Xeneth[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Xeneth.rar
Size

3.4MB
MD5

9efd12d230c5b73be99d1e0c2030b85a
SHA1

593de179e1e0dabed5efc20694f0ae16889f1dc3
SHA256

d410c122dae605e2dec8a5fa8b5fe2c09bb87539d39b5245a08e501bb71fe989
SHA512

6d5f44424b2ca126a7cfaecefbadef2815819a8615534d192e01ace786c8523ccc7e81b98ecbe269c3fe52be31d34a6abcf748398400250bbcb3bf0c20059c30
SSDEEP

98304:kQ4AwcUzQUMBFogj0Puy7U97PYr0KiX7wThlsXPsF:kQE9z/sy/Puy7S7wNp0M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xeneth/Xeneth.exe

Files

Xeneth.rar
.rar
Xeneth/.vs/santo/v17/.suo
Xeneth/.vs/santo/v17/Browse.VC.db
Xeneth/.vs/santo/v17/DocumentLayout.json
Xeneth/.vs/santo/v17/Solution.VC.db
Xeneth/D3DCompiler_43.dll
.dll windows:6 windows x64 arch:x64

87e48ad40a89f4f6e1404989a85ca976

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

94:57:86:d0:6e:0d:5e:e4:4f:3c:0e:99:a0:27:2e:c8:c5:7d:19:86
Signer

Actual PE Digest

94:57:86:d0:6e:0d:5e:e4:4f:3c:0e:99:a0:27:2e:c8:c5:7d:19:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_43.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_CxxThrowException
memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_strtoui64
isxdigit
atof
setlocale
_strdup
_mbstrlen
modf
isalnum
_isnan
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
strchr
getenv
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
free
malloc
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_vsnprintf
__CxxFrameHandler
floor
fmod
memcmp
acos
asin
atan
atan2
ceil
cos
cosh
exp
log
pow
sin
sinh
sqrt
tan
tanh
floorf

gdi32

DeleteObject

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CloseHandle
UnmapViewOfFile
DeleteCriticalSection
UnhandledExceptionFilter
GetSystemInfo
VirtualAlloc
VirtualFree
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
HeapCreate
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
TlsAlloc
FreeLibrary
Sleep
VirtualProtect
DisableThreadLibraryCalls
InitializeCriticalSection
SetUnhandledExceptionFilter

Exports

Exports

D3DAssemble
D3DCompile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xeneth/Xeneth.exe
.exe windows:6 windows x64 arch:x64

80b43bed3f6d5a05fba59720af4380d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\woksov\Downloads\safe\safe\santo\build\Xeneth.pdb

Imports

winmm

PlaySoundA

kernel32

GetLastError
HeapDestroy
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
VirtualProtect
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
TerminateThread
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapFree
HeapReAlloc
lstrcmpiA
Process32Next
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
Process32First
GetCurrentProcess
SetLastError
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
ReadFile
GetFileSizeEx
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
GetLocaleInfoA
GetTickCount
GlobalUnlock
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
GetFileInformationByHandleEx
GetTempPathW
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
AcquireSRWLockExclusive
MultiByteToWideChar
OutputDebugStringW
IsProcessorFeaturePresent
CloseHandle
LoadLibraryA
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
Sleep
SetConsoleTitleA
GetStdHandle
AreFileApisANSI

user32

GetDC
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
EmptyClipboard
SetCursor
SetCapture
CloseClipboard
SendInput
TrackMouseEvent
ClientToScreen
GetClipboardData
SetClipboardData
MessageBoxA
GetForegroundWindow
ScreenToClient
GetAsyncKeyState
OpenClipboard
GetKeyboardLayout
FindWindowA
GetClientRect
SetWindowDisplayAffinity
GetCapture
DispatchMessageA
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
SetWindowLongA
MonitorFromWindow
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
GetCursorPos

gdi32

GetPixel
CreateSolidBrush

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
_Thrd_detach
?_Random_device@std@@YAIXZ
_Mtx_lock
_Mtx_unlock
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Query_perf_counter

ntdll

NtQuerySystemInformation
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

dbghelp

ImageDirectoryEntryToData
ImageNtHeader
ImageRvaToVa

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
strchr
strstr
strrchr
longjmp
memcpy
memmove
memchr
memcmp
_CxxThrowException
__intrinsic_setjmp
__current_exception_context
__current_exception
memset

api-ms-win-crt-stdio-l1-1-0

fputs
ftell
_set_fmode
_lseeki64
ferror
fopen
__acrt_iob_func
fflush
_wfopen
__stdio_common_vsscanf
_get_stream_buffer_pointers
clearerr
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__p__commode
_read
fseek
fclose
fgetc
__stdio_common_vfprintf
_setmode
_close
_popen
_pclose
fputc
_write
fread
feof
_lseek
fwrite
_fileno
_open
fgets
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_getpid
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
exit
_resetstkoflw
_crt_atexit
strerror
__sys_nerr
_invalid_parameter_noinfo
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
abort
_initterm
_errno
_register_thread_local_exe_atexit_callback
_initterm_e
_invalid_parameter_noinfo_noreturn
_c_exit
_beginthreadex
terminate
_exit
system
__p___argv
__p___argc
perror

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
calloc
_set_new_mode
realloc

api-ms-win-crt-math-l1-1-0

atan2f
cos
sqrtf
fmodf
acosf
__setusermatherr
powf
cosf
fmod
fminf
sin
sinf
ceilf
_dsign

api-ms-win-crt-convert-l1-1-0

atof
strtoul
strtol
strtoll
atoi
strtod
strtoull

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_unlock_file
_stat64
_unlink
_mkdir
_lock_file
remove

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-string-l1-1-0

strcspn
strspn
isupper
_strdup
_stricmp
strncpy
strncmp
strpbrk
tolower
strcmp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
strftime
_time64

ws2_32

send
recv
closesocket
bind
connect
getsockname
ntohl
getsockopt
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
getpeername
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
WSAGetLastError

normaliz

IdnToAscii

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertOpenStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFreeCertificateChain
CertFindCertificateInStore
CertCloseStore

wldap32

ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord26
ord301

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 853KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xeneth/Xeneth.json
Xeneth/logs/log2024-06-23_16-31-17.txt

Sharing

General

Malware Config

Signatures

Files

87e48ad40a89f4f6e1404989a85ca976

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

94:57:86:d0:6e:0d:5e:e4:4f:3c:0e:99:a0:27:2e:c8:c5:7d:19:86Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

gdi32

kernel32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 21KB - Virtual size: 37KB

.pdata Size: 53KB - Virtual size: 52KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 18KB - Virtual size: 17KB

80b43bed3f6d5a05fba59720af4380d5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

imm32

d3dcompiler_43

dwmapi

d3dx11_43

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

ws2_32

normaliz

crypt32

wldap32

Exports

Exports

Sections

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

94:57:86:d0:6e:0d:5e:e4:4f:3c:0e:99:a0:27:2e:c8:c5:7d:19:86
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 21KB - Virtual size: 37KB

.pdata
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 358KB - Virtual size: 357KB

.data
Size: 853KB - Virtual size: 862KB

.pdata
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 5KB