coom-dl_0[.]18-windows[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

coom-dl_0.18-windows.zip
Size

10.5MB
MD5

d12697879c75db7ba46341985a9de7d8
SHA1

38c9e0d18b0ef4cdaafc3b677947231211fa7e83
SHA256

69219a63aad00e92865834158da2c1d7d0af0e1410a732098e82f9314acd3903
SHA512

fb5aaf7521955d0f26843649cd045ce921dcfc0b672ce1cfa7615867578e61b36b788e74568a5da22b0768dbf0aa3498e2c082e66e241e35aaf88095fcc01a44
SSDEEP

196608:nmj7m9u0JlBSMDJ9+lFYfXoDRfukIgddmxhW7kaiYlAV1oHOBwn5DzQjofI+t:nCinlf2dxEi4kpzkit

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/coom_dl.exe
unpack001/file_selector_windows_plugin.dll
unpack001/flutter_windows.dll
unpack001/screen_retriever_plugin.dll
unpack001/window_manager_plugin.dll

Files

coom-dl_0.18-windows.zip
.zip
coom_dl.exe
.exe windows:6 windows x64 arch:x64

0546b3b8141d4b2ea8ae615783d4285e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmSetWindowAttribute

file_selector_windows_plugin

FileSelectorWindowsRegisterWithRegistrar

screen_retriever_plugin

ScreenRetrieverPluginRegisterWithRegistrar

window_manager_plugin

WindowManagerPluginRegisterWithRegistrar

flutter_windows

FlutterDesktopEngineGetMessenger
FlutterDesktopEngineSetNextFrameCallback
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerGetView
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerRelease
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerUnlock
FlutterDesktopEngineDestroy
FlutterDesktopEngineCreate
FlutterDesktopGetDpiForMonitor
FlutterDesktopResyncOutputStreams
FlutterDesktopViewGetHWND

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
InitializeSListHead
RtlCaptureContext
GetCommandLineW
AttachConsole
IsDebuggerPresent
WideCharToMultiByte
AllocConsole
FreeLibrary
LocalFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
RtlLookupFunctionEntry
GetStartupInfoW

user32

MonitorFromPoint
LoadIconW
LoadCursorW
SetParent
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
SetFocus
GetClientRect
GetWindowLongPtrW
SetWindowLongPtrW

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize

advapi32

RegGetValueW

msvcp140

?sync_with_stdio@ios_base@std@@SA_N_N@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
memcpy
__current_exception_context
__std_terminate
__current_exception
__std_exception_destroy
__std_exception_copy
__C_specific_handler
memcmp
__std_type_info_compare
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_wide_winmain_command_line
_initialize_onexit_table
_register_onexit_function
_initterm
_initialize_wide_environment
_crt_atexit
terminate
_initterm_e
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_invoke_watson
_exit
_set_app_type
_seh_filter_exe
exit

api-ms-win-crt-stdio-l1-1-0

_fileno
freopen_s
__acrt_iob_func
_dup2
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/app.so
.elf linux x64
data/flutter_assets/AssetManifest.bin
data/flutter_assets/AssetManifest.json
data/flutter_assets/FontManifest.json
data/flutter_assets/NOTICES.Z
.gz
NOTICES.Z
data/flutter_assets/fonts/MaterialIcons-Regular.otf
data/flutter_assets/packages/window_manager/images/ic_chrome_close.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_maximize.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_minimize.png
.png
data/flutter_assets/packages/window_manager/images/ic_chrome_unmaximize.png
.png
data/flutter_assets/shaders/ink_sparkle.frag
data/icudtl.dat
file_selector_windows_plugin.dll
.dll windows:6 windows x64 arch:x64

33f3d4466cb286b6f40830905fbd4e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarGetView
FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarSetDestructionHandler

kernel32

LocalFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
RtlLookupFunctionEntry
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
GetProcAddress
RtlVirtualUnwind

user32

GetAncestor

shell32

SHCreateItemFromParsingName

ole32

CoTaskMemFree
CoCreateInstance

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler
__current_exception_context
memcmp
__std_terminate
__current_exception
memmove
memcpy
__std_type_info_compare
_purecall
__std_exception_destroy
__std_exception_copy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
terminate
_initialize_onexit_table
_initterm
_invoke_watson
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

FileSelectorWindowsRegisterWithRegistrar

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flutter_windows.dll
.dll windows:5 windows x64 arch:x64

c6f0dacd086f1a06fbf74a1ed5c0fde6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumKeyExW
SystemFunction036
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

iphlpapi

GetAdaptersAddresses

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysFreeString
SysStringLen
SafeArrayCreateVector
SafeArrayPutElement
VariantClear
LoadTypeLi
VariantCopy
VarBstrCmp
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VarUI4FromStr
LoadRegTypeLi
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayAccessData
VariantInit
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData

psapi

EnumProcessModules
GetProcessMemoryInfo

shlwapi

PathIsRelativeW

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

shutdown
send
setsockopt
closesocket
recv
connect
WSAGetLastError
WSASetLastError
WSAIoctl
WSARecv
WSASend
socket
WSARecvFrom
gethostname
htons
ntohs
WSAAddressToStringW
WSAStartup
getsockname
getpeername
getnameinfo
InetPtonW
InetNtopW
getaddrinfo
bind
listen
WSASocketW
freeaddrinfo
ioctlsocket
WSASendTo
getsockopt

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmSetCandidateWindow

user32

TrackMouseEvent
ReleaseCapture
SetCapture
GetMessageExtraInfo
CharNextW
SetUserObjectInformationA
SystemParametersInfoW
SetCaretPos
GetFocus
DestroyCaret
CreateCaret
DefWindowProcW
GetWindowLongPtrW
SetTimer
KillTimer
PostMessageW
DestroyWindow
RegisterClassW
SetWindowLongPtrW
CreateWindowExW
GetSysColor
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
GetTouchInputInfo
CloseClipboard
MessageBeep
MapVirtualKeyW
GetKeyState
ScreenToClient
GetCursorPos
SetCursor
IsWindowVisible
LoadCursorW
ClientToScreen
MonitorFromPoint
MonitorFromWindow
UnregisterClassW
CreateIconIndirect
ReleaseDC
GetDC
NotifyWinEvent
UnregisterClassA
IsWindow
GetClassInfoW
GetClientRect
WindowFromDC
GetWindowThreadProcessId
IsIconic
InvalidateRect
CreateWindowExA
CloseTouchInputHandle
PeekMessageW
SendMessageW
PostQuitMessage
EnumThreadWindows
GetParent
OpenClipboard
RegisterTouchWindow

gdi32

DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
SetDIBitsToDevice
GetDeviceCaps
DeleteDC
SwapBuffers
GetPixelFormat
SetPixel
GetPixel
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
CreateDIBSection
DeleteObject

opengl32

wglGetProcAddress
wglGetCurrentContext

bcrypt

BCryptGenRandom

oleacc

LresultFromObject

uiautomationcore

UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaGetReservedNotSupportedValue
UiaGetReservedMixedAttributeValue
UiaHostProviderFromHwnd

propsys

VariantCompare

dxgi

CreateDXGIFactory
CreateDXGIFactory1

d3d9

Direct3DCreate9
D3DPERF_GetStatus
D3DPERF_SetMarker
D3DPERF_BeginEvent
D3DPERF_EndEvent

kernel32

FlsAlloc
LCMapStringEx
EncodePointer
RtlPcToFileHeader
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
TryEnterCriticalSection
InitializeCriticalSectionEx
GetFileInformationByHandleEx
FindFirstFileExW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
FlsGetValue
FlsSetValue
FlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTempFileNameA
GetModuleHandleExW
LoadLibraryExA
GetModuleHandleExA
GetModuleHandleA
LocaleNameToLCID
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SleepConditionVariableSRW
VirtualQuery
TlsFree
WaitForSingleObjectEx
SystemTimeToFileTime
GetTempPathA
AreFileApisANSI
QueryPerformanceCounter
QueryPerformanceFrequency
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
TryAcquireSRWLockExclusive
SetFileTime
DeviceIoControl
MoveFileW
CopyFileExW
CreateSymbolicLinkW
GetFullPathNameW
UnlockFileEx
LockFileEx
VirtualProtect
SetFilePointerEx
SetFileAttributesW
MoveFileExW
GetConsoleScreenBufferInfo
GetExitCodeProcess
CreateNamedPipeW
TerminateProcess
OpenProcess
WaitForMultipleObjects
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLocaleName
SetUnhandledExceptionFilter
CompareStringEx
GetCPInfo
RtlUnwindEx
InterlockedFlushSList
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
PeekNamedPipe
ReadConsoleW
CreatePipe
TzSpecificLocalTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetFileAttributesExW
SetEvent
SetCurrentDirectoryW
GetCurrentDirectoryW
GetQueuedCompletionStatus
ReadDirectoryChangesW
WriteFile
PostQueuedCompletionStatus
GetFileType
OpenThread
CancelIoEx
CreateIoCompletionPort
SetStdHandle
SetConsoleMode
GetConsoleMode
GetStdHandle
SetConsoleCP
SetConsoleOutputCP
GetConsoleOutputCP
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFinalPathNameByHandleA
TlsSetValue
SetLastError
TlsAlloc
TlsGetValue
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
GetLastError
FormatMessageW
DecodePointer
DeleteCriticalSection
LoadLibraryA
GetProcAddress
CreateEventW
RegisterWaitForSingleObject
ResetEvent
UnregisterWait
CloseHandle
GetCurrentThread
SetThreadPriority
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetThreadPreferredUILanguages
GetLocaleInfoEx
GetCurrentThreadId
OutputDebugStringW
LocalFree
GetModuleHandleW
GetCurrentProcess
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32Next
Thread32First
FormatMessageA
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
RaiseException
IsDebuggerPresent
GetCommandLineW
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
CreateFileW
DuplicateHandle
GetFileInformationByHandle
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
SetFilePointer
SetEndOfFile
FlushViewOfFile
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
GetFinalPathNameByHandleW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerW
VerSetConditionMask
VerifyVersionInfoW
SetWaitableTimer
LoadLibraryW
FreeLibrary
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
CreateFileA
Sleep
GetSystemInfo
VirtualFree
VirtualAlloc
GetNativeSystemInfo
MultiByteToWideChar
OutputDebugStringA
GetFileSizeEx
ReadFile
ExitProcess
InitOnceExecuteOnce
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
WriteConsoleW

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore

Exports

Exports

??0PlatformMethods@angle@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform
FlutterDesktopEngineCreate
FlutterDesktopEngineDestroy
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineGetTextureRegistrar
FlutterDesktopEngineProcessMessages
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineRun
FlutterDesktopEngineSetNextFrameCallback
FlutterDesktopGetDpiForHWND
FlutterDesktopGetDpiForMonitor
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerRelease
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerUnlock
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopResyncOutputStreams
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerForceRedraw
FlutterDesktopViewControllerGetEngine
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewGetGraphicsAdapter
FlutterDesktopViewGetHWND

Sections

.text
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 385KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
screen_retriever_plugin.dll
.dll windows:6 windows x64 arch:x64

3a4a6a631f0c36fabc02de948a590d33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarGetView
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopGetDpiForMonitor
FlutterDesktopPluginRegistrarSetDestructionHandler

user32

MonitorFromPoint
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos

msvcp140

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list
memcmp
__std_terminate
__std_exception_copy
__std_type_info_compare
memset
memmove
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_initterm_e
_seh_filter_dll
_crt_atexit
_execute_onexit_table
_initterm
_register_onexit_function
_invoke_watson
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

round

kernel32

CloseHandle
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW

Exports

Exports

ScreenRetrieverPluginRegisterWithRegistrar

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
window_manager_plugin.dll
.dll windows:6 windows x64 arch:x64

d1cf606168f6099044a44f6ac9c7aae0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CloseHandle

user32

PostQuitMessage
PostMessageW
SetLayeredWindowAttributes
GetAncestor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
SetClassLongW
GetClassLongW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetCursorPos
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
TrackPopupMenu
GetSystemMenu
GetSystemMetrics
ReleaseCapture
GetActiveWindow
IsZoomed
IsWindowVisible
GetWindowPlacement
SetWindowPos
SendMessageW
ShowWindow
ShowWindowAsync

shell32

SHAppBarMessage

ole32

CoInitialize
CoCreateInstance

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

dwmapi

DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

vcruntime140

__std_type_info_destroy_list
__std_exception_destroy
memcpy
__std_terminate
_CxxThrowException
memcmp
memmove
memset
__std_type_info_compare
__current_exception
__current_exception_context
__C_specific_handler
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_invoke_watson
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm

Exports

Exports

WindowManagerPluginRegisterWithRegistrar

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0546b3b8141d4b2ea8ae615783d4285e

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

file_selector_windows_plugin

screen_retriever_plugin

window_manager_plugin

flutter_windows

kernel32

user32

shell32

ole32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 512B - Virtual size: 224B

33f3d4466cb286b6f40830905fbd4e6d

Headers

DLL Characteristics

File Characteristics

Imports

flutter_windows

kernel32

user32

shell32

ole32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 460B

c6f0dacd086f1a06fbf74a1ed5c0fde6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

ole32

oleaut32

psapi

shlwapi

rpcrt4

winmm

ws2_32

imm32

user32

gdi32

opengl32

bcrypt

oleacc

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 512B - Virtual size: 224B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 13.3MB - Virtual size: 13.3MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 385KB - Virtual size: 468KB

.pdata
Size: 447KB - Virtual size: 446KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 133KB - Virtual size: 132KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 388B

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 452B