Release (1)[.]rar

Resubmissions

02/09/2024, 11:18

240902-nd8txayfml 8

02/09/2024, 05:41

240902-gdgbbstamp 8

Sharing

Copy URL

Twitter E-mail

General

Target

Release (1).rar
Size

4.5MB
MD5

946fb202741c9fa21fa39ee133354372
SHA1

16c7eba3bc89983a7bf3b1e49860fb13cc00b200
SHA256

d1fb000f1bfc13de4f993aeec98fea144d12b76e129fbd3e9cc0ef3a808d70a7
SHA512

7487642a805b848afb7b6384c801807362887ddac415cc525b915d1ec65bd47aa58ecdafd0110f5a13fbd1ded8b91aee54fc46780eef5b90254e6809559f516e
SSDEEP

98304:fuKDkn9ZTpu7SC/KtE247mMcXp1qKZQnU19DqEID5c/TOjW:fuKg7M7f/GE2gNcXdZ4LDDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mapper/map.exe
unpack001/Sentinal.dll
unpack001/haze.exe

Files

Release (1).rar
.rar
Mapper/map.exe
.exe windows:6 windows x64 arch:x64

bf624f61e27b945152cda3c4cc695b1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\death\Desktop\custom_mapper\x64\Release\custom_mapper.pdb

Imports

kernel32

GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
CreateFileA
Process32Next
CloseHandle
CreateFileW
GetConsoleWindow
GetCurrentProcessId
FormatMessageA
GetLocaleInfoEx
LoadLibraryExA
TerminateProcess
VirtualAlloc
DeviceIoControl
SetCurrentConsoleFontEx
GetStdHandle
GetCurrentProcess
VirtualFree
SetConsoleTextAttribute
GetProcAddress
Process32First
GetFileAttributesW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree

user32

MessageBoxA
GetWindowRect
MoveWindow

advapi32

RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

ntdll

RtlInitAnsiString
NtQuerySystemInformation
RtlAnsiStringToUnicodeString

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
_CxxThrowException
memchr
memcmp
memcpy
__std_terminate
__C_specific_handler
__current_exception_context
memset
__std_exception_destroy
__current_exception
memmove

api-ms-win-crt-stdio-l1-1-0

ungetc
_set_fmode
setvbuf
fgetpos
fwrite
fsetpos
_get_stream_buffer_pointers
__p__commode
__stdio_common_vfprintf
fgetc
fputc
_fseeki64
__acrt_iob_func
fclose
fflush
fread

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
__p___argv
_set_app_type
perror
_c_exit
exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_initterm_e
_exit
abort
_initterm
terminate
_beginthreadex
_seh_filter_exe
_cexit
_invalid_parameter_noinfo_noreturn
system

api-ms-win-crt-string-l1-1-0

_stricmp
wcscpy_s

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sentinal.dll
.dll windows:6 windows x64 arch:x64

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

getaddrinfo

wldap32

ord41

crypt32

CertFreeCertificateContext

advapi32

ReportEventW
RegCloseKey

kernel32

WideCharToMultiByte
GetModuleHandleA

user32

MessageBoxA
DefWindowProcW

shell32

ShellExecuteA
SHGetDiskFreeSpaceA

shlwapi

PathFindFileNameA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

bcrypt

BCryptGenRandom

imagehlp

ImageNtHeader

wintrust

WinVerifyTrust

Exports

Exports

s_activate
s_filestream
s_get_expiry
s_get_level
s_get_response
s_get_username
s_init
s_log
s_login
s_registr
s_token
s_var

Sections

.rsrc
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
haze.exe
.exe windows:6 windows x64 arch:x64

bf2b0f7dc4f420e049696e30ab3ab112

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\death\Desktop\CX12\x64\Release\CX12.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
TerminateProcess
OpenProcess
CloseHandle
GetThreadContext
OpenThread
Process32First
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32Next
GetConsoleWindow
IsDebuggerPresent
DeviceIoControl
CreateFileW
lstrcmpiA
GlobalUnlock
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetModuleHandleW
GetLastError
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleA
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
Sleep
GetCurrentProcessId
GetCurrentThreadId

user32

DispatchMessageA
EnumWindows
SendInput
GetWindowThreadProcessId
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
GetWindowRect
DestroyWindow
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
SetWindowDisplayAffinity
GetMonitorInfoA
MoveWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
UnregisterClassA
PostQuitMessage
GetDesktopWindow
FindWindowA
SetCursorPos
ReleaseCapture
IsWindowUnicode
SetProcessDPIAware
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
RegisterClassExA
GetKeyboardLayout
TrackMouseEvent
UpdateWindow
GetKeyState
ClientToScreen
GetMessageExtraInfo
GetCapture
ScreenToClient
MonitorFromWindow
LoadCursorA

gdi32

CreateSolidBrush

sentinal

s_token
s_init

msvcp140

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uncaught_exceptions@std@@YAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z

imm32

ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext
ImmSetCompositionWindow

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

winmm

waveOutSetVolume
PlaySoundA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
memcpy
memcmp
memmove
__std_exception_copy
__std_terminate
strstr
memset
_CxxThrowException
__std_exception_destroy
__C_specific_handler
__current_exception_context
__current_exception

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
fseek
ftell
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsscanf
fgetc
fflush
fputc
_get_stream_buffer_pointers
__p__commode
fwrite
_wfopen
__stdio_common_vfprintf
fclose
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
_crt_atexit
abort
_initterm_e
_initterm
_get_initial_narrow_environment
_beginthreadex
terminate
_set_app_type
exit
_seh_filter_exe
_cexit
system
_invalid_parameter_noinfo_noreturn
_errno
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

strtof
atof
strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

wcscpy_s
strncmp
strncpy
strcmp

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

acosf
fmodf
__setusermatherr
atan2f
sinf
ceilf
pow
cosf
sqrtf

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bf624f61e27b945152cda3c4cc695b1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

dbghelp

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 272B

826ef16799ff27bb9b68f910d876b3b2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

shlwapi

userenv

rpcrt4

bcrypt

imagehlp

wintrust

Exports

Exports

Sections

.rsrc Size: - Virtual size: 2.3MB

.rdata Size: - Virtual size: 772KB

.reloc Size: - Virtual size: 64KB

.reloc Size: - Virtual size: 104KB

.reloc Size: 30KB - Virtual size: 32KB

.pdata Size: - Virtual size: 6.4MB

.pdata Size: 114KB - Virtual size: 114KB

bf2b0f7dc4f420e049696e30ab3ab112

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

gdi32

sentinal

msvcp140

imm32

dwmapi

d3dx11_43

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 772KB

.reloc
Size: - Virtual size: 64KB

.reloc
Size: - Virtual size: 104KB

.reloc
Size: 30KB - Virtual size: 32KB

.pdata
Size: - Virtual size: 6.4MB

.pdata
Size: 114KB - Virtual size: 114KB

.text
Size: 485KB - Virtual size: 484KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 335KB - Virtual size: 338KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB