77f1d79aaa550705800e51f5dbc5a950N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

77f1d79aaa550705800e51f5dbc5a950N.exe
Size

6.2MB
MD5

77f1d79aaa550705800e51f5dbc5a950
SHA1

141c1db20a9f2fd79d65f7666de6833a7afec1bd
SHA256

0bcc68f8c2be9971ba8bb849e9168cef638ac6c0cfab0e20e2bae2215b9742a3
SHA512

da40678762219a228f60e38d1e2d14eee1ab05be6931a08476129f023b58bacd21e5752ad024f9438108f11c81015e7cf92cc10d59b422a01b50db647c323959
SSDEEP

98304:rhAoQMFxv8rmQ7fnxJtWTQ1UnghvhpZXx:r+xWxvemy5LWTQPpZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77f1d79aaa550705800e51f5dbc5a950N.exe

Files

77f1d79aaa550705800e51f5dbc5a950N.exe
.exe windows:6 windows x64 arch:x64

885d4fad9e7aa70a1f158c8d316046c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\zoe\Desktop\projects\LoaderInje\imgui shop nl loader dx9\x64\Release\DirectX9.pdb

Imports

kernel32

GetComputerNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
ReleaseSRWLockExclusive
Sleep
AcquireSRWLockExclusive
SleepConditionVariableSRW
GetCurrentThreadId
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenProcess
WaitForSingleObject
VirtualProtect
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
CreateFileMappingA
OutputDebugStringW
WriteProcessMemory
GetModuleFileNameA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
QueryFullProcessImageNameW
CloseHandle
GetLastError
GetTickCount64
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
GetModuleHandleA
LoadLibraryW
CreateFileW

user32

MessageBoxA
LoadCursorA
GetMessageExtraInfo
GetKeyState
SetClipboardData
GetCapture
EmptyClipboard
CloseClipboard
OpenClipboard
UpdateWindow
FindWindowA
ShowWindow
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
RegisterClassExW
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
MoveWindow
DefWindowProcA
TranslateMessage
PeekMessageA
ScreenToClient
GetClipboardData
GetWindowThreadProcessId
DispatchMessageA
GetWindowRect
DestroyWindow
CreateWindowExW
GetSystemMetrics
UnregisterClassW
PostQuitMessage

advapi32

CryptImportKey
CryptGenRandom
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SetSecurityInfo
GetUserNameW
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
CryptEncrypt
OpenProcessToken
CryptDestroyKey

oleaut32

VariantClear

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Query_perf_counter
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

normaliz

IdnToAscii

wldap32

ord211
ord60
ord45
ord50
ord46
ord301
ord26
ord27
ord32
ord217
ord41
ord143
ord33
ord35
ord79
ord30
ord200
ord22

crypt32

CertGetCertificateChain
CertFindExtension
CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertGetNameStringA
CryptQueryObject
CertFreeCertificateChain

ws2_32

ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
accept

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__C_specific_handler
strrchr
strchr
memset
memmove
longjmp
memcmp
memchr
_CxxThrowException
strstr
__std_exception_copy
__std_exception_destroy
__std_terminate
__current_exception_context
memcpy
__intrinsic_setjmp

api-ms-win-crt-stdio-l1-1-0

_write
_close
_read
fsetpos
fopen
_get_stream_buffer_pointers
_fseeki64
fputs
feof
ungetc
_set_fmode
setvbuf
fgetpos
__p__commode
_open
fgetc
ftell
fclose
fseek
__stdio_common_vfprintf
fflush
__acrt_iob_func
fgets
fwrite
fputc
_wfopen
_lseeki64
__stdio_common_vsprintf
fread
__stdio_common_vsscanf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcspn
isupper
strncmp
strcmp
_strdup
strncpy
strpbrk
strspn
tolower

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc
calloc
realloc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initterm
_get_initial_narrow_environment
_seh_filter_exe
__p___argc
_invalid_parameter_noinfo_noreturn
__p___argv
_getpid
_configure_narrow_argv
_cexit
exit
_c_exit
quick_exit
_initialize_narrow_environment
_beginthreadex
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_errno
_resetstkoflw
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo
__sys_nerr
strerror
terminate
_crt_atexit

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtod
strtol
strtoull
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64
_unlink
_fstat64
_lock_file
_access

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-math-l1-1-0

_dsign
cosf
fmodf
sinf
sqrtf
ceilf
acosf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

885d4fad9e7aa70a1f158c8d316046c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

msvcp140

d3d9

d3dx9_43

imm32

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 4.7MB - Virtual size: 4.7MB

.pdata Size: 51KB - Virtual size: 50KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 4.7MB - Virtual size: 4.7MB

.pdata
Size: 51KB - Virtual size: 50KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 4KB