6577ba8f351b132bb9dbbedc16ea569523b9c4d72732f58a5acc106add35bbcf

Sharing

Copy URL

Twitter E-mail

General

Target

6577ba8f351b132bb9dbbedc16ea569523b9c4d72732f58a5acc106add35bbcf
Size

12.3MB
MD5

85a2407f957cc22f13b787e00087ff2f
SHA1

10b26e679de377d3ad318cb4981ce4151ac0c7c0
SHA256

6577ba8f351b132bb9dbbedc16ea569523b9c4d72732f58a5acc106add35bbcf
SHA512

75ba5be6dc0d625eaa6deae659ef9a071a93cef675a91a7596e0c4fa5dc22f6ac2221bde7bf2646ffca15ec86c09be1a72cc714ef271f764e93439029711b6e7
SSDEEP

196608:mQGFxahd/Ss+GMbbK2f1k0rbMw1z6Ulfq4Rl2yVNrkzi:C/nXfhrPlCvWGi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6577ba8f351b132bb9dbbedc16ea569523b9c4d72732f58a5acc106add35bbcf

Files

6577ba8f351b132bb9dbbedc16ea569523b9c4d72732f58a5acc106add35bbcf
.exe windows:6 windows x86 arch:x86

058ab1995da3d70cf4f951cdfeeecfbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Source\Korea\

Imports

binkw32

_BinkGetError@0
_BinkOpenDirectSound@4
_BinkGoto@12
_BinkPause@8
_BinkSetVolume@12
_BinkCopyToBuffer@28
_BinkClose@4
_BinkWait@4
_BinkNextFrame@4
_BinkDoFrame@4
_BinkOpen@8
_BinkShouldSkip@4
_BinkSetSoundSystem@8

ijl15

ord4
ord3
ord2
ord5

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
inet_ntoa
closesocket
htons
ntohl
sendto
socket
gethostbyname
gethostname
connect
ioctlsocket
inet_addr
recv
select
send

mss32

_AIL_close_3D_listener@4
_AIL_open_3D_listener@4
_AIL_set_3D_sample_effects_level@8
_AIL_set_3D_sample_distances@12
_AIL_set_3D_speaker_type@8
_AIL_3D_speaker_type@4
_AIL_set_3D_room_type@8
_AIL_3D_room_type@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_volume@8
_AIL_set_3D_sample_file@8
_AIL_end_3D_sample@4
_AIL_start_3D_sample@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_close_3D_provider@4
_AIL_mem_free_lock@4
_AIL_enumerate_3D_providers@12
_AIL_WAV_info@8
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_stream_volume@4
_AIL_set_stream_volume@8
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_close_stream@4
_AIL_open_stream@12
_AIL_sample_status@4
_AIL_set_sample_volume@8
_AIL_end_sample@4
_AIL_start_sample@4
_AIL_set_sample_file@12
_AIL_init_sample@4
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_set_3D_position@16
_AIL_decompress_ASI@24
_AIL_decompress_ADPCM@12
_AIL_open_3D_provider@4
_AIL_file_type@8
_AIL_set_redist_directory@4
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_set_preference@8
_AIL_shutdown@0
_AIL_set_3D_orientation@28
_AIL_startup@0

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW
ImmNotifyIME
ImmGetCandidateListW
ImmGetVirtualKey

cps

uncompress
compress

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

granny2

_GrannyDeformVertices@24
_GrannyTextureHasAlpha@4
_GrannyFreeMeshDeformer@4
_GrannyNewMeshDeformer@12
_GrannyGetMeshBindingToBoneIndices@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannyCopyMeshIndices@12
_GrannyGetMeshIndices@4
_GrannyGetMeshBytesPerIndex@4
_GrannyGetMeshIndexCount@4
_GrannyMeshIsRigid@4
_GrannyGetMeshVertices@4
_GrannyCopyMeshVertices@12
_GrannyVersionsMatch_@16
_GrannyGetMeshVertexType@4
_GrannyGetMeshTriangleGroups@4
_GrannyFreeLocalPose@4
GrannyPNT332VertexType
GrannyRGBA8888PixelFormat
_GrannyBuildWorldPose@24
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyNewLocalPose@4
_GrannyGetFileInfo@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyReadEntireFileFromMemory@8
_GrannyPlayControlledAnimation@12
_GrannySetControlActive@8
_GrannySetControlLoopCount@8
_GrannySampleModelAnimations@16
_GrannyFreeCompletedModelControls@4
_GrannySetModelClock@8
_GrannyGetSourceSkeleton@4
_GrannyGetMaterialTextureByType@8
_GrannyGetSecondsElapsed@8
_GrannyGetSystemSeconds@0
_GrannyGetControlDurationLeft@4
_GrannyFreeControl@4
_GrannyFreeModelInstance@4
_GrannyInstantiateModel@4
_GrannyFreeWorldPose@4
_GrannyCopyTextureImage@32
_GrannyNewWorldPose@4
_GrannyGetMeshVertexCount@4
_GrannyGetWorldPoseComposite4x4@8

msvcp140

?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Facet_base@std@@UAE@XZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
??1ios_base@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPAD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?id@?$collate@D@std@@2V0locale@2@A
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpiA
LocalLock
SuspendThread
GetUserDefaultLangID
HeapDestroy
HeapAlloc
ResumeThread
lstrcpynA
HeapReAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
VirtualProtect
IsDebuggerPresent
lstrlenA
SetPriorityClass
CreateProcessA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
SetLastError
GetModuleFileNameW
LoadLibraryW
GlobalMemoryStatus
GetSystemTime
CopyFileA
CreateDirectoryA
IsDBCSLeadByte
FileTimeToSystemTime
GetCurrentDirectoryA
SetThreadPriority
CreateThread
WaitForSingleObject
GetTickCount
GlobalFree
GetModuleHandleA
GetCurrentThread
SetUnhandledExceptionFilter
GlobalLock
GlobalUnlock
GlobalAlloc
FindNextFileA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
lstrcatA
GetVersionExA
OpenProcess
GetCurrentProcess
VirtualFree
VirtualAlloc
FindFirstFileA
FindClose
CloseHandle
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
CreateFileA
InitializeCriticalSection
GetLocalTime
Sleep
HeapCompact
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
MulDiv
OutputDebugStringA
FormatMessageA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
OutputDebugStringW
GetLastError
RaiseException
DecodePointer
HeapSize

user32

EmptyClipboard
MoveWindow
DialogBoxParamA
EndDialog
GetDlgItem
SetFocus
GetSystemMetrics
SetWindowTextA
GetWindowRect
CharNextExA
CharPrevExA
GetKeyState
GetAsyncKeyState
wsprintfA
SendMessageA
FindWindowA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
IsIconic
GetActiveWindow
SetClipboardData
ValidateRect
ShowCursor
SetCursor
ClipCursor
LoadCursorA
LoadIconA
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
PostThreadMessageA
CallWindowProcA
RegisterClassExA
SetWindowPos
IsWindowVisible
SetActiveWindow
GetWindowTextA
SetCursorPos
WindowFromPoint
GetParent
SetParent
GetWindow
LoadBitmapA
GetMonitorInfoA
GetKeyboardLayout
GetClipboardData
CloseClipboard
OpenClipboard
GetDC
SetWindowLongA
SetRect
ClientToScreen
GetClientRect
RedrawWindow
ShowWindow
DrawMenuBar
UnregisterClassA
MessageBoxA
UpdateWindow

advapi32

CryptHashData
RegCloseKey
CryptGetHashParam
CryptCreateHash
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptDeriveKey
CryptDecrypt

ole32

OleSetContainedObject
CoCreateInstance
CoInitialize
CoUninitialize

shell32

ShellExecuteA
SHFileOperationA

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
SysFreeString

shlwapi

StrStrIW

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipCloneFontFamily
GdipGetFamilyName
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipFree

iphlpapi

GetAdaptersInfo

netapi32

Netbios

gdi32

CreateFontA
CreatePolygonRgn
FillRgn
CreateSolidBrush
GetStockObject
TextOutA
TextOutW
CreateCompatibleDC
SetBkMode
SetBkColor
RemoveFontResourceExA
AddFontResourceExA
GetTextExtentPoint32W
GetCurrentObject
GetCharABCWidthsW
EnumFontFamiliesExA
SetTextColor
CreateFontIndirectA
CreateDIBSection
SelectObject
DeleteObject
DeleteDC

vcruntime140

__CxxFrameHandler3
_CxxThrowException
memmove
_purecall
strchr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
_except_handler4_common
__CxxLongjmpUnwind
_local_unwind4
__RTDynamicCast
strrchr
memchr
_setjmp3
longjmp
strstr
memset
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc
_set_new_mode
_recalloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_configure_narrow_argv
_seh_filter_dll
exit
_invalid_parameter_noinfo_noreturn
abort
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_errno
_c_exit
_register_thread_local_exe_atexit_callback
strerror
terminate
_set_app_type
_controlfp_s
_invalid_parameter_noinfo
_seh_filter_exe
_beginthreadex
system
_controlfp
signal

api-ms-win-crt-stdio-l1-1-0

puts
__stdio_common_vsscanf
__stdio_common_vsprintf
fopen_s
_wfopen
__p__commode
__stdio_common_vsprintf_s
putchar
__stdio_common_vfscanf
tmpfile
_popen
_set_fmode
tmpnam
_pclose
__stdio_common_vsnprintf_s
ftell
fseek
clearerr
fgets
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
fopen
_isatty
fputs
_fileno
__stdio_common_vfprintf
getc
__acrt_iob_func
feof
ferror
freopen

api-ms-win-crt-convert-l1-1-0

atof
strtod
_itoa
_strtod_l
_i64toa
strtol
strtoul
_atoi64
mbstowcs
wcstombs
atoi
_i64toa_s
_ltoa

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise
__setusermatherr
_libm_sse2_cos_precise
_except1
_libm_sse2_log_precise
_libm_sse2_sin_precise
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CItanh
_libm_sse2_sqrt_precise
_CIsinh
_CIfmod
_CIcosh
_CIatan2
modf
_libm_sse2_tan_precise
ceil
_dtest
frexp
_dsign
ldexp
floor
_libm_sse2_pow_precise
nan
_libm_sse2_log10_precise
_libm_sse2_atan_precise

api-ms-win-crt-filesystem-l1-1-0

_unlink
_unlock_file
_splitpath
_lock_file
_rmdir
_mkdir
rename
_chmod
remove
_access

api-ms-win-crt-locale-l1-1-0

localeconv
_create_locale
_free_locale
_configthreadlocale
setlocale
_setmbcp

api-ms-win-crt-string-l1-1-0

strcoll
strpbrk
tolower
isspace
toupper
strcpy_s
strtok
_strlwr
ispunct
isprint
isxdigit
wcscpy_s
islower
isupper
iswspace
strcspn
strncmp
isalpha
isdigit
isalnum
iscntrl
_stricmp
wcsnlen
strncpy
strncpy_s
strncat
strnlen

api-ms-win-crt-utility-l1-1-0

qsort
rand
ldiv
srand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time32
_mktime32
_localtime32
clock
_difftime64
_gmtime64
_localtime64
_mktime64
strftime
_ctime32
_time64
_difftime32

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsbtype

api-ms-win-crt-process-l1-1-0

_spawnl

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 301KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdiff
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

058ab1995da3d70cf4f951cdfeeecfbf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

binkw32

ijl15

ws2_32

mss32

imm32

cps

winmm

granny2

msvcp140

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ddraw

gdiplus

iphlpapi

netapi32

gdi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-process-l1-1-0

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 301KB - Virtual size: 3.7MB

.rsrc Size: 148KB - Virtual size: 147KB

.reloc Size: 694KB - Virtual size: 693KB

.xdiff Size: 32KB - Virtual size: 32KB

.text
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 301KB - Virtual size: 3.7MB

.rsrc
Size: 148KB - Virtual size: 147KB

.reloc
Size: 694KB - Virtual size: 693KB

.xdiff
Size: 32KB - Virtual size: 32KB