23-08-2024_KQWCtCu86aPjtK3[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

23-08-2024_KQWCtCu86aPjtK3.rar
Size

3.2MB
MD5

6662c8b9da45ae0e7a9987bbf6c8f940
SHA1

b456871dc462584b18ce4f4a12ff4391067c7998
SHA256

840df5efe1e2efb2dc870b3d92431df1aec14756909608e0d430384bd49435b6
SHA512

57b6df4fb64df69e9a2fce0c9a513b93a7a7391ab4879ff46deb04ca099d32af2c36549ab66c7b17ef2064ba08348406c0005c11b892dcbf41b6620b84881756
SSDEEP

49152:6vJRG763yr8GEuMWo2WqgOAVJZiZxUMqZrAxQR9vW1uqwd7XjO2OzegcZkdvKWY/:6+GirDEuMF2EVJeUdcxyMc8g3EHj8lBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/launcher.exe
unpack001/minty.dll

Files

23-08-2024_KQWCtCu86aPjtK3.rar
.rar

Password: 123
CheaterDawn.url
.url
launcher.exe
.exe windows:6 windows x64 arch:x64

Password: 123

98fb5dc7663100d03ef44103a45ddb07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\launcher.pdb

Imports

kernel32

GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
ResumeThread
Sleep
VirtualAllocEx
LocalFree
FormatMessageA
GetCurrentDirectoryW
CloseHandle
GetProcAddress
WaitForSingleObject
GetLastError
WriteProcessMemory
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

comdlg32

GetOpenFileNameA

advapi32

OpenProcessToken
CreateProcessAsUserA

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_copy
__std_exception_destroy
__std_terminate
memmove
memcmp
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
fgetpos
setvbuf
__stdio_common_vfprintf
fgetc
ungetc
fclose
fsetpos
fflush
_set_fmode
__acrt_iob_func
fread
fputc
_fseeki64
_get_stream_buffer_pointers
fwrite

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtod

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_set_app_type
terminate
_initterm
_cexit
_initterm_e
_invalid_parameter_noinfo_noreturn
exit
_exit
__p___argc
__p___argv
system
_c_exit
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_errno

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
minty.dll
.dll windows:6 windows x64 arch:x64

Password: 123

27ee9ac8b2ae14c8abbeaf1fb40bd1fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

SizeofResource
FindResourceA
LockResource
LoadResource
SetConsoleTextAttribute
GetStdHandle
VirtualProtect
GetCurrentProcess
Sleep
GetProcAddress
lstrcmpiW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
SetConsoleMode
GetConsoleMode
CreateThread
AllocConsole
GetCurrentThreadId
QueueUserAPC
OpenThread
AcquireSRWLockShared
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameW
SetLastError
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetLocaleInfoEx
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
GetConsoleWindow
ExitProcess
GetTickCount64
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
GetCurrentThread
SuspendThread
AreFileApisANSI

user32

ClientToScreen
GetCapture
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
GetKeyboardLayout
GetForegroundWindow
SetCapture
TrackMouseEvent
ShowWindow
IsWindowUnicode
ReleaseCapture
SetCursor
EnumWindows
GetClassNameA
GetWindowThreadProcessId
GetCursorPos
RegisterClassExA
SetCursorPos
GetClientRect
CallWindowProcA
SetWindowLongPtrA
OpenClipboard
CloseClipboard
EmptyClipboard
CreateWindowExA
GetClipboardData
SetClipboardData
DefWindowProcA
ScreenToClient

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteA

msvcp140

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??_7_Facet_base@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
??_7facet@locale@std@@6B@
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Facet_base@std@@UEAA@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
_Cnd_broadcast
_Cnd_destroy_in_situ
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$ctype@D@std@@2V0locale@2@A
??_7codecvt_base@std@@6B@
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
??1codecvt_base@std@@UEAA@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Query_perf_frequency
_Query_perf_counter
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?tolower@?$ctype@D@std@@QEBADD@Z

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtProtectVirtualMemory
NtQuerySection

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140

_purecall
__C_specific_handler
__std_exception_copy
strstr
__RTDynamicCast
strchr
longjmp
strrchr
memchr
memcpy
memset
__current_exception
__current_exception_context
_CxxThrowException
memcmp
memmove
__std_type_info_destroy_list
__intrinsic_setjmp
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
_callnewh
calloc
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_crt_atexit
_beginthreadex
terminate
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit
_register_onexit_function
_initialize_onexit_table
system
_invalid_parameter_noinfo
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
strerror
abort
_errno
exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
__acrt_iob_func
fclose
tmpnam
fgetc
fwrite
fgetpos
setvbuf
ungetc
__stdio_common_vfprintf
fsetpos
_ftelli64
_popen
__stdio_common_vswprintf
_pclose
clearerr
fgets
_fseeki64
fputc
ftell
getc
fopen
ferror
freopen
fseek
feof
__stdio_common_vsscanf
_wfopen
fread
fflush
tmpfile

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

isalnum
isblank
strncmp
isspace
tolower
islower
strspn
isupper
isdigit
strcmp
strcoll
isxdigit
strpbrk
isgraph
isalpha
iscntrl
ispunct
strncpy
toupper

api-ms-win-crt-math-l1-1-0

sinf
sin
powf
ldexp
pow
logf
log10
log
fmodf
fmod
floorf
floor
exp
cosf
_ldsign
frexp
_fdsign
_dsign
_dclass
_fdclass
_ldclass
acos
acosf
asin
atan2
sqrtf
atan2f
sqrt
ceil
ceilf
cos
tan

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
atof
strtoll
strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64
_difftime64
clock
_mktime64
strftime

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

98fb5dc7663100d03ef44103a45ddb07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 368B

Password: 123

27ee9ac8b2ae14c8abbeaf1fb40bd1fa

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 25KB - Virtual size: 285KB

.pdata Size: 65KB - Virtual size: 64KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 368B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 25KB - Virtual size: 285KB

.pdata
Size: 65KB - Virtual size: 64KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 7KB - Virtual size: 7KB