v-severe-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v-severe-main.zip
Size

3.3MB
MD5

e4255ee8bec635404eaca98b33d7bf3d
SHA1

562890cc18f41dc247b94e6478815b9213ce3f06
SHA256

076f473240e71960bc384995e111813ac802d93514519c0c3d26efaac4292cba
SHA512

fa9edcd17ddd63154084cedba6015995fee6145b5d12f1c36fdd189eee47aaf76782ea584d96becf3463ffc6391d5356883c42ca9c9eb61b460be33ec54ae812
SSDEEP

98304:lnkoOVthgV/VXT2cLgZYUDF2FT/A7V/Y8gK:dkoOVfKVXifYLmZsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v-severe-main/authenticator.exe
unpack001/v-severe-main/build.vki
unpack001/v-severe-main/software.exe

Files

v-severe-main.zip
.zip
v-severe-main/authenticator.exe
.exe windows:6 windows x64 arch:x64

e89d202bd86c628240f796536eeaa4d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask

kernel32

VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
WideCharToMultiByte
AcquireSRWLockExclusive
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetModuleFileNameA
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
IsDebuggerPresent
GetConsoleWindow
GetCurrentProcessId
ReadProcessMemory
GetProcAddress
AddVectoredExceptionHandler
CloseHandle
Process32First
VirtualProtect
GetCurrentProcess
CreateMutexA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
ReleaseSRWLockExclusive
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
Process32Next
Process32FirstW
FreeLibrary
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable

user32

ShowWindow
MessageBoxA

advapi32

ConvertSidToStringSidA
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExA
IsValidSid
RegCreateKeyExA
RegOpenKeyA
RegCloseKey
CopySid
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
GetTokenInformation

msvcp140

?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Thrd_detach
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z

normaliz

IdnToAscii

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord143
ord27
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord32

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore

ws2_32

ntohs
htons
getsockopt
getsockname
setsockopt
connect
bind
WSAGetLastError
send
recv
closesocket
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
getpeername

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

winhttp

WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpCrackUrl

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
strrchr
strchr
__current_exception_context
memmove
memcpy
memcmp
memchr
_CxxThrowException
__std_terminate
_purecall
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__current_exception
memset
_local_unwind

api-ms-win-crt-runtime-l1-1-0

terminate
system
_errno
strerror
_invalid_parameter_noinfo
_beginthreadex
_resetstkoflw
exit
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__sys_nerr
__p___argv
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit
_get_initial_narrow_environment
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

atoi
strtoull
strtoul
strtol
strtoll
strtod

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fgets
_pclose
_popen
fread
feof
_set_fmode
__stdio_common_vsprintf
_read
_write
ftell
__stdio_common_vsscanf
_close
_open
__p__commode
fputs
_lseeki64
fopen
fwrite
fputc
fclose
fflush
fseek

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr

api-ms-win-crt-string-l1-1-0

tolower
strcmp
strncmp
_strdup
strcspn
strspn
isupper
strncpy
strpbrk

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_stat64
_unlink

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.auth
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auth
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v-severe-main/build.vki
.dll windows:6 windows x64 arch:x64

68ed0307211e364324bc9d8ba43d6093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExA
IsValidSid
RegCreateKeyExA
LookupPrivilegeValueA
RegGetValueA
RegOpenKeyA
RegCloseKey
AdjustTokenPrivileges
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

normaliz

IdnToAscii

wldap32

ord60
ord301
ord200
ord30
ord79
ord35
ord46
ord33
ord32
ord27
ord26
ord22
ord41
ord217
ord50
ord45
ord211
ord143

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

user32

GetCursorPos
ReleaseDC
SetCursorPos
ReleaseCapture
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
ScreenToClient
MonitorFromWindow
GetDC
GetKeyState
SendInput
SetForegroundWindow
UpdateWindow
FindWindowA
GetDesktopWindow
OpenClipboard
mouse_event
EnumDisplaySettingsA
MessageBoxA
MapVirtualKeyA
SetWindowDisplayAffinity
GetWindowLongA
SetWindowLongA
ShowWindow
SetWindowPos
GetWindowRect
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageTime
SendMessageW
PostMessageW
WaitMessage
DefWindowProcW
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
RegisterClassExW
CreateWindowExW
DestroyWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
FlashWindow
GetRawInputDeviceList
GetAsyncKeyState
GetRawInputDeviceInfoA
MoveWindow
GetWindowPlacement
GetWindowDisplayAffinity
SetWindowPlacement
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
SetFocus
GetActiveWindow
MapVirtualKeyW
MsgWaitForMultipleObjects
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterClassW
UnregisterDeviceNotification
GetSystemMetrics
SetPropW
GetPropW
RemovePropW
SetWindowTextW
AdjustWindowRectEx
WindowFromPoint
ClipCursor
SetRect
OffsetRect
PtInRect
GetWindowLongW
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
ntohs
WSAIoctl
send
socket
WSACleanup
closesocket
accept
bind
getsockname
htonl
listen
WSASend
recv
recvfrom
sendto
select
getpeername
gethostname
shutdown
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
htons
__WSAFDIsSet

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
CompareStringEx
LCMapStringW
CreateProcessW
GetSystemTimeAsFileTime
LCMapStringEx
DecodePointer
EncodePointer
GetCurrentThreadId
TryAcquireSRWLockExclusive
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
RaiseException
RtlPcToFileHeader
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapSize
SetEndOfFile
FlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetModuleHandleExW
InitializeCriticalSection
GetCommandLineW
GetEnvironmentStringsW
SetThreadExecutionState
GetModuleHandleW
VerifyVersionInfoW
GetCurrentProcessId
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
InitializeCriticalSectionEx
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetFileSizeEx
InitOnceExecuteOnce
DeleteFileW
GetExitCodeProcess
VirtualQueryEx
OpenThread
MulDiv
AllocConsole
CreateIoCompletionPort
SetProcessWorkingSetSize
FormatMessageA
TlsFree
CreateProcessA
FreeEnvironmentStringsW
SetEnvironmentVariableW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
WriteConsoleW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
ReadFile
TlsGetValue
RemoveVectoredExceptionHandler
SleepEx
Process32First
GetConsoleWindow
ExitProcess
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
WriteFile
SetCurrentConsoleFontEx
DeleteCriticalSection
LocalFree
WaitForMultipleObjects
Thread32Next
LeaveCriticalSection
GetThreadContext
GetQueuedCompletionStatus
Thread32First
CreateMutexA
WaitForSingleObject
K32EmptyWorkingSet
RtlCaptureStackBackTrace
AddVectoredExceptionHandler
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
GetExitCodeThread
Sleep
FormatMessageW
GetTickCount64
GetLastError
CreateWaitableTimerA
K32GetProcessMemoryInfo
CreateFileA
SetEvent
GetSystemDirectoryA
QueueUserAPC
TerminateThread
TlsAlloc
Process32Next
CloseHandle
CreateThread

gdi32

SetDeviceGammaRamp
GetDeviceGammaRamp
SwapBuffers
SetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCW
CreateDIBSection
CreateBitmap
CreateRectRgn
ChoosePixelFormat
DeleteObject
GetDeviceCaps

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpReceiveResponse
WinHttpOpenRequest

ole32

CoInitialize
CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance

shell32

ShellExecuteA
SHGetFolderPathA
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

bcrypt

BCryptGenRandom

ntdll

ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwOpenProcess

dbghelp

SymInitialize
SymFromAddr
SymCleanup

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.8MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v-severe-main/eula.txt
v-severe-main/software.exe
.exe windows:6 windows x64 arch:x64

20e0b7111b69fa60a8a0dbd598ee75ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

RegQueryValueExA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
OpenProcessToken
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey

ntdll

RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
RtlInitUnicodeString
RtlInitAnsiString
RtlGetVersion
RtlUnwind

kernel32

FlsFree
GetCurrentThreadId
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
Process32First
WriteProcessMemory
VirtualFree
GetCurrentProcess
GetStdHandle
SetCurrentConsoleFontEx
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
CreateFileA
LoadLibraryA
Process32Next
CloseHandle
GetProcAddress
VirtualAllocEx
LocalFree
ExitProcess
GetCurrentProcessId
FreeLibrary
GetConsoleWindow
CreateRemoteThread
FormatMessageA
CreateFileW
GetLastError
GetFileAttributesExW
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
ReadFile
CreatePipe
GetExitCodeProcess
WaitForSingleObject
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LCMapStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
DuplicateHandle
CreateProcessW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc

user32

ShowWindow
MessageBoxA

shell32

SHGetFolderPathA

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e89d202bd86c628240f796536eeaa4d3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

msvcp140

normaliz

wldap32

crypt32

ws2_32

rpcrt4

winhttp

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 897KB - Virtual size: 897KB

.auth Size: 512B - Virtual size: 388B

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 320KB - Virtual size: 322KB

.pdata Size: 35KB - Virtual size: 35KB

.auth Size: 4KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 7KB

68ed0307211e364324bc9d8ba43d6093

Headers

DLL Characteristics

File Characteristics

Imports

winmm

version

advapi32

normaliz

wldap32

crypt32

user32

ws2_32

d3d11

d3dcompiler_43

kernel32

gdi32

winhttp

ole32

shell32

bcrypt

ntdll

dbghelp

imm32

d3dx11_43

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 637KB - Virtual size: 636KB

.data Size: 2.8MB - Virtual size: 2.9MB

.pdata Size: 103KB - Virtual size: 103KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

20e0b7111b69fa60a8a0dbd598ee75ab

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 897KB - Virtual size: 897KB

.auth
Size: 512B - Virtual size: 388B

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 320KB - Virtual size: 322KB

.pdata
Size: 35KB - Virtual size: 35KB

.auth
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 637KB - Virtual size: 636KB

.data
Size: 2.8MB - Virtual size: 2.9MB

.pdata
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB