Microsoft Office 365[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Microsoft Office 365.rar
Size

48.8MB
MD5

eec0ddbf120b65e9bbb0376c0752c7b3
SHA1

971a2210892e774798b4ed666dd0a6ada9176769
SHA256

535b797d4ec6cb9e12bc8882196484f5f2e7b9b0de6302aeb7724271ae1cd431
SHA512

ec7d3ba463ba746174b066eb879f39f718ab36480d4b7ed98b7d02f50572a1848bb522649dfff097b70342678be542124b81127ab3a65e683e14e221dc00984d
SSDEEP

786432:YKUOraq8uqfeFoJyNUnDHUTXoX318kiF2jxVO3mL8kvYVixsdVyHw3iQGTdfDiud:KeGuqVnL4mFneg58kv8dVyQsTFmud

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/resources/Binaries/ThirdParty/Win64/libxess.dll

Files

Microsoft Office 365.rar
.rar

Password: 2024
DLSS/Binaries/ThirdParty/Win64/nvngx_dlss.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

154e283e694e5fc75c2bd54e533abe38

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-10-2022 00:00

Not After

15-10-2025 23:59

Subject

CN=NVIDIA Corporation,OU=1-G,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f
Signer

Actual PE Digest

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\devrel\libdev\NGX\snippets\rel_tot\source\features\dlaa\_out\wddm_amd64_release\custom_engine_generic\nvngx_dlss.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

GetWindowThreadProcessId
MessageBoxA

kernel32

GetProcessHeap
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
CloseHandle
GetLastError
SetLastError
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
VerifyVersionInfoW
GetModuleHandleA
GetStdHandle
OutputDebugStringA
GetCurrentProcessId
WriteConsoleA
GetConsoleWindow
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
ReadFile
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

Exports

Exports

NGX_SNIPPETS_GetRequiredDriverSupport
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_Init
NVSDK_NGX_D3D11_Init_Ext
NVSDK_NGX_D3D11_PopulateParameters_Impl
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D11_Shutdown1
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_Init
NVSDK_NGX_D3D12_Init_Ext
NVSDK_NGX_D3D12_PopulateParameters_Impl
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_GetAPIVersion
NVSDK_NGX_GetApplicationId
NVSDK_NGX_GetDriverVersion
NVSDK_NGX_GetDriverVersionEx
NVSDK_NGX_GetGPUArchitecture
NVSDK_NGX_GetSnippetVersion
NVSDK_NGX_SetInfoCallback
NVSDK_NGX_SetTelemetryEvaluateCallback
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_Init_Ext
NVSDK_NGX_VULKAN_Init_Ext2
NVSDK_NGX_VULKAN_PopulateParameters_Impl
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1

Sections

.text
Size: 631KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50.3MB - Virtual size: 50.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README!.txt
Setup.exe
.exe windows:6 windows x86 arch:x86

Password: 2024

811cfc8e0687b9bcab4d19d1ac4a7df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OffsetRect
GetUpdateRgn

kernel32

CreateFileW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
VirtualAlloc
WaitForSingleObject
CreateThread
GetThreadId
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
ReleaseSRWLockExclusive
WakeAllConditionVariable
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
FreeEnvironmentStringsW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
WriteConsoleW

Exports

Exports

AwakeSound

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BSS
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/Binaries/ThirdParty/Win64/libxess.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

1789c74c8b3404a69d511789573fc7b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\qb\workspace\29555\source\libraries.gpu.rendering.xess.xess-sdk\build\bin\RelWithDebInfo\libxess.pdb

Imports

dxgi

CreateDXGIFactory2
CreateDXGIFactory1

shlwapi

PathRemoveFileSpecW

setupapi

CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
SetupGetInfDriverStoreLocationW
CM_Get_Device_ID_ListW

cfgmgr32

CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW

kernel32

ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
FreeLibrary
LoadLibraryA
OutputDebugStringA
GetLastError
GetModuleFileNameA
GetNativeSystemInfo
LoadLibraryExA
LocalFree
FormatMessageA
GetModuleFileNameW
GetModuleHandleExW
GetCurrentProcess
K32EnumProcessModules
K32GetModuleFileNameExW
GetModuleHandleExA
HeapAlloc
HeapFree
GetProcessHeap
DebugBreak
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryExW
GetProcAddress

ole32

StringFromGUID2

advapi32

RegGetValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey

msvcp140

_Lock_shared_ptr_spin_lock
_Thrd_hardware_concurrency
_Thrd_yield
_Thrd_join
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Unlock_shared_ptr_spin_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Mtx_current_owns
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??7ios_base@std@@QEBA_NXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Thrd_id
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
_Cnd_do_broadcast_at_thread_exit

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SetCurrentDirectoryW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
FindFirstFileExW
SetFileTime
SetFilePointerEx
SetFileInformationByHandle
SetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
SetEndOfFile
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
CreateFileW
FindClose

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

CreateHardLinkW
CreateDirectoryExW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MoveFileExW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

vcruntime140

__std_exception_destroy
__std_exception_copy
_purecall
__RTDynamicCast
_CxxThrowException
wcsrchr
wcsstr
memchr
__current_exception_context
__C_specific_handler
__std_type_info_destroy_list
memcmp
memcpy
memmove
__std_terminate
memset
wcschr
__current_exception

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo
_initterm
strerror
terminate
_invalid_parameter_noinfo_noreturn
abort
_cexit
_crt_at_quick_exit
_crt_atexit
_beginthreadex
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

powf
cosf
floorf
ceil
ceilf
_fdclass

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
free
malloc
_callnewh
calloc
_aligned_free
realloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fclose
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
ungetc
setvbuf
fwrite
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

_stricmp
tolower
wcscpy_s
strncpy
strncmp
strcmp

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-environment-l1-1-0

getenv
_dupenv_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

xessAILGetDecision
xessAILGetVersion
xessD3D12BuildPipelines
xessD3D12CreateContext
xessD3D12Execute
xessD3D12GetInitParams
xessD3D12GetProfilingData
xessD3D12GetResourcesToDump
xessD3D12Init
xessDestroyContext
xessForceLegacyScaleFactors
xessGetExposureMultiplier
xessGetInputResolution
xessGetIntelXeFXVersion
xessGetJitterScale
xessGetOptimalInputResolution
xessGetProperties
xessGetVelocityScale
xessGetVersion
xessIsOptimalDriver
xessSelectNetworkModel
xessSetContextParameterF
xessSetExposureMultiplier
xessSetJitterScale
xessSetLoggingCallback
xessSetVelocityScale
xessStartDump

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60.2MB - Virtual size: 60.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

154e283e694e5fc75c2bd54e533abe38

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 631KB - Virtual size: 630KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 50.3MB - Virtual size: 50.4MB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

Password: 2024

811cfc8e0687b9bcab4d19d1ac4a7df0

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.BSS Size: 3KB - Virtual size: 3KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 212KB - Virtual size: 216KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 7KB

Password: 2024

1789c74c8b3404a69d511789573fc7b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dxgi

shlwapi

setupapi

cfgmgr32

kernel32

ole32

advapi32

msvcp140

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0d:4d:d2:82:82:9b:1e:c4:40:ac:e0:c8:e8:e8:3c:4f:da:6e:88:70:4a:89:5c:28:99:30:a1:09:8a:a2:39:2f
Signer

.text
Size: 631KB - Virtual size: 630KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 50.3MB - Virtual size: 50.4MB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 158KB - Virtual size: 158KB

.BSS
Size: 3KB - Virtual size: 3KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 212KB - Virtual size: 216KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 10.2MB - Virtual size: 10.2MB

.rdata
Size: 60.2MB - Virtual size: 60.2MB

.data
Size: 35KB - Virtual size: 52KB

.pdata
Size: 123KB - Virtual size: 122KB

.idata
Size: 30KB - Virtual size: 29KB

.didat
Size: 1024B - Virtual size: 890B

.gfids
Size: 32KB - Virtual size: 32KB

.tls
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 65KB - Virtual size: 64KB