1beb97063e20b352b39703622d8f6c626dc8f32db4c3f66411e568aed99a6197

Sharing

Copy URL Twitter E-mail

General

Target

1beb97063e20b352b39703622d8f6c626dc8f32db4c3f66411e568aed99a6197
Size

6.1MB
MD5

2a97d8b73bcb16404cca37d9bf84aa53
SHA1

ca38f208af6d38420f1202c9c509f295fc943d9b
SHA256

1beb97063e20b352b39703622d8f6c626dc8f32db4c3f66411e568aed99a6197
SHA512

ff2bfa5a9f0925b789d54959013f984c6ca834a3a7ccf9e535a614c1c69df4a91c67b5c4285f617218e3cdc2e25e60fa981af6d18b0c07408ff0fb092faa633e
SSDEEP

196608:ji3HHTTyr8r0IrnfoH7eEGFoekBS7rMy:ji3HHX7IFGFoekBxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1beb97063e20b352b39703622d8f6c626dc8f32db4c3f66411e568aed99a6197

Files

1beb97063e20b352b39703622d8f6c626dc8f32db4c3f66411e568aed99a6197
.dll windows:6 windows x64 arch:x64

a390b65166afbc302bf1c85f73ba5a3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\geraldinho\Desktop\loader1008\x64\Release\DirectX 9.pdb

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

gdi32

BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetObjectW
CreateRoundRectRgn

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?good@ios_base@std@@QEBA_NXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

user32

SetWindowLongPtrW
GetSystemMetrics
UnregisterClassW
GetWindowLongPtrW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
RegisterHotKey
MoveWindow
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
UpdateWindow
SetForegroundWindow
SetWindowPos
SetWindowRgn
OpenClipboard
CloseClipboard
MessageBoxW
GetClipboardData
SetClipboardData
GetKeyState
GetDC
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
DestroyWindow
GetWindowRect
UnregisterHotKey
EmptyClipboard
DefWindowProcW
CreateWindowExW

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OutputDebugStringW
GetConsoleWindow
DeleteCriticalSection
ReadDirectoryChangesW
CreateThread
DeleteFileW
GetLastError
Sleep
CreateFileW
WaitForSingleObject
GetVolumeInformationA
InitializeCriticalSectionEx
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
VirtualFreeEx
CreateRemoteThread
CreateProcessW
VirtualAllocEx
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
WriteProcessMemory
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
QueryPerformanceCounter
GetModuleHandleW
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
FreeLibrary

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen

advapi32

GetUserNameW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
GetUserNameA
ControlService

ole32

CreateStreamOnHGlobal

shlwapi

ord214
ord184
ord213

gdiplus

GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipDisposeImage

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_terminate
strstr
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
memset
longjmp
__std_type_info_destroy_list
__intrinsic_setjmp
memcmp
memchr
memmove
memcpy
__std_exception_copy
strrchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
fputc
ftell
__stdio_common_vsprintf
_wfopen
fgetc
fwrite
__acrt_iob_func
__stdio_common_vfprintf
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
fseek
_get_stream_buffer_pointers
fclose
fflush
fopen

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strncmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
terminate
_beginthreadex
_crt_atexit
_resetstkoflw
_cexit
_invalid_parameter_noinfo_noreturn
_initterm
exit
_initterm_e
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

cosf
ceilf
acosf
_hypotf
sinf
sqrtf
fmodf

Sections

.text
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a390b65166afbc302bf1c85f73ba5a3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

d3dx9_43

gdi32

dwmapi

msvcp140

user32

kernel32

imm32

winhttp

advapi32

ole32

shlwapi

gdiplus

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 677KB - Virtual size: 677KB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 2.4MB - Virtual size: 2.4MB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 677KB - Virtual size: 677KB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 2.4MB - Virtual size: 2.4MB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB