Kainite+Free+Fn[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Kainite+Free+Fn.rar
Size

345KB
MD5

d774a2dabfefe285123c0e627a8e8c34
SHA1

3802f5711b8fc4cb5340fcb8315bffe626e5e55c
SHA256

5d91e04e0d82cc9ab123f5b64cfb7a20e2d2681da67a8ca7393bbd9174a075d6
SHA512

d011f9159b1386605af4191dea8fd39527d79ace582a09d1f9b4d8b648cb7852265402d142664ef4b731e00a75d96b8343d4d88ec240d3d82878dd9ce421177c
SSDEEP

6144:LNwgZtLNEQkFNGyqh0LXx8cuaY0wlhhKKSGpsyqh0LXx8cuaY0wlhhKKSGpL:BnUFNGyWahvuT0wluupsyWahvuT0wluA

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kainite Free Fn/Kainite Free Fn.exe
unpack001/Kainite Free Fn/driver.sys
unpack001/Kainite Free Fn/sinmapper.exe
unpack001/Kainite Free Fn/usermode.exe

Files

Kainite+Free+Fn.rar
.rar
Kainite Free Fn/Instructions.txt
Kainite Free Fn/Kainite Free Fn.exe
.exe windows:6 windows x64 arch:x64

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jacob\Downloads\kainite src\kainite src\kainite src\ioctl base updated by redshirtfan\build\usermode\usermode.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
CreateThread
lstrcmpiA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalFree
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
ReleaseSRWLockExclusive
GlobalAlloc
AcquireSRWLockExclusive
UnhandledExceptionFilter

user32

mouse_event
TranslateMessage
SetLayeredWindowAttributes
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
LoadIconA
CreateWindowExA
SetClipboardData
PeekMessageA
GetDesktopWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
ClientToScreen
RegisterClassExA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
memcpy
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
fwrite
ftell
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
_set_fmode
__p__commode
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

terminate
_c_exit
__p___argv
exit
__p___argc
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-math-l1-1-0

floorf
__setusermatherr
pow
ceilf
sqrt
sinf
powf
tanf
cosf
asin
atan2
sqrtf
fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kainite Free Fn/driver.sys
.sys windows:10 windows x64 arch:x64

f26d4d130d47de058333610b89631dea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jacob\Downloads\kainite src\kainite src\ioctl base updated by redshirtfan\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
ExAllocatePool
ExFreePoolWithTag
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmGetVirtualForPhysical
MmIsAddressValid
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.file0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kainite Free Fn/map.bat
Kainite Free Fn/sinmapper.exe
.exe windows:6 windows x64 arch:x64

8a90513de168671f9a043a271db13947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Damage\Downloads\SinMapper-main\SinMapper-main\SinMapper\x64\Release\SinMapper.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
CloseHandle
LoadLibraryA
CreateFileA
DeviceIoControl
GetCurrentProcess
LoadLibraryExA
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
GetLastError
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
CreateFileW
FormatMessageA
LocalFree
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

advapi32

RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

ntdll

NtLoadDriver
RtlInitAnsiString
NtUnloadDriver
RtlAnsiStringToUnicodeString
NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcpy
memcmp
memchr
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__p__commode
fgetc
fclose
fflush
fputc
_set_fmode
__stdio_common_vfprintf
__acrt_iob_func
fwrite

api-ms-win-crt-string-l1-1-0

_stricmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_beginthreadex
_initialize_narrow_environment
_configure_narrow_argv
terminate
_initialize_onexit_table

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kainite Free Fn/usermode.exe
.exe windows:6 windows x64 arch:x64

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jacob\Downloads\kainite src\kainite src\kainite src\ioctl base updated by redshirtfan\build\usermode\usermode.pdb

Imports

d3d9

Direct3DCreate9Ex

kernel32

GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
CreateThread
lstrcmpiA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalFree
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
ReleaseSRWLockExclusive
GlobalAlloc
AcquireSRWLockExclusive
UnhandledExceptionFilter

user32

mouse_event
TranslateMessage
SetLayeredWindowAttributes
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
LoadIconA
CreateWindowExA
SetClipboardData
PeekMessageA
GetDesktopWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
ClientToScreen
RegisterClassExA
UpdateWindow
SendInput
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memset
__C_specific_handler
memcpy
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
fwrite
ftell
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
_set_fmode
__p__commode
_wfopen

api-ms-win-crt-string-l1-1-0

strncpy
isprint
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

terminate
_c_exit
__p___argv
exit
__p___argc
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit

api-ms-win-crt-math-l1-1-0

floorf
__setusermatherr
pow
ceilf
sqrt
sinf
powf
tanf
cosf
asin
atan2
sqrtf
fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

imm32

msvcp140

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 230KB - Virtual size: 230KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 412B

f26d4d130d47de058333610b89631dea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 152B

.pdata Size: 512B - Virtual size: 216B

INIT Size: 1024B - Virtual size: 602B

.file0 Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

8a90513de168671f9a043a271db13947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 272B

f8eeea5427b974c353f6591da8a73e50

Headers

DLL Characteristics

File Characteristics

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 152B

.pdata
Size: 512B - Virtual size: 216B

INIT
Size: 1024B - Virtual size: 602B

.file0
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 272B

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 412B