0e58c84afb5e6c65d85fb09c51594b736aa4a95971eee229fd2d5cfd26054510

Sharing

Copy URL Twitter E-mail

General

Target

0e58c84afb5e6c65d85fb09c51594b736aa4a95971eee229fd2d5cfd26054510
Size

4.1MB
MD5

9466f8242da6b702f16411a34c0174cd
SHA1

cf5e8060ebb411f6a41dcb73d064facf7490f6bd
SHA256

0e58c84afb5e6c65d85fb09c51594b736aa4a95971eee229fd2d5cfd26054510
SHA512

38c4a8bd3503abd6b44b3b50c454af7ff3ef0a38f1646f8b47626952b5ef443b374b391691f968ffcf3d6a95704227af2127d8e9f0a6e2b3c7b3715c25e32fdb
SSDEEP

98304:P4EofkGLwWxdf06UgBiE6HJWGUzfz/z2U8y8CCbA6pJ/Dr04Z92c:P4Xf9w84gB50JWJ58CC84//04N

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e58c84afb5e6c65d85fb09c51594b736aa4a95971eee229fd2d5cfd26054510

Files

0e58c84afb5e6c65d85fb09c51594b736aa4a95971eee229fd2d5cfd26054510
.dll windows:6 windows x64 arch:x64

5cf8d05c55cd02348238fa50c9c0176d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetParent
GetProcessWindowStation
GetUserObjectInformationW

shlwapi

PathFileExistsW

ws2_32

closesocket

ntdll

NtResumeProcess

crypt32

CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

advapi32

CryptEnumProvidersW

oleaut32

VariantClear

Exports

Exports

??0?$singleton@VMyConfig@@@serialization@boost@@IEAA@XZ
??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CharReader@Json@@QEAA@AEBV01@@Z
??0CharReader@Json@@QEAA@XZ
??0CharReaderBuilder@Json@@QEAA@AEBV01@@Z
??0CharReaderBuilder@Json@@QEAA@XZ
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0Exception@Json@@QEAA@AEBV01@@Z
??0Exception@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Factory@CharReader@Json@@QEAA@AEBV012@@Z
??0Factory@CharReader@Json@@QEAA@XZ
??0Factory@StreamWriter@Json@@QEAA@AEBV012@@Z
??0Factory@StreamWriter@Json@@QEAA@XZ
??0FastWriter@Json@@QEAA@AEBV01@@Z
??0FastWriter@Json@@QEAA@XZ
??0Features@Json@@QEAA@XZ
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0LogicError@Json@@QEAA@$$QEAV01@@Z
??0LogicError@Json@@QEAA@AEBV01@@Z
??0LogicError@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Path@Json@@QEAA@$$QEAV01@@Z
??0Path@Json@@QEAA@AEBV01@@Z
??0Path@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVPathArgument@1@1111@Z
??0PathArgument@Json@@QEAA@$$QEAV01@@Z
??0PathArgument@Json@@QEAA@AEBV01@@Z
??0PathArgument@Json@@QEAA@I@Z
??0PathArgument@Json@@QEAA@PEBD@Z
??0PathArgument@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0PathArgument@Json@@QEAA@XZ
??0Reader@Json@@QEAA@$$QEAV01@@Z
??0Reader@Json@@QEAA@AEBV01@@Z
??0Reader@Json@@QEAA@AEBVFeatures@1@@Z
??0Reader@Json@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0RuntimeError@Json@@QEAA@$$QEAV01@@Z
??0RuntimeError@Json@@QEAA@AEBV01@@Z
??0RuntimeError@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0StaticString@Json@@QEAA@PEBD@Z
??0StreamWriter@Json@@QEAA@AEBV01@@Z
??0StreamWriter@Json@@QEAA@XZ
??0StreamWriterBuilder@Json@@QEAA@AEBV01@@Z
??0StreamWriterBuilder@Json@@QEAA@XZ
??0StyledStreamWriter@Json@@QEAA@AEBV01@@Z
??0StyledStreamWriter@Json@@QEAA@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StyledWriter@Json@@QEAA@AEBV01@@Z
??0StyledWriter@Json@@QEAA@XZ
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0Value@Json@@QEAA@$$QEAV01@@Z
??0Value@Json@@QEAA@AEBV01@@Z
??0Value@Json@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QEAA@AEBVStaticString@1@@Z
??0Value@Json@@QEAA@H@Z
??0Value@Json@@QEAA@I@Z
??0Value@Json@@QEAA@N@Z
??0Value@Json@@QEAA@PEBD0@Z
??0Value@Json@@QEAA@PEBD@Z
??0Value@Json@@QEAA@W4ValueType@1@@Z
??0Value@Json@@QEAA@_J@Z
??0Value@Json@@QEAA@_K@Z
??0Value@Json@@QEAA@_N@Z
??0ValueConstIterator@Json@@AEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueConstIterator@Json@@QEAA@AEBVValueIterator@1@@Z
??0ValueConstIterator@Json@@QEAA@XZ
??0ValueIterator@Json@@AEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIterator@Json@@QEAA@AEBV01@@Z
??0ValueIterator@Json@@QEAA@AEBVValueConstIterator@1@@Z
??0ValueIterator@Json@@QEAA@XZ
??0ValueIteratorBase@Json@@QEAA@AEBV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIteratorBase@Json@@QEAA@XZ
??0Writer@Json@@QEAA@AEBV01@@Z
??0Writer@Json@@QEAA@XZ
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CharReader@Json@@UEAA@XZ
??1CharReaderBuilder@Json@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1Exception@Json@@UEAA@XZ
??1Factory@CharReader@Json@@UEAA@XZ
??1Factory@StreamWriter@Json@@UEAA@XZ
??1FastWriter@Json@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1LogicError@Json@@UEAA@XZ
??1Path@Json@@QEAA@XZ
??1PathArgument@Json@@QEAA@XZ
??1Reader@Json@@QEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1RuntimeError@Json@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1StreamWriter@Json@@UEAA@XZ
??1StreamWriterBuilder@Json@@UEAA@XZ
??1StyledStreamWriter@Json@@QEAA@XZ
??1StyledWriter@Json@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1Value@Json@@QEAA@XZ
??1Writer@Json@@UEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??4CharReader@Json@@QEAAAEAV01@AEBV01@@Z
??4CharReaderBuilder@Json@@QEAAAEAV01@AEBV01@@Z
??4Exception@Json@@QEAAAEAV01@AEBV01@@Z
??4Factory@CharReader@Json@@QEAAAEAV012@AEBV012@@Z
??4Factory@StreamWriter@Json@@QEAAAEAV012@AEBV012@@Z
??4FastWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4Features@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Features@Json@@QEAAAEAV01@AEBV01@@Z
??4LogicError@Json@@QEAAAEAV01@$$QEAV01@@Z
??4LogicError@Json@@QEAAAEAV01@AEBV01@@Z
??4Path@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Path@Json@@QEAAAEAV01@AEBV01@@Z
??4PathArgument@Json@@QEAAAEAV01@$$QEAV01@@Z
??4PathArgument@Json@@QEAAAEAV01@AEBV01@@Z
??4Reader@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Reader@Json@@QEAAAEAV01@AEBV01@@Z
??4RuntimeError@Json@@QEAAAEAV01@$$QEAV01@@Z
??4RuntimeError@Json@@QEAAAEAV01@AEBV01@@Z
??4StaticString@Json@@QEAAAEAV01@$$QEAV01@@Z
??4StaticString@Json@@QEAAAEAV01@AEBV01@@Z
??4StreamWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4StreamWriterBuilder@Json@@QEAAAEAV01@AEBV01@@Z
??4StyledStreamWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4StyledWriter@Json@@QEAAAEAV01@AEBV01@@Z
??4Value@Json@@QEAAAEAV01@$$QEAV01@@Z
??4Value@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@$$QEAV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueConstIterator@Json@@QEAAAEAV01@AEBVValueIteratorBase@1@@Z
??4ValueIterator@Json@@QEAAAEAV01@AEBV01@@Z
??4ValueIteratorBase@Json@@QEAAAEAV01@$$QEAV01@@Z
??4ValueIteratorBase@Json@@QEAAAEAV01@AEBV01@@Z
??4Writer@Json@@QEAAAEAV01@AEBV01@@Z
??5Json@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAV12@AEAVValue@0@@Z
??6Json@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AEAV12@AEBVValue@0@@Z
??8Value@Json@@QEBA_NAEBV01@@Z
??8ValueIteratorBase@Json@@QEBA_NAEBV01@@Z
??9Value@Json@@QEBA_NAEBV01@@Z
??9ValueIteratorBase@Json@@QEBA_NAEBV01@@Z
??ACharReaderBuilder@Json@@QEAAAEAVValue@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AStreamWriterBuilder@Json@@QEAAAEAVValue@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEAAAEAV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEAAAEAV01@AEBVStaticString@1@@Z
??AValue@Json@@QEAAAEAV01@H@Z
??AValue@Json@@QEAAAEAV01@I@Z
??AValue@Json@@QEAAAEAV01@PEBD@Z
??AValue@Json@@QEBAAEBV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEBAAEBV01@H@Z
??AValue@Json@@QEBAAEBV01@I@Z
??AValue@Json@@QEBAAEBV01@PEBD@Z
??BStaticString@Json@@QEBAPEBDXZ
??BValue@Json@@QEBA_NXZ
??CValueConstIterator@Json@@QEBAPEBVValue@1@XZ
??CValueIterator@Json@@QEAAPEAVValue@1@XZ
??DValueConstIterator@Json@@QEBAAEBVValue@1@XZ
??DValueIterator@Json@@QEAAAEAVValue@1@XZ
??EValueConstIterator@Json@@QEAA?AV01@H@Z
??EValueConstIterator@Json@@QEAAAEAV01@XZ
??EValueIterator@Json@@QEAA?AV01@H@Z
??EValueIterator@Json@@QEAAAEAV01@XZ
??FValueConstIterator@Json@@QEAA?AV01@H@Z
??FValueConstIterator@Json@@QEAAAEAV01@XZ
??FValueIterator@Json@@QEAA?AV01@H@Z
??FValueIterator@Json@@QEAAAEAV01@XZ
??GValueIteratorBase@Json@@QEBAHAEBV01@@Z
??MValue@Json@@QEBA_NAEBV01@@Z
??NValue@Json@@QEBA_NAEBV01@@Z
??OValue@Json@@QEBA_NAEBV01@@Z
??PValue@Json@@QEBA_NAEBV01@@Z
??_7CharReader@Json@@6B@
??_7CharReaderBuilder@Json@@6B@
??_7Exception@Json@@6B@
??_7Factory@CharReader@Json@@6B@
??_7Factory@StreamWriter@Json@@6B@
??_7FastWriter@Json@@6B@
??_7LogicError@Json@@6B@
??_7RuntimeError@Json@@6B@
??_7StreamWriter@Json@@6B@
??_7StreamWriterBuilder@Json@@6B@
??_7StyledWriter@Json@@6B@
??_7Writer@Json@@6B@
??_FStyledStreamWriter@Json@@QEAAXXZ
??_FVMemMgr@asmjit@@QEAAXXZ
??_FValue@Json@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?addComment@Reader@Json@@AEAAXPEBD0W4CommentPlacement@2@@Z
?addError@Reader@Json@@AEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVToken@12@PEBD@Z
?addErrorAndRecover@Reader@Json@@AEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVToken@12@W4TokenType@12@@Z
?addPathInArg@Path@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@PEBVPathArgument@Json@@V?$allocator@PEBVPathArgument@Json@@@std@@@4@AEAV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PEBVPathArgument@Json@@@std@@@std@@@4@W4Kind@PathArgument@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?all@Features@Json@@SA?AV12@XZ
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?append@Value@Json@@QEAAAEAV12@$$QEAV12@@Z
?append@Value@Json@@QEAAAEAV12@AEBV12@@Z
?asBool@Value@Json@@QEBA_NXZ
?asCString@Value@Json@@QEBAPEBDXZ
?asDouble@Value@Json@@QEBANXZ
?asFloat@Value@Json@@QEBAMXZ
?asInt64@Value@Json@@QEBA_JXZ
?asInt@Value@Json@@QEBAHXZ
?asLargestInt@Value@Json@@QEBA_JXZ
?asLargestUInt@Value@Json@@QEBA_KXZ
?asString@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asUInt64@Value@Json@@QEBA_KXZ
?asUInt@Value@Json@@QEBAIXZ
?begin@Value@Json@@QEAA?AVValueIterator@2@XZ
?begin@Value@Json@@QEBA?AVValueConstIterator@2@XZ
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?c_str@StaticString@Json@@QEBAPEBDXZ
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?clear@Value@Json@@QEAAXXZ
?compare@Value@Json@@QEBAHAEBV12@@Z
?computeDistance@ValueIteratorBase@Json@@IEBAHAEBV12@@Z
?containsNewLine@Reader@Json@@CA_NPEBD0@Z
?copy@Value@Json@@QEAAXAEBV12@@Z
?copy@ValueIteratorBase@Json@@IEAAXAEBV12@@Z
?copyPayload@Value@Json@@QEAAXAEBV12@@Z
?currentValue@Reader@Json@@AEAAAEAVValue@2@XZ
?decodeDouble@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeDouble@Reader@Json@@AEAA_NAEAVToken@12@AEAVValue@2@@Z
?decodeNumber@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeNumber@Reader@Json@@AEAA_NAEAVToken@12@AEAVValue@2@@Z
?decodeString@Reader@Json@@AEAA_NAEAVToken@12@@Z
?decodeString@Reader@Json@@AEAA_NAEAVToken@12@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?decodeUnicodeCodePoint@Reader@Json@@AEAA_NAEAVToken@12@AEAPEBDPEBDAEAI@Z
?decodeUnicodeEscapeSequence@Reader@Json@@AEAA_NAEAVToken@12@AEAPEBDPEBDAEAI@Z
?decrement@ValueIteratorBase@Json@@IEAAXXZ
?defaultRealPrecision@Value@Json@@2IB
?demand@Value@Json@@QEAAPEAV12@PEBD0@Z
?deref@ValueIteratorBase@Json@@IEAAAEAVValue@2@XZ
?deref@ValueIteratorBase@Json@@IEBAAEBVValue@2@XZ
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dropNullPlaceholders@FastWriter@Json@@QEAAXXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?dupMeta@Value@Json@@AEAAXAEBV12@@Z
?dupPayload@Value@Json@@AEAAXAEBV12@@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?empty@Value@Json@@QEBA_NXZ
?enableYAMLCompatibility@FastWriter@Json@@QEAAXXZ
?end@Value@Json@@QEAA?AVValueIterator@2@XZ
?end@Value@Json@@QEBA?AVValueConstIterator@2@XZ
?find@Value@Json@@QEBAPEBV12@PEBD0@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?get@Value@Json@@QEBA?AV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@@Z
?get@Value@Json@@QEBA?AV12@IAEBV12@@Z
?get@Value@Json@@QEBA?AV12@PEBD0AEBV12@@Z
?get@Value@Json@@QEBA?AV12@PEBDAEBV12@@Z
?getComment@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getFormatedErrorMessages@Reader@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFormattedErrorMessages@Reader@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getLocationLineAndColumn@Reader@Json@@AEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?getLocationLineAndColumn@Reader@Json@@AEBAXPEBDAEAH1@Z
?getMemberNames@Value@Json@@QEBA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getNextChar@Reader@Json@@AEAADXZ
?getOffsetLimit@Value@Json@@QEBA_JXZ
?getOffsetStart@Value@Json@@QEBA_JXZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?getString@Value@Json@@QEBA_NPEAPEBD0@Z
?getStructuredErrors@Reader@Json@@QEBA?AV?$vector@UStructuredError@Reader@Json@@V?$allocator@UStructuredError@Reader@Json@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ
?get_mutable_instance@?$singleton@VMyConfig@@@serialization@boost@@SAAEAVMyConfig@@XZ
?good@Reader@Json@@QEBA_NXZ
?hasComment@Value@Json@@QEBA_NW4CommentPlacement@2@@Z
?hasCommentForValue@StyledStreamWriter@Json@@CA_NAEBVValue@2@@Z
?hasCommentForValue@StyledWriter@Json@@CA_NAEBVValue@2@@Z
?increment@ValueIteratorBase@Json@@IEAAXXZ
?indent@StyledStreamWriter@Json@@AEAAXXZ
?indent@StyledWriter@Json@@AEAAXXZ
?index@ValueIteratorBase@Json@@QEBAIXZ
?initBasic@Value@Json@@AEAAXW4ValueType@2@_N@Z
?insert@Value@Json@@QEAA_NI$$QEAV12@@Z
?insert@Value@Json@@QEAA_NIAEBV12@@Z
?invalidPath@Path@Json@@CAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isAllocated@Value@Json@@AEBA_NXZ
?isArray@Value@Json@@QEBA_NXZ
?isBool@Value@Json@@QEBA_NXZ
?isConvertibleTo@Value@Json@@QEBA_NW4ValueType@2@@Z
?isDouble@Value@Json@@QEBA_NXZ
?isEqual@ValueIteratorBase@Json@@IEBA_NAEBV12@@Z
?isInt64@Value@Json@@QEBA_NXZ
?isInt@Value@Json@@QEBA_NXZ
?isIntegral@Value@Json@@QEBA_NXZ
?isMember@Value@Json@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isMember@Value@Json@@QEBA_NPEBD0@Z
?isMember@Value@Json@@QEBA_NPEBD@Z
?isMultilineArray@StyledStreamWriter@Json@@AEAA_NAEBVValue@2@@Z
?isMultilineArray@StyledWriter@Json@@AEAA_NAEBVValue@2@@Z
?isNull@Value@Json@@QEBA_NXZ
?isNumeric@Value@Json@@QEBA_NXZ
?isObject@Value@Json@@QEBA_NXZ
?isString@Value@Json@@QEBA_NXZ
?isUInt64@Value@Json@@QEBA_NXZ
?isUInt@Value@Json@@QEBA_NXZ
?isValidIndex@Value@Json@@QEBA_NI@Z
?is_locked@singleton_module@serialization@boost@@QEAA_NXZ
?key@ValueIteratorBase@Json@@QEBA?AVValue@2@XZ
?lock@?1??get_lock@singleton_module@serialization@boost@@AEAAAEA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QEAAXXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?make@Path@Json@@QEBAAEAVValue@2@AEAV32@@Z
?makePath@Path@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@PEBVPathArgument@Json@@V?$allocator@PEBVPathArgument@Json@@@std@@@4@@Z
?match@Reader@Json@@AEAA_NPEBDH@Z
?maxInt64@Value@Json@@2_JB
?maxInt@Value@Json@@2HB
?maxLargestInt@Value@Json@@2_JB
?maxLargestUInt@Value@Json@@2_KB
?maxUInt64@Value@Json@@2_KB
?maxUInt64AsDouble@Value@Json@@2NB
?maxUInt@Value@Json@@2IB
?memberName@ValueIteratorBase@Json@@QEBAPEBDPEAPEBD@Z
?memberName@ValueIteratorBase@Json@@QEBAPEBDXZ
?minInt64@Value@Json@@2_JB
?minInt@Value@Json@@2HB
?minLargestInt@Value@Json@@2_JB
?name@ValueIteratorBase@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?newCharReader@CharReaderBuilder@Json@@UEBAPEAVCharReader@2@XZ
?newStreamWriter@StreamWriterBuilder@Json@@UEBAPEAVStreamWriter@2@XZ
?noOperand@asmjit@@3UOperand@1@B
?normalizeEOL@Reader@Json@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD0@Z
?null@Value@Json@@2AEBV12@EB
?nullRef@Value@Json@@2AEBV12@EB
?nullSingleton@Value@Json@@SAAEBV12@XZ
?omitEndingLineFeed@FastWriter@Json@@QEAAXXZ
?parse@Reader@Json@@QEAA_NAEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAVValue@2@_N@Z
?parse@Reader@Json@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVValue@2@_N@Z
?parse@Reader@Json@@QEAA_NPEBD0AEAVValue@2@_N@Z
?parseFromStream@Json@@YA_NAEBVFactory@CharReader@1@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@PEAVValue@1@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?pushError@Reader@Json@@QEAA_NAEBVValue@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?pushError@Reader@Json@@QEAA_NAEBVValue@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledStreamWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readArray@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readCStyleComment@Reader@Json@@AEAA_NXZ
?readComment@Reader@Json@@AEAA_NXZ
?readCppStyleComment@Reader@Json@@AEAA_NXZ
?readNumber@Reader@Json@@AEAAXXZ
?readObject@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readString@Reader@Json@@AEAA_NXZ
?readToken@Reader@Json@@AEAA_NAEAVToken@12@@Z
?readValue@Reader@Json@@AEAA_NXZ
?recoverFromError@Reader@Json@@AEAA_NW4TokenType@12@@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releasePayload@Value@Json@@AEAAXXZ
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?removeIndex@Value@Json@@QEAA_NIPEAV12@@Z
?removeMember@Value@Json@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?removeMember@Value@Json@@QEAAXPEBD@Z
?removeMember@Value@Json@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV12@@Z
?removeMember@Value@Json@@QEAA_NPEBD0PEAV12@@Z
?removeMember@Value@Json@@QEAA_NPEBDPEAV12@@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?resize@Value@Json@@QEAAXI@Z
?resolve@Path@Json@@QEBA?AVValue@2@AEBV32@0@Z
?resolve@Path@Json@@QEBAAEBVValue@2@AEBV32@@Z
?resolveReference@Value@Json@@AEAAAEAV12@PEBD0@Z
?resolveReference@Value@Json@@AEAAAEAV12@PEBD@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setComment@Value@Json@@QEAAXPEBDW4CommentPlacement@2@@Z
?setComment@Value@Json@@QEAAXPEBD_KW4CommentPlacement@2@@Z
?setComment@Value@Json@@QEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?setDefaults@CharReaderBuilder@Json@@SAXPEAVValue@2@@Z
?setDefaults@StreamWriterBuilder@Json@@SAXPEAVValue@2@@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?setIsAllocated@Value@Json@@AEAAX_N@Z
?setOffsetLimit@Value@Json@@QEAAX_J@Z
?setOffsetStart@Value@Json@@QEAAX_J@Z
?setType@Value@Json@@AEAAXW4ValueType@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?size@Value@Json@@QEBAIXZ
?skipCommentTokens@Reader@Json@@AEAAXAEAVToken@12@@Z
?skipSpaces@Reader@Json@@AEAAXXZ
?strictMode@CharReaderBuilder@Json@@SAXPEAVValue@2@@Z
?strictMode@Features@Json@@SA?AV12@XZ
?swap@Value@Json@@QEAAXAEAV12@@Z
?swapPayload@Value@Json@@QEAAXAEAV12@@Z
?toStyledString@Value@Json@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type@Value@Json@@QEBA?AW4ValueType@2@XZ
?unindent@StyledStreamWriter@Json@@AEAAXXZ
?unindent@StyledWriter@Json@@AEAAXXZ
?unlock@singleton_module@serialization@boost@@QEAAXXZ
?validate@CharReaderBuilder@Json@@QEBA_NPEAVValue@2@@Z
?validate@StreamWriterBuilder@Json@@QEBA_NPEAVValue@2@@Z
?valueToQuotedString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NIW4PrecisionType@1@@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?what@Exception@Json@@UEBAPEBDXZ
?write@FastWriter@Json@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@2@@Z
?write@StyledStreamWriter@Json@@QEAAXAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AEBVValue@2@@Z
?write@StyledWriter@Json@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVValue@2@@Z
?writeArrayValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeArrayValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentBeforeValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeCommentBeforeValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeIndent@StyledStreamWriter@Json@@AEAAXXZ
?writeIndent@StyledWriter@Json@@AEAAXXZ
?writeString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVFactory@StreamWriter@1@AEBVValue@1@@Z
?writeValue@FastWriter@Json@@AEAAXAEBVValue@2@@Z
?writeValue@StyledStreamWriter@Json@@AEAAXAEBVValue@2@@Z
?writeValue@StyledWriter@Json@@AEAAXAEBVValue@2@@Z
?writeWithIndent@StyledStreamWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeWithIndent@StyledWriter@Json@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cf8d05c55cd02348238fa50c9c0176d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

ws2_32

ntdll

crypt32

bcrypt

advapi32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 721KB

.data Size: - Virtual size: 50KB

.pdata Size: - Virtual size: 113KB

_RDATA Size: - Virtual size: 244B

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 512B - Virtual size: 220B

.rsrc Size: 1024B - Virtual size: 656B

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 721KB

.data
Size: - Virtual size: 50KB

.pdata
Size: - Virtual size: 113KB

_RDATA
Size: - Virtual size: 244B

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 512B - Virtual size: 220B

.rsrc
Size: 1024B - Virtual size: 656B