAsyncObjectBase@@QEAAXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QEAAXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QEAAXXZ
?Upgrade@CRtlSharedLock@@AEAAXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QEAAXXZ
?m_ExtraLogging@CVdsTraceSettings@@QEAAHXZ
?m_NoDebuggerLogging@CVdsTraceSettings@@QEAAHXZ

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec628b5a9b2bf8043ba39cad195b6b8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

api-ms-win-core-synch-l1-1-0

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

devobj

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

cfgmgr32

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

vdsutil

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 264KB - Virtual size: 261KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 4KB - Virtual size: 144B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 264KB - Virtual size: 261KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 4KB - Virtual size: 144B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 572KB - Virtual size: 576KB