Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence
General
-
Target
by_diotsxd.rar
-
Size
3.2MB
-
MD5
4a8d4ca298f1ad12e13e71823f101d7f
-
SHA1
56eb18d3fb04bc002eac9bacd3920c4a4f5542e2
-
SHA256
a2ff920429d200ddab946e90e783d7b3e12d7da3021325c9667c862ae125dd57
-
SHA512
294e21fa7d983fce9824d03d4ea42f8c57afe9adbed55a28e724c70c0e89e9393d6c37ca6bf68c081e53c349e64858d3839fbef2dabc97c57c01d7df330acc2b
-
SSDEEP
49152:2cZza7aCvZ4p3v6efYFm8d7ysqMD+iJkpHnYMZOZqlfR6TNcaNskQVppEQtXZtSi:2laCUQFm8UsBD+iRM0qfRGakAppSPqwa
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/by d/by diotsxd.exe vmprotect -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/by d/by diotsxd.exe unpack001/by d/vcruntime140d.dll
Files
-
by_diotsxd.rar.rar
-
by d/by diotsxd.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 311KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 593KB - Virtual size: 592KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 9.6MB - Virtual size: 9.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
by d/vcruntime140d.dll.dll windows:6 windows x86 arch:x86
6310e6aa09f46f952e994ef81548691a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW
Exports
Exports
Sections
.text Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 226KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ