Downloads[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads.zip
Size

38.6MB
MD5

6dc9ad20ed95265f1f686c335e0cf0bb
SHA1

c864f5a20ff85bb1c94e817e57906a6f3411a983
SHA256

ca00c223ba1c2ac88789b24dd26fdcc6014ab59f2960a10afb1e1c243868f877
SHA512

c9f303b9536dee2ee92a986525f2e35efa8e1dcebe648b721cf0fd069ab0b99d58985933b255ba6e17b9285e0c0536361539e9856d63d8208ca429a7f49dcfae
SSDEEP

786432:z7pbqepRx+K89+RY3aM4TSl1Y2FncrXUGaC94qNX0SceEzVliWd/U/uRlhrw:zFRwKM+RgamlZybaCLNX04LgRlhrw

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/rc24-dns-server-windows-x64.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/melonDS.exe
unpack001/rc24-dns-server-windows-x64.exe

Files

Downloads.zip
.zip
Mario Kart DS (EUR) (En).nds
Mario Kart DS (EUR) (En).sav
melonDS.2.ini
melonDS.exe
.exe windows:4 windows x64 arch:x64

caf88cca79aabfd2b739bf978be728ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_chdir
_chsize
_close
_close
_commit
_commode
_difftime64
_dup
_dup2
_endthreadex
_environ
_errno
_exit
_fdopen
_fdopen
_filelengthi64
_fileno
_findclose
_fileno
_fmode
_fstat64
_get_osfhandle
_getdrive
_getpid
_gmtime64
_i64toa
_initterm
_hypot
_isatty
_isctype
_kbhit
_localtime64
_lock
_itoa
_lseeki64
_ltoa
_mkgmtime64
_mktime64
_onexit
_open
_open
_open_osfhandle
_pipe
_putenv
_read
_read
_setjmp
_setmode
_setmode
_snprintf
_snwprintf
_snwprintf_s
_stat64
_stricmp
_strdup
_strdup
_strlwr
_strnicmp
_strrev
_strupr
_telli64
_time64
_timezone
_tzname
_tzset
_ui64toa
_ui64toa_s
_ultoa
_unlock
_vscprintf
_vsnprintf
_vsnwprintf
_waccess
_wassert
_wchdir
_wchmod
_wcsdup
_wcsicmp
_wcsicmp
_wcsnicmp
_wfindfirst64
_wfindnext64
_wfopen
_wfreopen
_wfullpath
_wgetcwd
_wgetdcwd
_wgetenv_s
_wmkdir
_wopen
_wputenv
_wremove
_write
_wrmdir
_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe
_wstat64
_wunlink
_wutime64
abort
acos
asin
atan
atof
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen
fwprintf
fseek
fsetpos
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
_write
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
putchar
puts
qsort
raise
realloc
rand
remove
setlocale
setvbuf
signal
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strncpy_s
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsspn
wcsstr
wcstol
wcstoul
wcsxfrm
wctomb

ole32

CLSIDFromString
CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateBindCtx
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
PropVariantClear
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromCLSID
StringFromGUID2

opengl32

wglCreateContext
wglDeleteContext
wglGetCurrentContext
wglGetProcAddress
wglMakeCurrent
wglShareLists

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetEvent
WSASetLastError
WSASocketA
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

AccessCheck
AllocateAndInitializeSid
BuildTrusteeWithSidW
CopySid
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateToken
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
GetUserNameW
LookupAccountSidW
MapGenericMask
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SystemFunction036

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKeyPBKDF2
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptSetProperty

crypt32

CertAddStoreToCollection
CertCloseStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertFindChainInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertOpenSystemStoreW
CertVerifyTimeValidity
PFXImportCertStore

d3d9

Direct3DCreate9Ex

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

dxva2

DXVA2CreateDirect3DDeviceManager9

evr

MFCreateVideoSampleFromSurface

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetFontData
GetGlyphOutlineW
GetICMProfileW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetRegionData
GetStockObject
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
Rectangle
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetDeviceGammaRamp
SetGraphicsMode
SetLayout
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCandidateListW
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetIMEFileNameA
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmSetCompositionWindow

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AllocConsole
AttachConsole
CancelIo
CancelIoEx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringA
CompareStringEx
CompareStringW
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiber
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReadConsoleA
ReadConsoleInputA
ReadConsoleW
ReadFile
ReadFileEx
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SearchPathA
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
WriteFileEx
__C_specific_handler
lstrcmpW

mf

MFGetService

mfplat

MFCreateMediaType
MFFrameRateToAverageTimePerFrame

netapi32

NetApiBufferFree
NetShareEnum

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

secur32

AcceptSecurityContext
AcquireCredentialsHandleW
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

setupapi

CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA

shell32

CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryFileW
ExtractIconExW
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetStockIconInfo
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginPaint
CallNextHookEx
CallWindowProcW
ChangeClipboardChain
ChangeDisplaySettingsExW
ChangeWindowMessageFilterEx
CharNextExA
ChildWindowFromPointEx
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CopyImage
CreateCaret
CreateCursor
CreateIconFromResource
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamW
DispatchMessageW
DrawIconEx
DrawMenuBar
DrawTextW
EmptyClipboard
EnableMenuItem
EndDialog
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsW
EnumWindows
FindWindowA
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoExW
GetClassInfoW
GetClientRect
GetClipCursor
GetClipboardData
GetClipboardFormatNameW
GetClipboardSequenceNumber
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMenuItemInfoW
GetMessageExtraInfo
GetMessageW
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetPropW
GetQueueStatus
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetShellWindow
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuW
IntersectRect
InvalidateRect
IsChild
IsClipboardFormatAvailable
IsHungAppWindow
IsIconic
IsRectEmpty
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageW
PtInRect
RealGetWindowClassW
RegisterClassExA
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterRawInputDevices
RegisterTouchWindow
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClipboardData
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
ValidateRect
WindowFromPoint

userenv

GetUserProfileDirectoryW

uxtheme

CloseThemeData
DrawThemeBackgroundEx
GetCurrentThemeName
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeEnumValue
GetThemeInt
GetThemeMargins
GetThemePartSize
GetThemePropertyOrigin
GetThemeTransitionDuration
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
OpenThemeData
SetWindowTheme

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW

winmm

PlaySoundW
mixerGetControlDetailsW
mixerGetID
mixerGetLineControlsW
mixerGetLineInfoW
mixerSetControlDetails
timeBeginPeriod
timeEndPeriod
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsW
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_skip
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_open_callback
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_number
archive_version_string
archive_write_close
archive_write_data
archive_write_data_block
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_header

Sections

.text
Size: 21.4MB - Virtual size: 21.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 899KB - Virtual size: 898KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 116.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc24-dns-server-windows-x64.exe
.exe windows:5 windows x64 arch:x64

d170e2e5adcfc4c271f2eb78a565305e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetStartupInfoW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
CreateProcessW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RiiConnect24-DNS-Server.pyc

Sharing

General

Malware Config

Signatures

Files

caf88cca79aabfd2b739bf978be728ea

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

msvcrt

ole32

opengl32

ws2_32

advapi32

bcrypt

crypt32

d3d9

dwmapi

dxva2

evr

gdi32

imm32

kernel32

mf

mfplat

netapi32

oleaut32

secur32

setupapi

shell32

user32

userenv

uxtheme

version

winmm

wtsapi32

Exports

Exports

Sections

.text Size: 21.4MB - Virtual size: 21.4MB

.data Size: 335KB - Virtual size: 335KB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.qtmetad Size: 2KB - Virtual size: 2KB

.qtmimed Size: 236KB - Virtual size: 236KB

.pdata Size: 749KB - Virtual size: 749KB

.xdata Size: 899KB - Virtual size: 898KB

.bss Size: - Virtual size: 116.0MB

.edata Size: 9KB - Virtual size: 9KB

.idata Size: 38KB - Virtual size: 37KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 137KB - Virtual size: 136KB

d170e2e5adcfc4c271f2eb78a565305e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 266KB - Virtual size: 265KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21.4MB - Virtual size: 21.4MB

.data
Size: 335KB - Virtual size: 335KB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.qtmetad
Size: 2KB - Virtual size: 2KB

.qtmimed
Size: 236KB - Virtual size: 236KB

.pdata
Size: 749KB - Virtual size: 749KB

.xdata
Size: 899KB - Virtual size: 898KB

.bss
Size: - Virtual size: 116.0MB

.edata
Size: 9KB - Virtual size: 9KB

.idata
Size: 38KB - Virtual size: 37KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 137KB - Virtual size: 136KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 266KB - Virtual size: 265KB

.reloc
Size: 2KB - Virtual size: 1KB