Medal[.]rar | Triage

Resubmissions

23/07/2024, 15:53

240723-tbp7ns1ara 3

23/07/2024, 15:46

240723-s7k26axfjj 8

Sharing

Copy URL Twitter E-mail

General

Target

Medal.rar
Size

2.7MB
MD5

576253369c4047a6ac4abd95d75b4d4e
SHA1

838aa4e22f3421d4623d3d1d34d542ad98fc64af
SHA256

e630aaab31612701b6d59f7249240a730b753572857e43b5790fd9419354c059
SHA512

ad8053ecb8a888b8b25e66324af15dc7de288a44fdcf7fc2cb591241e7df34db33a8660decfb1b0b97806e3bd9efe80cfd24dd40bd7e36199e860fb33ce4282e
SSDEEP

49152:3mwhX2P8txs5lF+VtldIpASNBrJJaeS0CC5gVzFkrkzVlcXiaw+Nf5+dg8eSh:WwhX66i5CtvI+mo/ZVzyogiawu5+Rh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Medal.exe

Files

Medal.rar
.rar
Dx11 fix/D3DX11d_43.dll
.dll windows:6 windows x64 arch:x64

e614279a3dbb61c450b74267520af05e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:5d:ed:60:a3:05:f8:11:b5:76:ac:b4:b8:4c:65:6d:06:5f:95:29
Signer

Actual PE Digest

1a:5d:ed:60:a3:05:f8:11:b5:76:ac:b4:b8:4c:65:6d:06:5f:95:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3dx11d_43.pdb

Imports

msvcrt

__CxxFrameHandler
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memmove
memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
free
_stricmp
tolower
_isnan
_controlfp
_assert
_purecall
_vsnwprintf
_vsnprintf
sqrtf
floorf

user32

MessageBoxA

kernel32

FindResourceA
LocalFree
FindResourceW
LoadResource
FormatMessageA
SizeofResource
LockResource
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetFileSize
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
CreateMutexA
CreateSemaphoreA
WaitForMultipleObjects
CreateThread
GetCurrentProcess
GetProcessAffinityMask
GetLastError
MultiByteToWideChar
GetFullPathNameW
CreateFileW
GetFileSizeEx
ReadFile
FreeLibrary
DebugBreak
CloseHandle
OutputDebugStringA
FatalAppExitA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProfileIntA
WriteFile
ExpandEnvironmentStringsA
CreateFileA
Sleep
VirtualProtect
DisableThreadLibraryCalls

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal

gdi32

DeleteObject

Exports

Exports

D3DX11CheckVersion
D3DX11CompileFromFileA
D3DX11CompileFromFileW
D3DX11CompileFromMemory
D3DX11CompileFromResourceA
D3DX11CompileFromResourceW
D3DX11ComputeNormalMap
D3DX11CreateAsyncCompilerProcessor
D3DX11CreateAsyncFileLoaderA
D3DX11CreateAsyncFileLoaderW
D3DX11CreateAsyncMemoryLoader
D3DX11CreateAsyncResourceLoaderA
D3DX11CreateAsyncResourceLoaderW
D3DX11CreateAsyncShaderPreprocessProcessor
D3DX11CreateAsyncShaderResourceViewProcessor
D3DX11CreateAsyncTextureInfoProcessor
D3DX11CreateAsyncTextureProcessor
D3DX11CreateShaderResourceViewFromFileA
D3DX11CreateShaderResourceViewFromFileW
D3DX11CreateShaderResourceViewFromMemory
D3DX11CreateShaderResourceViewFromResourceA
D3DX11CreateShaderResourceViewFromResourceW
D3DX11CreateTextureFromFileA
D3DX11CreateTextureFromFileW
D3DX11CreateTextureFromMemory
D3DX11CreateTextureFromResourceA
D3DX11CreateTextureFromResourceW
D3DX11CreateThreadPump
D3DX11DebugMute
D3DX11FilterTexture
D3DX11GetImageInfoFromFileA
D3DX11GetImageInfoFromFileW
D3DX11GetImageInfoFromMemory
D3DX11GetImageInfoFromResourceA
D3DX11GetImageInfoFromResourceW
D3DX11LoadTextureFromTexture
D3DX11PreprocessShaderFromFileA
D3DX11PreprocessShaderFromFileW
D3DX11PreprocessShaderFromMemory
D3DX11PreprocessShaderFromResourceA
D3DX11PreprocessShaderFromResourceW
D3DX11SHProjectCubeMap
D3DX11SaveTextureToFileA
D3DX11SaveTextureToFileW
D3DX11SaveTextureToMemory

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dx11 fix/Read.txt
Key.txt
Medal.exe
.exe windows:6 windows x64 arch:x64

3e9a3ddd2b5c5607fcfe1c94465cdcf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\fortnite project\cheat src\marcelfn\fortnite\marcelFN.pdb

Imports

ntdll

RtlCaptureContext
NtQuerySystemInformation
RtlInitUnicodeString
NtOpenFile
RtlLookupFunctionEntry
RtlVirtualUnwind
VerSetConditionMask

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

d3dx11d_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

GetProcessHeap
DeviceIoControl
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
GetModuleFileNameW
LocalFree
GetCurrentThreadId
VirtualFree
SetLastError
FormatMessageA
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
HeapFree
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLocaleInfoEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
K32QueryWorkingSetEx
Process32NextW
Process32FirstW
ReadProcessMemory
VirtualAlloc
OpenProcess
GetCurrentProcessId
K32GetDeviceDriverBaseNameA
K32EnumDeviceDrivers
GetModuleHandleW
GetCurrentProcess
IsDebuggerPresent
Process32Next
Process32First
CreateToolhelp32Snapshot
GetConsoleWindow
SetConsoleTitleA
GlobalAddAtomA
VirtualQuery
VirtualProtect
GetCurrentThread
CreateThread
ExitProcess
Sleep
CloseHandle
Beep
WriteFile
ReadFile
GetFileSize
CreateFileW
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileInformationByHandleEx
InitializeSListHead
HeapSize
WakeAllConditionVariable
OutputDebugStringW
SleepConditionVariableSRW

user32

GetForegroundWindow
SetCursorPos
SetCursor
EmptyClipboard
GetClientRect
GetClipboardData
SetClipboardData
GetCursorPos
ClientToScreen
ScreenToClient
CloseClipboard
GetAsyncKeyState
GetKeyState
GetRawInputDeviceList
GetRawInputDeviceInfoW
FindWindowA
LoadCursorA
TranslateMessage
DispatchMessageA
PeekMessageA
PostMessageA
DestroyWindow
OpenClipboard
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
GetSystemMetrics
UpdateWindow
MessageBoxA
GetWindowLongA
SetWindowLongA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
GetUserNameA
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
RegDeleteTreeW

shell32

ShellExecuteA

msvcp140

?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

PathFindFileNameW

normaliz

IdnToAscii

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord301
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord26
ord143

crypt32

CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertFreeCertificateChain
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateChain
CertCreateCertificateChainEngine
CertOpenStore
CertFreeCertificateChainEngine
CryptQueryObject

ws2_32

sendto
gethostname
ntohl
ntohs
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
recvfrom
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
setsockopt

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

userenv

UnloadUserProfile

vcruntime140

__current_exception_context
__current_exception
strrchr
_local_unwind
__C_specific_handler_noexcept
__C_specific_handler
wcsstr
memcmp
strchr
memchr
strstr
__std_terminate
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
_errno
strerror
__sys_nerr
exit
_c_exit
__p___argv
__p___argc
_beginthreadex
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_getpid
_get_initial_narrow_environment
_invalid_parameter_noinfo
_set_app_type
_resetstkoflw
abort
system
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
calloc
realloc
_recalloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

strspn
strncmp
strcmp
strncpy
tolower
strcspn
strpbrk
_stricmp
_strdup
isupper
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__acrt_iob_func
_lseeki64
_wfopen
fclose
_set_fmode
feof
fputs
fopen
fflush
fread
fseek
__p__commode
ftell
_read
_write
_popen
_pclose
_close
_open
__stdio_common_vsnprintf_s
fgets
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
fgetpos
fputc
fsetpos
_fseeki64
setvbuf
ungetc
__stdio_common_vsprintf_s
fgetc

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

sin
sqrt
tanf
__setusermatherr
atan2
atan
asin
cosf
log
pow
logf
cos
powf
ceilf
sinf
_dclass
acosf
sqrtf

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
strtoll
strtol
strtod
atoi
atof

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_unlock_file
_stat64
_access
_wremove
_unlink
_lock_file

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime
_localtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

iphlpapi

GetInterfaceInfo

msvcrt

_wcsnicmp

psapi

GetMappedFileNameW

Sections

.text
Size: 516KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.0MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Read.txt

Resubmissions

Sharing

General

Malware Config

Signatures

Files

e614279a3dbb61c450b74267520af05e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

1a:5d:ed:60:a3:05:f8:11:b5:76:ac:b4:b8:4c:65:6d:06:5f:95:29Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

advapi32

ole32

gdi32

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 266KB

.data Size: 17KB - Virtual size: 82KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 3KB - Virtual size: 3KB

3e9a3ddd2b5c5607fcfe1c94465cdcf8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

d3d11

d3dcompiler_43

d3dx11d_43

kernel32

user32

advapi32

shell32

msvcp140

imm32

dwmapi

shlwapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

iphlpapi

msvcrt

psapi

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

1a:5d:ed:60:a3:05:f8:11:b5:76:ac:b4:b8:4c:65:6d:06:5f:95:29
Signer

.text
Size: 266KB - Virtual size: 266KB

.data
Size: 17KB - Virtual size: 82KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 516KB - Virtual size: 1.2MB

.rdata
Size: 243KB - Virtual size: 244KB

.data
Size: 1.0MB - Virtual size: 1.8MB

.pdata
Size: 52KB - Virtual size: 52KB

_RDATA
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 136KB

.reloc
Size: - Virtual size: 4KB

.data1
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 134KB - Virtual size: 136KB

.data1
Size: 4KB - Virtual size: 4KB