c9dc513d97d7af9a7f57afdaee73629eb4fd8da8d92be3d9911cbd9f9f84366b

Sharing

Copy URL Twitter E-mail

General

Target

c9dc513d97d7af9a7f57afdaee73629eb4fd8da8d92be3d9911cbd9f9f84366b
Size

1.1MB
MD5

7b699acc687a287c895a77d8d047a588
SHA1

3511549cacd54cc3b0241cfe6ec2f2eddbdb223a
SHA256

c9dc513d97d7af9a7f57afdaee73629eb4fd8da8d92be3d9911cbd9f9f84366b
SHA512

3c36f0e0c0e1960d20c32f0211265f97108facd1ee722dfd7884f556742bccaad8e1c20e1031e699eae66cf49cc24ff78617c6a23e1e7184afef1d0c80882bbc
SSDEEP

12288:jYj387hm1bXgfkFMHx6/nar5CE2NWlqW8b:8b8kXleg/kF8W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9dc513d97d7af9a7f57afdaee73629eb4fd8da8d92be3d9911cbd9f9f84366b

Files

c9dc513d97d7af9a7f57afdaee73629eb4fd8da8d92be3d9911cbd9f9f84366b
.exe windows:6 windows x64 arch:x64

a46e11711bd6935479ed52a8972631ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\assemblage\Builds\5649491418484044085hzhivfwsul\VkScanlinePR\assemblage_outdir_bin\VkScanlinePR.pdb

Imports

vulkan-1

vkBeginCommandBuffer
vkEndCommandBuffer
vkCmdBindPipeline
vkCmdSetViewport
vkCmdSetScissor
vkCmdDraw
vkCmdDispatch
vkCmdCopyBuffer
vkCmdPushConstants
vkCmdBeginRenderPass
vkCmdEndRenderPass
vkFlushMappedMemoryRanges
vkInvalidateMappedMemoryRanges
vkBindBufferMemory
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceMemoryProperties
vkCreateDevice
vkDestroyDevice
vkEnumerateDeviceExtensionProperties
vkGetBufferMemoryRequirements
vkCreateFence
vkDestroyFence
vkWaitForFences
vkCreateBuffer
vkDestroyCommandPool
vkFreeCommandBuffers
vkCreateImageView
vkDestroyImageView
vkDestroySurfaceKHR
vkCreateShaderModule
vkCreateInstance
vkEnumeratePhysicalDevices
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkCreatePipelineCache
vkCreateFramebuffer
vkCreateRenderPass
vkGetInstanceProcAddr
vkAllocateMemory
vkAllocateCommandBuffers
vkCreateCommandPool
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreatePipelineLayout
vkCreateComputePipelines
vkCreateGraphicsPipelines
vkCreateBufferView
vkDestroyBuffer
vkCreateSemaphore
vkUnmapMemory
vkMapMemory
vkFreeMemory
vkQueueWaitIdle
vkQueueSubmit
vkGetDeviceQueue
vkGetDeviceProcAddr
vkDeviceWaitIdle

shaderc_shared

shaderc_compile_options_release
shaderc_compile_options_add_macro_definition
shaderc_compile_options_set_optimization_level
shaderc_compile_options_initialize
shaderc_compiler_initialize
shaderc_compile_into_preprocessed_text
shaderc_result_release
shaderc_result_get_length
shaderc_compile_into_spv
shaderc_result_get_compilation_status
shaderc_result_get_bytes
shaderc_compiler_release
shaderc_compile_into_spv_assembly

kernel32

IsDebuggerPresent
RtlVirtualUnwind
UnhandledExceptionFilter
RtlCaptureContext
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RaiseException
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
SetThreadExecutionState
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
GetModuleHandleW
GetLastError
VerSetConditionMask
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualQuery

user32

MsgWaitForMultipleObjects
GetSystemMetrics
SetForegroundWindow
SetPropW
GetPropW
RemovePropW
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
WindowFromPoint
ClipCursor
SetRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongPtrW
LoadCursorW
DestroyIcon
LoadImageW
CreateIconIndirect
MonitorFromWindow
GetRawInputData
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputDeviceList
TranslateMessage
SetCapture
GetKeyState
GetActiveWindow
SetFocus
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
ReleaseCapture
SetLayeredWindowAttributes
GetLayeredWindowAttributes
RegisterClassExW
UnregisterClassW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
TrackMouseEvent
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ReleaseDC
GetDC
SystemParametersInfoW
MapVirtualKeyW
ToUnicode
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterDeviceNotification
RegisterDeviceNotificationW
PeekMessageW
DispatchMessageW

gdi32

CreateDCW
SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateDIBSection
DeleteObject
CreateRectRgn
CreateBitmap
SetDeviceGammaRamp
GetDeviceGammaRamp
GetDeviceCaps
DeleteDC

shell32

DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

msvcp140d

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??Bios_base@std@@QEBA_NXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$ctype@D@std@@2V0locale@2@A
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

vcruntime140d

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
memchr
memcmp
memset
memcpy
strstr
__C_specific_handler
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
_purecall

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_set_app_type
_seh_filter_exe
_CrtDbgReportW
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
malloc
_callnewh
_malloc_dbg
_free_dbg
powf
qsort
strcmp
strtoul
realloc
strncmp
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
__setusermatherr
_invalid_parameter
_CrtDbgReport
__acrt_iob_func
__stdio_common_vfprintf
_wassert
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
__stdio_common_vsscanf
exit
calloc
free
__stdio_common_vsprintf
strncpy
strcspn
strspn

Sections

.textbss
Size: - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a46e11711bd6935479ed52a8972631ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vulkan-1

shaderc_shared

kernel32

user32

gdi32

shell32

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 309KB

.text Size: 688KB - Virtual size: 687KB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 9KB - Virtual size: 23KB

.pdata Size: 52KB - Virtual size: 52KB

.idata Size: 21KB - Virtual size: 21KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 337B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.textbss
Size: - Virtual size: 309KB

.text
Size: 688KB - Virtual size: 687KB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 9KB - Virtual size: 23KB

.pdata
Size: 52KB - Virtual size: 52KB

.idata
Size: 21KB - Virtual size: 21KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB