AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
Static task
static1
1 signatures
General
-
Target
live.exe
-
Size
84.1MB
-
MD5
85ff9450b0be67720dd0a9f326f34334
-
SHA1
98e0329516bcbd80716f18549af2be8867f419a3
-
SHA256
40c85a4c37e2c55360544f530dbc8d61cbf0be6d1bb567025a99ebf3d99ca968
-
SHA512
7d455c58b5393ac77540a00566bb96650a749185f07f9c616a3cd79d4ef4ad6d34f133583a4821b4838684683454950389e7f73938a7650efab1eb15eaef2251
-
SSDEEP
786432:2XH+3n6KrjTXywUy9xj3gJG2VjsFa2DYnkfFMFebdq39kYgHve1:2X+3hrjTXywUy9xj3gJvIFafUMsOkY/1
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource live.exe
Files
-
live.exe.exe windows:4 windows x64 arch:x64
1414bd7a6367e1d5df54c1a1b2cd3d14
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
AdjustTokenPrivileges
GetCurrentHwProfileA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
avrt
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
bcrypt
BCryptGenRandom
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CryptBinaryToStringA
dinput8
DirectInput8Create
dwmapi
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
dwrite
DWriteCreateFactory
dxgi
CreateDXGIFactory1
gdi32
BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetPixel
GetStockObject
GetTextExtentPoint32W
Rectangle
SelectObject
SetDIBitsToDevice
SetPixelFormat
SwapBuffers
imm32
ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
iphlpapi
GetAdaptersAddresses
GetBestInterfaceEx
kernel32
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CompareFileTime
CompareStringOrdinal
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkW
CreateThread
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCommandLineW
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFinalPathNameByHandleW
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetStdHandle
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadContext
GetThreadId
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetUserGeoID
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
K32GetPerformanceInfo
K32GetProcessMemoryInfo
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
LocaleNameToLCID
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PowerClearRequest
PowerCreateRequest
PowerSetRequest
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
__C_specific_handler
lstrlenW
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_chsize
_commode
_endthreadex
_errno
_filelengthi64
_fileno
fwprintf
_fmode
_fstat64
_get_osfhandle
_getpid
_gmtime64
_hypot
_initterm
_itoa_s
_lock
_lseeki64
_onexit
_scprintf
_set_error_mode
_setjmp
_snprintf
_strdup
_stricmp
_time64
_timezone
_tzname
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfopen_s
_wfsopen
_wgetcwd
_wgetenv
_wrename
_wrmdir
_wstat64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
isspace
tanh
iswctype
isxdigit
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
qsort
rand
realloc
remove
rewind
setbuf
setlocale
setvbuf
signal
sinh
srand
strcat
strcat_s
strchr
strcmp
strcoll
strcpy
strcpy_s
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcscpy
wcscpy_s
wcsftime
wcslen
wcstol
wcstombs
wcsxfrm
_strtoui64
_strtoi64
_vsnprintf_s
_nextafter
_write
_stricmp
_strdup
_read
_memicmp
_fileno
_fdopen
ntdll
NtQueryInformationFile
ole32
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear
oleaut32
SysAllocString
SysFreeString
VariantInit
shell32
CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHCreateItemFromParsingName
SHFileOperationW
SHGetKnownFolderPath
SHGetPropertyStoreForWindow
SetCurrentProcessExplicitAppUserModelID
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
shlwapi
QISearch
SHStrDupW
user32
ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallNextHookEx
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateCaret
CreateIconFromResource
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamW
DispatchMessageW
DisplayConfigGetDeviceInfo
DrawTextW
EmptyClipboard
EndDialog
EnumDisplayMonitors
EnumDisplaySettingsW
FillRect
FlashWindowEx
GetAsyncKeyState
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetDisplayConfigBufferSizes
GetDlgItem
GetDoubleClickTime
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenuItemCount
GetMenuItemInfoW
GetMenuItemRect
GetMessageExtraInfo
GetMessageTime
GetMonitorInfoA
GetMonitorInfoW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetWindowDC
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
IsClipboardFormatAvailable
IsIconic
IsProcessDPIAware
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyA
MapVirtualKeyExA
MessageBoxW
MonitorFromWindow
MoveWindow
OffsetRect
OpenClipboard
PeekMessageW
PostMessageA
QueryDisplayConfig
RegisterClassExW
RegisterClassW
RegisterClipboardFormatA
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageA
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemInfoW
SetTimer
SetWindowLongPtrA
SetWindowLongPtrW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
ToUnicodeEx
TrackMouseEvent
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
WindowFromDC
WindowFromPoint
winmm
midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod
ws2_32
WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton
wsock32
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
Exports
Exports
Sections
.text Size: 63.2MB - Virtual size: 63.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 297KB - Virtual size: 297KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 13.4MB - Virtual size: 13.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pck Size: 3.9MB - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1.8MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 159B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 52KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 350KB - Virtual size: 350KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ