Multi-Vuln-Checker By-P[.]S[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Multi-Vuln-Checker By-P.S.rar
Size

2.8MB
MD5

381fc8ea04681759286c3136a50f30f3
SHA1

40a315b8df4e02b215850998b617200bb158f0e3
SHA256

6796ae3a03202f078be2aaa377374e84d0e82b89a75836f8d6e84aa27b1c920e
SHA512

330ea9aa8accf47b66f58176e8e01e4985bd5801a6dc6c5ef4d92da21125aec556dab3fed575d9b47e05f7b7d8b146316a8cea0c51310f72af0d039a765c07e6
SSDEEP

49152:ibQYgtq05AbQrnAYY3N8h+utVENL3tI41U+cHfp7sKBlRMCiJsKBlRMCip:uMW4Aw2I41ncHJsKnCsKne

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Multi-Vuln-Checker By-P.S/AngleSharp.dll
unpack001/Multi-Vuln-Checker By-P.S/Jint.dll
unpack001/Multi-Vuln-Checker By-P.S/Multi Vuln Checker.exe
unpack001/Multi-Vuln-Checker By-P.S/ntdll/AngleSharp.dll
unpack001/Multi-Vuln-Checker By-P.S/ntdll/Ionic.Zip.dll
unpack001/Multi-Vuln-Checker By-P.S/ntdll/Jint.dll
unpack001/Multi-Vuln-Checker By-P.S/ntdll/Launcher.exe
unpack001/Multi-Vuln-Checker By-P.S/ntdll/mvc4.exe
unpack001/Multi-Vuln-Checker By-P.S/ntdll/sysmain.dll
unpack001/Multi-Vuln-Checker By-P.S/sysmain.dll

Files

Multi-Vuln-Checker By-P.S.rar
.rar
Multi-Vuln-Checker By-P.S/AngleSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Code\AngleSharp\AngleSharp.Core\src\AngleSharp\bin\Release\net45\AngleSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/Multi Vuln Checker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/AngleSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Code\AngleSharp\AngleSharp.Core\src\AngleSharp\bin\Release\net45\AngleSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/LICENCE.dat
.zip
Multi-Vuln-Checker By-P.S/ntdll/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/mvc4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/ntdll/sysmain.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e23fd95ffd3de1da386a5209635e7f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysmain.pdb

Imports

msvcrt

??3@YAXPEAX@Z
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_amsg_exit
free
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
strcmp
sqrt
powf
_callnewh
memset
malloc
_errno
wcstok
rand
_wtof
_wtoi
memmove_s
memcpy_s
memcmp
isprint
iswascii
towupper
_wcslwr
wcstoul
tolower
iswspace
wcsncmp
_strupr
_wcsupr_s
log
swscanf_s
wcsstr
_purecall
_wcsnicmp
feof
fgetws
wcschr
strnlen
strchr
strstr
_wfopen
_wcsupr
exp
_wcsicmp
memmove
srand
wcsnlen
bsearch
qsort
fclose
fopen
fprintf
_vsnprintf
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
__iob_func
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtReadFile
NtSetInformationFile
RtlRbInsertNodeEx
NtQueryValueKey
RtlGetPersistedStateLocation
RtlRandomEx
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
RtlFindLastBackwardRunClear
NtFreeVirtualMemory
NtSetInformationProcess
NtQueryDirectoryFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
DbgPrint
NtCreateKey
NtQueryInformationThread
RtlQueryWnfStateData
RtlDecompressBufferEx
RtlRbRemoveNode
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtEnumerateValueKey
NtQueryVirtualMemory
NtDeleteKey
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlNumberOfClearBitsInRange
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlGetSuiteMask
NtQueryLicenseValue
NtQueryInformationFile
RtlGetVersion
RtlImageNtHeader
NtDeviceIoControlFile
NtPowerInformation
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlComputeCrc32
NtSetSystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlNtStatusToDosError
NtClose
RtlQueryResourcePolicy

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
CreateEventW
WaitForSingleObject
AcquireSRWLockShared
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ResetEvent
DeleteCriticalSection
CreateMutexExW
CreateWaitableTimerExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockShared

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
CreateThread
CreateProcessW
GetThreadPriority
GetCurrentThreadId
OpenProcessToken
ResumeThread
GetCurrentThread
OpenThread
SetThreadPriority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFree
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
ImpersonateSelf
IsValidSid
EqualSid
ImpersonateLoggedOnUser
FreeSid
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-file-l1-1-0

FindNextVolumeW
FindFirstFileExW
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameW
FindFirstVolumeW
QueryDosDeviceW
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFileAttributesW
SetFilePointerEx
GetFileAttributesW
SetFilePointer
GetFileTime
CreateFileW
FindNextFileW
ReadFile
DeleteFileW
FindClose
CompareFileTime
GetFinalPathNameByHandleW
FindFirstFileW
GetFileSize
GetFileSizeEx
FlushFileBuffers
WriteFile
FindVolumeClose

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapCreate
HeapAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

rpcrt4

RpcBindingFromStringBindingW
RpcEpRegisterW
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringBindingComposeW
RpcServerUnregisterIfEx
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
NdrServerCallAll
RpcBindingToStringBindingW
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerInqBindings

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
CreateActCtxW

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister
PdcActivationClientActivityRequest

powrprof

PowerSettingRegisterNotificationEx
PowerClearUserAwayPrediction
PowerSetUserAwayPrediction

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AgGlLoad
AgPdLoad
AgTwLoad
CloseReadyBoostPerfData
CollectReadyBoostPerfData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
OpenReadyBoostPerfData
PfSvSysprepCleanup
PfSvUnattendCallback
PfSvWsSwapAssessmentTask
SysMtServiceMain

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Multi-Vuln-Checker By-P.S/readme.txt
Multi-Vuln-Checker By-P.S/sysmain.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e23fd95ffd3de1da386a5209635e7f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysmain.pdb

Imports

msvcrt

??3@YAXPEAX@Z
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_amsg_exit
free
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
strcmp
sqrt
powf
_callnewh
memset
malloc
_errno
wcstok
rand
_wtof
_wtoi
memmove_s
memcpy_s
memcmp
isprint
iswascii
towupper
_wcslwr
wcstoul
tolower
iswspace
wcsncmp
_strupr
_wcsupr_s
log
swscanf_s
wcsstr
_purecall
_wcsnicmp
feof
fgetws
wcschr
strnlen
strchr
strstr
_wfopen
_wcsupr
exp
_wcsicmp
memmove
srand
wcsnlen
bsearch
qsort
fclose
fopen
fprintf
_vsnprintf
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
__iob_func
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
ZwSetValueKey
ZwClose
ZwQueryValueKey
ZwCreateKey
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtReadFile
NtSetInformationFile
RtlRbInsertNodeEx
NtQueryValueKey
RtlGetPersistedStateLocation
RtlRandomEx
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
RtlFindLastBackwardRunClear
NtFreeVirtualMemory
NtSetInformationProcess
NtQueryDirectoryFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
DbgPrint
NtCreateKey
NtQueryInformationThread
RtlQueryWnfStateData
RtlDecompressBufferEx
RtlRbRemoveNode
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtEnumerateValueKey
NtQueryVirtualMemory
NtDeleteKey
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlNumberOfClearBitsInRange
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlGetSuiteMask
NtQueryLicenseValue
NtQueryInformationFile
RtlGetVersion
RtlImageNtHeader
NtDeviceIoControlFile
NtPowerInformation
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlComputeCrc32
NtSetSystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlNtStatusToDosError
NtClose
RtlQueryResourcePolicy

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
CreateEventW
WaitForSingleObject
AcquireSRWLockShared
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ResetEvent
DeleteCriticalSection
CreateMutexExW
CreateWaitableTimerExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockShared

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
CreateThread
CreateProcessW
GetThreadPriority
GetCurrentThreadId
OpenProcessToken
ResumeThread
GetCurrentThread
OpenThread
SetThreadPriority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFree
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
ImpersonateSelf
IsValidSid
EqualSid
ImpersonateLoggedOnUser
FreeSid
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-file-l1-1-0

FindNextVolumeW
FindFirstFileExW
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameW
FindFirstVolumeW
QueryDosDeviceW
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFileAttributesW
SetFilePointerEx
GetFileAttributesW
SetFilePointer
GetFileTime
CreateFileW
FindNextFileW
ReadFile
DeleteFileW
FindClose
CompareFileTime
GetFinalPathNameByHandleW
FindFirstFileW
GetFileSize
GetFileSizeEx
FlushFileBuffers
WriteFile
FindVolumeClose

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapCreate
HeapAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

rpcrt4

RpcBindingFromStringBindingW
RpcEpRegisterW
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringBindingComposeW
RpcServerUnregisterIfEx
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
NdrServerCallAll
RpcBindingToStringBindingW
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerInqBindings

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
CreateActCtxW

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister
PdcActivationClientActivityRequest

powrprof

PowerSettingRegisterNotificationEx
PowerClearUserAwayPrediction
PowerSetUserAwayPrediction

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AgGlLoad
AgPdLoad
AgTwLoad
CloseReadyBoostPerfData
CollectReadyBoostPerfData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
OpenReadyBoostPerfData
PfSvSysprepCleanup
PfSvUnattendCallback
PfSvWsSwapAssessmentTask
SysMtServiceMain

Sections

.text
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 242KB - Virtual size: 241KB

.rsrc Size: 1024B - Virtual size: 668B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 172KB - Virtual size: 172KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 478KB - Virtual size: 477KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 242KB - Virtual size: 241KB

.rsrc Size: 1024B - Virtual size: 668B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 172KB - Virtual size: 172KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 785KB - Virtual size: 784KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 779KB - Virtual size: 779KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 31KB - Virtual size: 31KB

.didat
Size: 1024B - Virtual size: 664B