Synapse Z[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Synapse Z.zip
Size

9.4MB
MD5

5acda0dfadf407a955bc8f439f3806de
SHA1

dd7b5253504c2e8b1579ef31edcd24dc1441a7db
SHA256

377646ff4a732a0b99ec1bab50223dd0204c94dba1ab377c944f162352f5bb58
SHA512

957b3a31917c269b674752efc7c03dfc45a7e77bde701bb5db5af0d53406dead24ad49733b9af5774fff60e119fa214c1fab9f6696937caffa6d6d44b344bf2f
SSDEEP

196608:guLcRyl099rxG8Ll87NlOUHbljNxyXmemeEVHK+Xw1BzasU1EF:gzMuHnMZxNeYH3X8eszF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Synapse Z/bin/dr0h9kp6oxpntvxf.exe	themida
static1/unpack001/Synapse Z/voEZaBoA2vncwauZ.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Synapse Z/bin/dr0h9kp6oxpntvxf.exe
unpack001/Synapse Z/bin/gtxypw0k.dll
unpack001/Synapse Z/voEZaBoA2vncwauZ.exe

Files

Synapse Z.zip
.zip
Synapse Z/bin/auth.syn
Synapse Z/bin/dr0h9kp6oxpntvxf.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 304KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 183KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Synapse Z/bin/gtxypw0k.dll
.dll windows:6 windows x64 arch:x64

d774ae95f4f4b551bedc95dda8c7a523

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Visual Studio Shit\ByfronModuleV4\x64\Release\ByfronModuleV4.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
NtQueryInformationThread
RtlAdjustPrivilege
NtRaiseHardError
RtlVirtualUnwind

kernel32

ResetEvent
SetEvent
GetLastError
RaiseException
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
SetUnhandledExceptionFilter
OpenThread
VirtualQuery
GlobalUnlock
GetCurrentProcessId
ExitProcess
GetFileSize
GlobalLock
CreateThread
CloseHandle
GlobalAlloc
TerminateThread
CreateFileA
SetLastError
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
InitializeCriticalSection
Sleep
FindClose
FindFirstFileW
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
GetModuleHandleA
ResumeThread
SuspendThread
GetCurrentThreadId
GetVolumeInformationA
IsBadStringPtrA
GetProcAddress
WriteFile
GetCurrentProcess
GetModuleFileNameA
ReadFile
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
GetModuleHandleW
HeapFree
GetProcessHeap
LoadLibraryW
InitializeSListHead
OpenEventA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
LoadLibraryExW
GetLocaleInfoEx
LocalFree
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
CreateDirectoryW
GetCurrentDirectoryW
CreateEventA
WideCharToMultiByte
GlobalFree
GetEnvironmentVariableA
QueryPerformanceCounter
TerminateProcess
WakeAllConditionVariable
FreeLibrary
FindNextFileW

user32

SendInput
GetSystemMetrics
LoadCursorA
GetWindowRect
ShowWindow
DispatchMessageA
GetCursorPos
GetMessageExtraInfo
UpdateWindow
RegisterClassExA
PostQuitMessage
PeekMessageA
GetClientRect
DefWindowProcW
GetWindowThreadProcessId
LoadIconA
GetAsyncKeyState
SetClipboardData
GetClipboardData
TranslateMessage
SetCursorPos
SetLayeredWindowAttributes
CreateWindowExA
ReleaseCapture
IsWindowUnicode
SetCursor
SetCapture
GetKeyboardLayout
TrackMouseEvent
GetCapture
ScreenToClient
SetWindowPos
GetKeyState
OpenClipboard
EnumWindows
GetForegroundWindow
SetWindowLongA
ClientToScreen
CloseClipboard
EmptyClipboard
GetWindowLongA
SetWindowTextA
MessageBoxA

gdi32

CreateSolidBrush

advapi32

CryptHashData
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
SystemFunction036
CryptGetHashParam
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegCloseKey
ConvertSidToStringSidA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation

msvcp140

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xbad_function_call@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bios_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_timedwait
_Tolower
_Toupper
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??0ctype_base@std@@QEAA@_K@Z
??1ctype_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Random_device@std@@YAIXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_type_info_destroy_list
__current_exception_context
__current_exception
_purecall
__std_terminate
wcschr
strstr
strrchr
strchr
__std_type_info_compare
_CxxThrowException
memchr
memcmp
__C_specific_handler
__std_exception_copy
memcpy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_errno
terminate
strerror
__sys_errlist
__sys_nerr
_invalid_parameter_noinfo_noreturn
_beginthreadex
abort
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fclose
_read
_write
fseek
fgets
_fileno
_close
fputc
__stdio_common_vsprintf_s
fgetc
fputs
_wopen
__stdio_common_vfprintf
fopen
fflush
fwrite
__acrt_iob_func
__stdio_common_vsprintf
fgetpos
setvbuf
ungetc
feof
fsetpos
fread
_fseeki64
_lseeki64
_get_stream_buffer_pointers
ftell
_wfopen
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
calloc
free

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_difftime64
_time64
_gmtime64
_localtime64_s
strftime
clock

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

isalnum
toupper
strspn
strnlen
strncpy
isblank
isspace
strcspn
strncat
_strdup
wcsncpy
tolower
wcsncmp
strpbrk
isupper
isalpha
isxdigit
iscntrl
ispunct
isdigit
strncmp
islower
_wcsdup
strcmp
wcspbrk
isgraph

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_waccess
_lock_file
_unlock_file
_unlink
_wstat64

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
strtoul
atoi
strtol
strtoll
wcstombs
atof

api-ms-win-crt-math-l1-1-0

_fdopen
floorf
powf
log2
log10
log
fmodf
fmod
pow
ceilf
ceil
atan2f
atan2
floor
exp
cosh
cosf
frexp
modf
cos
_dsign
round
atan
asin
acosf
acos
ldexp
sin
sinf
sinh
sqrt
sqrtf
tan
tanh

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

WSAResetEvent
getsockopt
gethostname
getpeername
freeaddrinfo
htonl
WSAIoctl
getaddrinfo
socket
setsockopt
ntohs
listen
getsockname
accept
sendto
recvfrom
bind
ioctlsocket
htons
__WSAFDIsSet
select
WSAStartup
WSACleanup
WSASetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
inet_pton
inet_ntop
closesocket
recv
send
WSAGetLastError
connect

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Synapse Z/bin/launch.syn
Synapse Z/crashlogs/19736_3020.txt
Synapse Z/voEZaBoA2vncwauZ.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 285KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Synapse Z/workspace/.tests/getcustomasset.txt
Synapse Z/workspace/.tests/readfile.txt
Synapse Z/workspace/IY_FE.iy
Synapse Z/workspace/SNC-Results.txt
Synapse Z/workspace/ThunderClientUUID.txt
Synapse Z/workspace/dca3e69649ed196af0ac6577f743a0ae-cache.lua
.js

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 304KB - Virtual size: 605KB

Size: 183KB - Virtual size: 546KB

Size: 1KB - Virtual size: 8KB

Size: 15KB - Virtual size: 25KB

Size: 512B - Virtual size: 480B

Size: 5KB - Virtual size: 7KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

d774ae95f4f4b551bedc95dda8c7a523

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

ntdll

kernel32

user32

gdi32

advapi32

msvcp140

d3dcompiler_47

dwmapi

imm32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 614KB - Virtual size: 614KB

.data Size: 15KB - Virtual size: 43KB

.pdata Size: 94KB - Virtual size: 94KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 11KB - Virtual size: 10KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 285KB - Virtual size: 560KB

Size: 88KB - Virtual size: 165KB

Size: 1KB - Virtual size: 7KB

Size: 14KB - Virtual size: 24KB

Size: 512B - Virtual size: 488B

Size: 1KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 614KB - Virtual size: 614KB

.data
Size: 15KB - Virtual size: 43KB

.pdata
Size: 94KB - Virtual size: 94KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 11KB - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB