LANRedTrainer-8-1-0-1716761163[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

LANRedTrainer-8-1-0-1716761163.rar
Size

940KB
MD5

bfcb38b14da40ded18c10c6203cb3bf9
SHA1

bc1b4cf378dd111b0b4c17b91642670940ca1e48
SHA256

b80f22e99442d50f5f294a9871711bb5c5adfa4346526df36cca2c98d2f860cb
SHA512

4044a36cc979e82592353ac6b1a2f182b9b60d71bb5cc0a8c09804324f9e137530f4f5acef0482101e583b98043513d2f2fd362616e3429ad73415b2bdce23c5
SSDEEP

24576:aDMfpQaBfvDvdrMomAau9bj6Jv7nREC+CNjYKlNzSnbW:oUQaBfxr+Als7vFYgtS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3d9.dll
unpack001/plugins/LANRedTRainer.asi

Files

LANRedTrainer-8-1-0-1716761163.rar
.rar
d3d9.dll
.dll regsvr32 windows:6 windows x86 arch:x86

0c07677e5f4e08acb05aed7123d8ffbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\Ultimate-ASI-Loader\Ultimate-ASI-Loader\bin\Win32\Release\dinput8.pdb

Imports

kernel32

HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
LoadLibraryW
GetCommandLineA
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileA
CreateFileW
FindClose
FindFirstFileA
FindFirstFileW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
WriteFile
CloseHandle
SetUnhandledExceptionFilter
GetLastError
AcquireSRWLockExclusive
CreateEventA
CreateEventW
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetCurrentThreadId
GetStartupInfoW
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQuery
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleHandleExA
LoadLibraryExA
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetShortPathNameA
GetStartupInfoA
GetPrivateProfileIntW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MultiByteToWideChar
CreateDirectoryA
CreateDirectoryW
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateMutexW
CreateThread
GetSystemTime
SystemTimeToFileTime
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetModuleFileNameA
SetLastError
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
HeapReAlloc
GetModuleHandleExW
ReadFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RaiseException
RtlUnwind
GetStringTypeW
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
WideCharToMultiByte
GetFileInformationByHandleEx
AreFileApisANSI
GetFullPathNameW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter

user32

GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
GetWindowRect
SetDlgItemTextW
EndDialog
DialogBoxParamW
SetWindowPos
wsprintfW
FindWindowW
ShowCursor
SetForegroundWindow
ReleaseDC
GetDC
MessageBoxW
GetDlgItemTextW
SetWindowTextW

gdi32

GetDeviceCaps

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance

d3d9

Direct3DCreate9

dbghelp

SymFromAddr
MiniDumpWriteDump
StackWalk64
SymSetOptions
SymCleanup
SymInitialize

ws2_32

recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
send
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
sendto
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSARecvFrom
WSAResetEvent
select
WSASend
WSASendTo
WSASetEvent
WSAWaitForMultipleEvents
htonl
bind

Exports

Exports

AcquireDDThreadLock
AppCacheCheckManifest
AppCacheCloseHandle
AppCacheCreateAndCommitFile
AppCacheDeleteGroup
AppCacheDeleteIEGroup
AppCacheDuplicateHandle
AppCacheFinalize
AppCacheFreeDownloadList
AppCacheFreeGroupList
AppCacheFreeIESpace
AppCacheFreeSpace
AppCacheGetDownloadList
AppCacheGetFallbackUrl
AppCacheGetGroupList
AppCacheGetIEGroupList
AppCacheGetInfo
AppCacheGetManifestUrl
AppCacheLookup
CloseDriver
CommitUrlCacheEntryA
CommitUrlCacheEntryBinaryBlob
CommitUrlCacheEntryW
CompleteCreateSysmemSurface
CreateDirect3D11DeviceFromDXGIDevice
CreateDirect3D11SurfaceFromDXGISurface
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryExW
CreateUrlCacheEntryW
CreateUrlCacheGroup
CustomCreateFileA
CustomCreateFileW
CustomFindFirstFileA
CustomFindFirstFileExA
CustomFindFirstFileExW
CustomFindFirstFileW
CustomFindNextFileA
CustomFindNextFileW
CustomGetFileAttributesA
CustomGetFileAttributesExA
CustomGetFileAttributesExW
CustomGetFileAttributesW
CustomLoadLibraryA
CustomLoadLibraryExA
CustomLoadLibraryExW
CustomLoadLibraryW
D3D10CompileEffectFromMemory
D3D10CompileShader
D3D10CreateBlob
D3D10CreateDevice
D3D10CreateDeviceAndSwapChain
D3D10CreateEffectFromMemory
D3D10CreateEffectPoolFromMemory
D3D10CreateStateBlock
D3D10DisassembleEffect
D3D10DisassembleShader
D3D10GetGeometryShaderProfile
D3D10GetInputAndOutputSignatureBlob
D3D10GetInputSignatureBlob
D3D10GetOutputSignatureBlob
D3D10GetPixelShaderProfile
D3D10GetShaderDebugInfo
D3D10GetVersion
D3D10GetVertexShaderProfile
D3D10PreprocessShader
D3D10ReflectShader
D3D10RegisterLayers
D3D10StateBlockMaskDifference
D3D10StateBlockMaskDisableAll
D3D10StateBlockMaskDisableCapture
D3D10StateBlockMaskEnableAll
D3D10StateBlockMaskEnableCapture
D3D10StateBlockMaskGetSetting
D3D10StateBlockMaskIntersect
D3D10StateBlockMaskUnion
D3D11CoreCreateDevice
D3D11CoreCreateLayeredDevice
D3D11CoreGetLayeredDeviceSize
D3D11CoreRegisterLayers
D3D11CreateDevice
D3D11CreateDeviceAndSwapChain
D3D11CreateDeviceForD3D12
D3D11On12CreateDevice
D3D12CoreCreateLayeredDevice
D3D12CoreGetLayeredDeviceSize
D3D12CoreRegisterLayers
D3D12CreateDevice
D3D12CreateRootSignatureDeserializer
D3D12CreateVersionedRootSignatureDeserializer
D3D12DeviceRemovedExtendedData
D3D12EnableExperimentalFeatures
D3D12GetDebugInterface
D3D12GetInterface
D3D12PIXEventsReplaceBlock
D3D12PIXGetThreadInfo
D3D12PIXNotifyWakeFromFenceSignal
D3D12PIXReportCounter
D3D12SerializeRootSignature
D3D12SerializeVersionedRootSignature
D3DKMTCloseAdapter
D3DKMTCreateAllocation
D3DKMTCreateContext
D3DKMTCreateDevice
D3DKMTCreateSynchronizationObject
D3DKMTDestroyAllocation
D3DKMTDestroyContext
D3DKMTDestroyDevice
D3DKMTDestroySynchronizationObject
D3DKMTEscape
D3DKMTGetContextSchedulingPriority
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMultisampleMethodList
D3DKMTGetRuntimeData
D3DKMTGetSharedPrimaryHandle
D3DKMTLock
D3DKMTOpenAdapterFromHdc
D3DKMTOpenResource
D3DKMTPresent
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryResourceInfo
D3DKMTRender
D3DKMTSetAllocationPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetGammaRamp
D3DKMTSetVidPnSourceOwner
D3DKMTSignalSynchronizationObject
D3DKMTUnlock
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForVerticalBlankEvent
D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
D3DParseUnknownCommand
D3DPerformance_BeginEvent
D3DPerformance_EndEvent
D3DPerformance_GetStatus
D3DPerformance_SetMarker
DDGetAttachedSurfaceLcl
DDInternalLock
DDInternalUnlock
DSoundHelp
DebugSetLevel
DebugSetMute
DefDriverProc
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate8
Direct3DCreate9
Direct3DCreate9Ex
Direct3DCreate9On12
Direct3DCreate9On12Ex
Direct3DShaderValidatorCreate9
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DirectInput8Create
DirectInputCreateA
DirectInputCreateEx
DirectInputCreateW
DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DispatchAPICall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
DrawDibBegin
DrawDibChangePalette
DrawDibClose
DrawDibDraw
DrawDibEnd
DrawDibGetBuffer
DrawDibGetPalette
DrawDibOpen
DrawDibProfileDisplay
DrawDibRealize
DrawDibSetPalette
DrawDibStart
DrawDibStop
DrawDibTime
DriverCallback
DrvGetModuleHandle
EnableFeatureLevelUpgrade
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetBehaviorValue
GetDDSurfaceLocal
GetDeviceID
GetDriverModuleHandle
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetMemoryModule
GetOLEThunkData
GetOpenFileNamePreview
GetOpenFileNamePreviewA
GetOpenFileNamePreviewW
GetOverloadedFilePath
GetProxyDllInfo
GetSaveFileNamePreviewA
GetSaveFileNamePreviewW
GetSurfaceFromDC
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryBinaryBlob
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpCloseDependencyHandle
HttpDuplicateDependencyHandle
HttpEndRequestA
HttpEndRequestW
HttpGetServerCredentials
HttpGetTunnelSocket
HttpIsHostHstsEnabled
HttpOpenDependencyHandle
HttpOpenRequestA
HttpOpenRequestW
HttpPushClose
HttpPushEnable
HttpPushWait
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
HttpWebSocketClose
HttpWebSocketCompleteUpgrade
HttpWebSocketQueryCloseStatus
HttpWebSocketReceive
HttpWebSocketSend
HttpWebSocketShutdown
ICClose
ICCompress
ICCompressorChoose
ICCompressorFree
ICDecompress
ICDraw
ICDrawBegin
ICGetDisplayFormat
ICGetInfo
ICImageCompress
ICImageDecompress
ICInfo
ICInstall
ICLocate
ICMThunk32
ICOpen
ICOpenFunction
ICRemove
ICSendMessage
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetConvertUrlFromWireToWideChar
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetFreeCookies
InternetFreeProxyInfoList
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieEx2
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetProxyForUrl
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieEx2
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUltimateASILoader
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
MCIWndCreate
MCIWndCreateA
MCIWndCreateW
MCIWndRegisterClass
MarketplaceDoesContentIdMatch
NotifyCallbackData
OpenAdapter10
OpenAdapter10_2
OpenDriver
PSGPError
PSGPSampleTexture
ParseX509EncodedCertificateForListBoxEntry
PlaySound
PlaySoundA
PlaySoundW
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
Private1
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterSpecialCase
RegisterUrlCacheNotification
ReleaseDDThreadLock
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SendDriverMessage
SetAppCompatData
SetAppCompatStringPointer
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW

Sections

.text
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fonts/MainFont.otf
fonts/MainFontItalic.otf
imgui.ini
plugins/LANRedTRainer.asi
.dll windows:6 windows x86 arch:x86

29562d1a2eb9b8e0fa69926f47bd27fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\User\source\repos\LANRedTrainer\Release\LANRedTRainer.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
DisableThreadLibraryCalls
QueryPerformanceFrequency
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
GlobalUnlock
GlobalLock
QueryPerformanceCounter
LocalFree
GlobalFree
CreateThread
GlobalAlloc
GetFileAttributesExW

user32

GetAsyncKeyState
SetWindowLongA
CallWindowProcA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
DestroyWindow
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
DefWindowProcA
UnregisterClassA
CreateWindowExA
RegisterClassExA

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uncaught_exception@std@@YA_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??7ios_base@std@@QBE_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?eof@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?good@ios_base@std@@QBE_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

vcruntime140

memchr
memcpy
memset
__current_exception_context
__std_type_info_destroy_list
_CxxThrowException
memmove
__current_exception
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
strstr
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

setvbuf
_get_stream_buffer_pointers
fsetpos
_fseeki64
__stdio_common_vsscanf
fread
fgetpos
__stdio_common_vsprintf
_wfopen
fwrite
fputc
ungetc
fseek
fclose
fflush
fgetc
ftell

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

abort
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_wassert
terminate
_invalid_parameter_noinfo_noreturn
_errno
_initterm
_configure_narrow_argv
_initterm_e

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_CIatan2
_CIfmod
_libm_sse2_cos_precise
ceil
floor
_libm_sse2_pow_precise

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtconfig.ini

Sharing

General

Malware Config

Signatures

Files

0c07677e5f4e08acb05aed7123d8ffbb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

d3d9

dbghelp

ws2_32

Exports

Exports

Sections

.text Size: 421KB - Virtual size: 421KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 6KB - Virtual size: 590KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 24KB - Virtual size: 24KB

29562d1a2eb9b8e0fa69926f47bd27fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

imm32

d3dcompiler_47

xinput1_4

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 321KB - Virtual size: 320KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 23KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 421KB - Virtual size: 421KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 6KB - Virtual size: 590KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 24KB - Virtual size: 24KB

.text
Size: 321KB - Virtual size: 320KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB