Release[.]rar | Triage

Resubmissions

06-07-2024 03:35

240706-d5mqmsvbrm 3

Sharing

Copy URL

Twitter E-mail

General

Target

Release.rar
Size

3.0MB
MD5

8373a4c6dafcbcdbd04a76bd8cd77d99
SHA1

14ac45a07654bafef8b722a6809dba88c4ba8235
SHA256

51e62220d2f06b66aee15e885e7d92345cedae911bd6cdcb4f0a67fa0e8d867b
SHA512

ad10d238973c06c4fcf1b4c8dc5e0cf72131dc4993aac623dcedc9a4ff7e6d68ac44d824ed6fecfc1866733a395ca016f9bc35a84e58fa9eb692e8d6cffd5a14
SSDEEP

49152:bSvL177N0hzTKyeNOuAw6stK+qKLUy9E+HkC0fEg0emR0VuZiRma0I7iFf3vS4LS:g1XWhzeXNLP6k/p9HlzlemR0uva0I74K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MCDmaApex.exe

Files

Release.rar
.rar
FTD3XX.dll
.dll windows:6 windows x64 arch:x64

94eff8313f705d14c2421a2e17c00648

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:e4:41:cb:6d:7c:0b:ab:94:2c:24:2e:b3:05:8f:ed
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-04-2023 00:00

Not After

19-04-2024 23:59

Subject

SERIALNUMBER=SC136640,CN=Future Technology Devices International Ltd,O=Future Technology Devices International Ltd,L=Glasgow,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:d1:a6:6c:07:39:e4:9c:0f:fe:4c:31:eb:63:3d:6a:be:ab:fd:97:e7:2f:10:1b:b8:bb:0d:eb:3b:e6:59:22
Signer

Actual PE Digest

59:d1:a6:6c:07:39:e4:9c:0f:fe:4c:31:eb:63:3d:6a:be:ab:fd:97:e7:2f:10:1b:b8:bb:0d:eb:3b:e6:59:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Work\Project\D3xx\trunk\D3XX\d2xxdll\x64\Release\FTD3XX.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

kernel32

ExitThread
WriteConsoleW
OutputDebugStringW
ReadConsoleW
ReadFile
SetFilePointerEx
CreateFileW
CloseHandle
GetLastError
DeviceIoControl
GetOverlappedResult
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
WaitForMultipleObjects
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
CreateThread
RtlUnwind
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
MultiByteToWideChar
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode

Exports

Exports

FT_AbortPipe
FT_ClearNotificationCallback
FT_ClearStreamPipe
FT_Close
FT_ControlTransfer
FT_Create
FT_CreateDeviceInfoList
FT_CycleDevicePort
FT_EnableGPIO
FT_FlushPipe
FT_GetChipConfiguration
FT_GetConfigurationDescriptor
FT_GetDescriptor
FT_GetDeviceDescriptor
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetFirmwareVersion
FT_GetGPIO
FT_GetInterfaceDescriptor
FT_GetLibraryVersion
FT_GetOverlappedResult
FT_GetPipeInformation
FT_GetPipeTimeout
FT_GetStringDescriptor
FT_GetSuspendTimeout
FT_GetVIDPID
FT_InitializeOverlapped
FT_IsDevicePath
FT_ListDevices
FT_ReadGPIO
FT_ReadPipe
FT_ReadPipeEx
FT_ReleaseOverlapped
FT_ResetDevicePort
FT_SetChipConfiguration
FT_SetGPIO
FT_SetGPIOLevel
FT_SetGPIOPull
FT_SetNotificationCallback
FT_SetPipeTimeout
FT_SetStreamPipe
FT_SetSuspendTimeout
FT_WriteGPIO
FT_WritePipe
FT_WritePipeEx

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MCDmaApex.exe
.exe windows:6 windows x64 arch:x64

cf954d1367f54a27889df10cd4c5ce40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\monstercheat\Desktop\FullProject\FUN_Plus_UC\x64\Release\MCDmaApex.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

ws2_32

inet_addr
WSACleanup
WSAStartup
sendto
socket
recvfrom
htons

vmm

VMMDLL_Scatter_ExecuteRead
VMMDLL_Initialize
VMMDLL_MemFree
VMMDLL_Map_GetEATU
VMMDLL_ProcessGetInformationAll
VMMDLL_Scatter_PrepareWrite
VMMDLL_VfsListU
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Close
VMMDLL_ProcessGetModuleBaseU
VMMDLL_MemReadEx
VMMDLL_MemWrite
VMMDLL_Scatter_Initialize
VMMDLL_Scatter_PrepareEx
VMMDLL_VfsReadW
VMMDLL_Scatter_CloseHandle
VMMDLL_ConfigGet
VMMDLL_PidGetFromName
VMMDLL_Scatter_Clear
VMMDLL_InitializePlugins
VMMDLL_ConfigSet
VMMDLL_WinReg_QueryValueExU
VMMDLL_Scatter_Execute
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetModuleFromNameU

leechcore

LcCommand
LcCreate
LcClose

kernel32

GetFileAttributesW
GetFileAttributesExW
GetTempPathW
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
WriteFile
CreateFileW
Sleep
GetLastError
LoadLibraryA
GetLocaleInfoEx
FindFirstFileW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
GetModuleHandleW
FreeLibrary
QueryPerformanceCounter
CreateThread
VirtualProtect
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
PurgeComm
WaitForSingleObject
OpenFileMappingW
GetCommTimeouts
SetupComm
UnmapViewOfFile
CreateEventW
WaitCommEvent
QueryFullProcessImageNameA
CreateFileA
SetEvent
TerminateThread
GetCommState
ResetEvent
ClearCommError
GetOverlappedResult
SetCommMask
CreateFileMappingW
MapViewOfFile
SetCommTimeouts
SetCommState
SetConsoleTitleW
FormatMessageA
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindClose
LocalFree
CloseHandle

user32

SetClipboardData
GetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
UpdateWindow
PostMessageW
FindWindowW
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
CreateWindowExW
ScreenToClient
UnregisterClassW
SetWindowTextW
RegisterClassExW
WindowFromPoint
ShowWindow
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
TrackMouseEvent
GetCursorPos
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
GetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
CloseClipboard

gdi32

GetDeviceCaps

vmprotectsdk64

VMProtectBeginMutation

msvcp140

??1_Locinfo@std@@QEAA@XZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Random_device@std@@YAIXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?global@locale@std@@SA?AV12@AEBV12@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_Xruntime_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Xtime_get_ticks
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memchr
memcmp
memmove
_CxxThrowException
__current_exception_context
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
memcpy
__current_exception
memset

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
exit
_register_thread_local_exe_atexit_callback
_beginthreadex
_errno
terminate
_c_exit
system
__p___argv
__p___argc
abort
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

_ltoa_s
atof
strtol
atoi
strtof

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
__acrt_iob_func
fflush
fclose
__stdio_common_vsprintf_s
fgetc
__stdio_common_vfprintf
fwrite
fgetpos
setvbuf
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
ungetc
fsetpos
fread
fseek
_set_fmode
ftell
_fseeki64
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strcat_s
strncpy
strncmp
strcmp
strcpy_s
toupper

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
sinf
asinf
ceilf
cosf
sqrtf
powf
fmodf
acosf
atan2f
tanf

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VMProtectSDK64.dll
.dll windows:5 windows x64 arch:x64

1851ff453adce0cef5274e320d5bed3c

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-01-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:df:4d:93:8e:75:e6:3d:64:8a:be:02:29:5c:d3:3c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-08-2022 00:00

Not After

30-07-2025 23:59

Subject

SERIALNUMBER=201923456H,CN=Bytedance Pte. Ltd.,O=Bytedance Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:59:f1:6a:9c:36:6d:4f:bd:cc:6f:c4:b2:32:b7:ba:e3:bc:b6:16:4c:21:d3:2d:b2:29:2b:9f:2d:1a:4a:76
Signer

Actual PE Digest

1e:59:f1:6a:9c:36:6d:4f:bd:cc:6f:c4:b2:32:b7:ba:e3:bc:b6:16:4c:21:d3:2d:b2:29:2b:9f:2d:1a:4a:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
GetLocalTime
GetTickCount
GetModuleFileNameW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

Exports

Exports

VMProtectActivateLicense
VMProtectBegin
VMProtectBeginMutation
VMProtectBeginUltra
VMProtectBeginUltraLockByKey
VMProtectBeginVirtualization
VMProtectBeginVirtualizationLockByKey
VMProtectDeactivateLicense
VMProtectDecryptStringA
VMProtectDecryptStringW
VMProtectEnd
VMProtectFreeString
VMProtectGetCurrentHWID
VMProtectGetOfflineActivationString
VMProtectGetOfflineDeactivationString
VMProtectGetSerialNumberData
VMProtectGetSerialNumberState
VMProtectIsDebuggerPresent
VMProtectIsProtected
VMProtectIsValidImageCRC
VMProtectIsVirtualMachinePresent
VMProtectSetSerialNumber

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
leechcore.dll
.dll windows:6 windows x64 arch:x64

245f8d40de6893b471d1e488cfaf8c43

Code Sign

61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-11-2023 06:35

Not After

23-11-2024 06:35

Subject

CN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:be:3c:4b:b2:e9:8d:6d:9c:0b:8e:4d:83:b8:da:9a:90:3a:3f:69:89:c1:75:dd:a6:06:db:21:b5:29:d5:59
Signer

Actual PE Digest

a7:be:3c:4b:b2:e9:8d:6d:9c:0b:8e:4d:83:b8:da:9a:90:3a:3f:69:89:c1:75:dd:a6:06:db:21:b5:29:d5:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Github\production\LeechCore\files\lib\leechcore.pdb

Imports

credui

CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW

rpcrt4

NdrClientCall3
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcStringFreeA
RpcBindingSetAuthInfoExW
RpcStringBindingComposeA
RpcBindingFromStringBindingA

secur32

LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaConnectUntrusted

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW

winusb

WinUsb_WritePipe
WinUsb_Free
WinUsb_SetPipePolicy
WinUsb_ReadPipe
WinUsb_Initialize

ws2_32

setsockopt
WSAGetLastError
htons
recvfrom
connect
socket
send
inet_addr
WSAStartup
closesocket
ioctlsocket

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetTickCount64
GetModuleFileNameA
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceCounter
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
DeleteCriticalSection
Sleep
LoadLibraryA
CloseHandle
CreateThread
SwitchToThread
GetProcAddress
FreeLibrary
ReadFile
DeviceIoControl
GetLastError
CreateFileA
SetFilePointerEx
VirtualFree
VirtualAlloc
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
WriteProcessMemory
GetCurrentProcess
K32GetModuleFileNameExW
OpenProcess
K32EnumProcesses
ReadProcessMemory
K32GetMappedFileNameW
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
QueryPerformanceFrequency
ResetEvent
IsProcessorFeaturePresent

advapi32

StartServiceA
ControlService
DeleteService
OpenSCManagerA
OpenSCManagerW
CloseServiceHandle
CreateServiceA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceA

ole32

CoTaskMemFree

vcruntime140

memset
memcpy
__C_specific_handler
strstr
__std_type_info_destroy_list
memcmp
wcsstr

api-ms-win-crt-stdio-l1-1-0

fread
fopen_s
fwrite
__stdio_common_vsnwprintf_s
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vfprintf
fclose
__acrt_iob_func
getchar
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_ftelli64

api-ms-win-crt-string-l1-1-0

strncat_s
strtok_s
wcsncpy_s
strcpy_s
wcsncat_s
_strnicmp
_wcsicmp
strncpy_s
wcscpy_s
strcat_s
strcmp
_stricmp

api-ms-win-crt-convert-l1-1-0

atoi
_itoa_s
strtoull

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_initterm
_cexit
_initterm_e
_seh_filter_dll

Exports

Exports

LcAllocScatter1
LcAllocScatter2
LcAllocScatter3
LcClose
LcCommand
LcCreate
LcCreateEx
LcDeviceParameterGet
LcDeviceParameterGetNumeric
LcGetOption
LcMemFree
LcMemMap_AddRange
LcMemMap_GetMaxAddress
LcMemMap_IsInitialized
LcRead
LcReadScatter
LcSetOption
LcWrite
LcWriteScatter

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmm.dll
.dll windows:6 windows x64 arch:x64

0b77eba7e489d82b694bf66be928bc65

Code Sign

61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-11-2023 06:35

Not After

23-11-2024 06:35

Subject

CN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:22:15:06:9a:9d:d6:5e:22:ed:34:52:e0:8d:3e:6c:48:32:22:36:d8:22:13:a8:44:1d:38:fc:13:75:29:28
Signer

Actual PE Digest

4a:22:15:06:9a:9d:d6:5e:22:ed:34:52:e0:8d:3e:6c:48:32:22:36:d8:22:13:a8:44:1d:38:fc:13:75:29:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Github\production\MemProcFS\files\lib\vmm.pdb

Imports

leechcore

LcRead
LcCreateEx
LcClose
LcSetOption
LcReadScatter
LcAllocScatter1
LcWriteScatter
LcGetOption
LcCommand
LcAllocScatter2
LcMemFree

bcrypt

BCryptCreateHash
BCryptHashData
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash

crypt32

CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW

shlwapi

StrStrIA

ws2_32

inet_ntop

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
LockResource
ResetEvent
LocalAlloc
LocalFree
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetLongPathNameW
WaitForMultipleObjects
CreateEventW
GetTickCount64
SetEvent
GetLocalTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceFrequency
GetModuleFileNameA
SizeofResource
FileTimeToSystemTime
FindClose
LoadResource
FindResourceW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
GetStdHandle
ReadConsoleA
SwitchToThread
CreateThread
FindFirstFileA
LoadLibraryExA
FindNextFileA

advapi32

LookupAccountSidA
RegDeleteValueA
IsValidSid
ConvertStringSidToSidA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegGetValueA
ConvertSidToStringSidA

vcruntime140

strstr
__std_type_info_destroy_list
__C_specific_handler
strrchr
memcmp
memcpy
memmove
memset

api-ms-win-crt-string-l1-1-0

_wcsnicmp
_strnicmp
strncmp
strcmp
strcat_s
_stricmp
strcpy_s
strtok_s
strncpy_s
strncat_s
strspn
strnlen
strcspn
toupper

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
realloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_endthreadex

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
fread
tmpnam_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fwrite
fclose
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
fopen_s
_fseeki64
_fsopen
fflush

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul

api-ms-win-crt-filesystem-l1-1-0

remove
_access_s

api-ms-win-crt-math-l1-1-0

floor
log10

Exports

Exports

VMMDLL_Close
VMMDLL_CloseAll
VMMDLL_ConfigGet
VMMDLL_ConfigSet
VMMDLL_ForensicFileAppend
VMMDLL_Initialize
VMMDLL_InitializeEx
VMMDLL_InitializePlugins
VMMDLL_Log
VMMDLL_LogEx
VMMDLL_Map_GetEATU
VMMDLL_Map_GetEATW
VMMDLL_Map_GetHandleU
VMMDLL_Map_GetHandleW
VMMDLL_Map_GetHeap
VMMDLL_Map_GetHeapAlloc
VMMDLL_Map_GetIATU
VMMDLL_Map_GetIATW
VMMDLL_Map_GetModuleFromNameU
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Map_GetModuleU
VMMDLL_Map_GetModuleW
VMMDLL_Map_GetNetU
VMMDLL_Map_GetNetW
VMMDLL_Map_GetPfn
VMMDLL_Map_GetPfnEx
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetPool
VMMDLL_Map_GetPteU
VMMDLL_Map_GetPteW
VMMDLL_Map_GetServicesU
VMMDLL_Map_GetServicesW
VMMDLL_Map_GetThread
VMMDLL_Map_GetUnloadedModuleU
VMMDLL_Map_GetUnloadedModuleW
VMMDLL_Map_GetUsersU
VMMDLL_Map_GetUsersW
VMMDLL_Map_GetVMU
VMMDLL_Map_GetVMW
VMMDLL_Map_GetVadEx
VMMDLL_Map_GetVadU
VMMDLL_Map_GetVadW
VMMDLL_MemFree
VMMDLL_MemPrefetchPages
VMMDLL_MemRead
VMMDLL_MemReadEx
VMMDLL_MemReadPage
VMMDLL_MemReadScatter
VMMDLL_MemSearch
VMMDLL_MemSize
VMMDLL_MemVirt2Phys
VMMDLL_MemWrite
VMMDLL_MemWriteScatter
VMMDLL_PdbLoad
VMMDLL_PdbSymbolAddress
VMMDLL_PdbSymbolName
VMMDLL_PdbTypeChildOffset
VMMDLL_PdbTypeSize
VMMDLL_PidGetFromName
VMMDLL_PidList
VMMDLL_ProcessGetDirectoriesU
VMMDLL_ProcessGetDirectoriesW
VMMDLL_ProcessGetInformation
VMMDLL_ProcessGetInformationAll
VMMDLL_ProcessGetInformationString
VMMDLL_ProcessGetModuleBaseU
VMMDLL_ProcessGetModuleBaseW
VMMDLL_ProcessGetProcAddressU
VMMDLL_ProcessGetProcAddressW
VMMDLL_ProcessGetSectionsU
VMMDLL_ProcessGetSectionsW
VMMDLL_Scatter_Clear
VMMDLL_Scatter_CloseHandle
VMMDLL_Scatter_Execute
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Initialize
VMMDLL_Scatter_Prepare
VMMDLL_Scatter_PrepareEx
VMMDLL_Scatter_PrepareWrite
VMMDLL_Scatter_PrepareWriteEx
VMMDLL_Scatter_Read
VMMDLL_UtilFillHexAscii
VMMDLL_UtilVfsReadFile_FromBOOL
VMMDLL_UtilVfsReadFile_FromDWORD
VMMDLL_UtilVfsReadFile_FromPBYTE
VMMDLL_UtilVfsReadFile_FromQWORD
VMMDLL_UtilVfsWriteFile_BOOL
VMMDLL_UtilVfsWriteFile_DWORD
VMMDLL_VfsListBlobU
VMMDLL_VfsListU
VMMDLL_VfsListW
VMMDLL_VfsList_AddDirectory
VMMDLL_VfsList_AddDirectoryW
VMMDLL_VfsList_AddFile
VMMDLL_VfsList_AddFileW
VMMDLL_VfsReadU
VMMDLL_VfsReadW
VMMDLL_VfsWriteU
VMMDLL_VfsWriteW
VMMDLL_VmGetVmmHandle
VMMDLL_VmMemRead
VMMDLL_VmMemReadScatter
VMMDLL_VmMemTranslateGPA
VMMDLL_VmMemWrite
VMMDLL_VmMemWriteScatter
VMMDLL_VmScatterInitialize
VMMDLL_WinGetThunkInfoIATU
VMMDLL_WinGetThunkInfoIATW
VMMDLL_WinReg_EnumKeyExU
VMMDLL_WinReg_EnumKeyExW
VMMDLL_WinReg_EnumValueU
VMMDLL_WinReg_EnumValueW
VMMDLL_WinReg_HiveList
VMMDLL_WinReg_HiveReadEx
VMMDLL_WinReg_HiveWrite
VMMDLL_WinReg_QueryValueExU
VMMDLL_WinReg_QueryValueExW
VMMDLL_YaraSearch

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

94eff8313f705d14c2421a2e17c00648

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:e4:41:cb:6d:7c:0b:ab:94:2c:24:2e:b3:05:8f:edCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

59:d1:a6:6c:07:39:e4:9c:0f:fe:4c:31:eb:63:3d:6a:be:ab:fd:97:e7:2f:10:1b:b8:bb:0d:eb:3b:e6:59:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

cf954d1367f54a27889df10cd4c5ce40

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

ws2_32

vmm

leechcore

kernel32

user32

gdi32

vmprotectsdk64

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 454KB - Virtual size: 453KB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 656B

1851ff453adce0cef5274e320d5bed3c

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:e4:41:cb:6d:7c:0b:ab:94:2c:24:2e:b3:05:8f:ed
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

59:d1:a6:6c:07:39:e4:9c:0f:fe:4c:31:eb:63:3d:6a:be:ab:fd:97:e7:2f:10:1b:b8:bb:0d:eb:3b:e6:59:22
Signer

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 454KB - Virtual size: 453KB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 656B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:df:4d:93:8e:75:e6:3d:64:8a:be:02:29:5c:d3:3c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1e:59:f1:6a:9c:36:6d:4f:bd:cc:6f:c4:b2:32:b7:ba:e3:bc:b6:16:4c:21:d3:2d:b2:29:2b:9f:2d:1a:4a:76
Signer

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a7:be:3c:4b:b2:e9:8d:6d:9c:0b:8e:4d:83:b8:da:9a:90:3a:3f:69:89:c1:75:dd:a6:06:db:21:b5:29:d5:59
Signer