AutoGpuAffinity[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AutoGpuAffinity.zip
Size

12.4MB
MD5

b3f1986e90e8b6022f806d9656ba6d45
SHA1

fca7b400cf009718c731df21178be7ffdef4325a
SHA256

89255ba22066f48755f79a1203e71694a28f4c54b41205957626a603a1964101
SHA512

43993bce3605935d9d7358df4d687e6105f836a32f407737c727ca8a1a612acfd4de586b66ccaf7aeeecb83262c38b654517739138518cf8bcb736fef1cfe732
SSDEEP

196608:/N/my4wWbVi09a6X/xVJXPfqeDRGmP9oZ0lW20Kdf1wNffdefKaPwFIfX2:90b5VVCKRGu9w0o20K09cob

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/AutoGpuAffinity/AutoGpuAffinity.exe	pyinstaller

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AutoGpuAffinity/AutoGpuAffinity.exe
unpack001/AutoGpuAffinity/bin/D3D9-benchmark.exe
unpack001/AutoGpuAffinity/bin/PresentMon/PresentMon-1.10.0-x64.exe
unpack001/AutoGpuAffinity/bin/PresentMon/PresentMon-1.6.0-x64.exe
unpack001/AutoGpuAffinity/bin/liblava/lava-triangle.exe
unpack001/AutoGpuAffinity/bin/restart64/restart64.exe

Files

AutoGpuAffinity.zip
.zip
AutoGpuAffinity/AutoGpuAffinity.exe
.exe windows:5 windows x64 arch:x64

5bc16b5845145eb0edb88983820691b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetWindowThreadProcessId
ShowWindow

kernel32

GetModuleFileNameW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
FormatMessageW
Sleep
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
GetLastError
WriteConsoleW
SetEndOfFile
WaitForSingleObject
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.pyc
AutoGpuAffinity/bin/D3D9-benchmark.exe
.exe windows:6 windows x64 arch:x64

1d1c6619283850f5eccab312c8c8778d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\repos\Benchmark-DirectX9\x64\Release\Benchmark DirectX9.pdb

Imports

d3d9

Direct3DCreate9

kernel32

GetCurrentProcessId
SetPriorityClass
GetCurrentProcess
GetProcessAffinityMask
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent

user32

GetSystemMetrics
DestroyWindow
CreateWindowExW
ShowCursor
PostQuitMessage
SetCursor
LoadCursorW
RegisterRawInputDevices
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
GetRawInputData
DefWindowProcW

vcruntime140

memcpy
__C_specific_handler
__current_exception
__current_exception_context
memset

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_c_exit
_initterm_e
exit
_initterm
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
__p___argc
_exit
_get_initial_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity/bin/PresentMon/LICENSE.txt
AutoGpuAffinity/bin/PresentMon/PresentMon-1.10.0-x64.exe
.exe windows:6 windows x64 arch:x64

8820879eff6ea945ebe2e0cbc63f8000

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\etw\PresentMon\build\release\PresentMon-1.10.0-x64.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
GetStdHandle
GetFileSizeEx
SetConsoleTextAttribute
WriteFile
SetConsoleWindowInfo
GetConsoleMode
FillConsoleOutputCharacterW
ReadConsoleOutputW
ScrollConsoleScreenBufferW
GetFileType
SetConsoleCursorPosition
WriteConsoleOutputCharacterW
SetThreadPriority
GetCurrentThread
SetConsoleCtrlHandler
LoadLibraryExA
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenProcess
CloseHandle
DeleteCriticalSection
QueryFullProcessImageNameW
QueryPerformanceCounter
GetExitCodeProcess
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetLastError
GetProcAddress
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
WriteConsoleW
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
HeapReAlloc
HeapSize
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
ReadFile
ReadConsoleW
CreateFileW
SetEndOfFile

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity/bin/PresentMon/PresentMon-1.6.0-x64.exe
.exe windows:6 windows x64 arch:x64

17f3247fa6593e2577a42f20ebffdf43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\PresentMon\build\Release\PresentMon-1.6.0-x64.pdb

Imports

advapi32

ProcessTrace
CloseTrace
StartTraceA
ControlTraceW
EnableTraceEx2
OpenTraceA
ControlTraceA

shell32

ShellExecuteExA

shlwapi

PathFindFileNameA

user32

DefWindowProcW
GetKeyState
GetMessageExtraInfo
PostMessageW
GetMessageW
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
SetTimer
RegisterHotKey
TranslateMessage
KillTimer
SendInput
DestroyWindow

kernel32

CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleOutputCharacterA
SetConsoleCursorPosition
SetThreadPriority
GetCurrentThread
SetConsoleCtrlHandler
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OpenProcess
QueryFullProcessImageNameA
CloseHandle
DeleteCriticalSection
QueryPerformanceCounter
GetExitCodeProcess
GetModuleFileNameA
GetCurrentProcess
WaitForSingleObject
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThreadId
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
WriteConsoleW
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
TlsGetValue
FindNextFileA
FindFirstFileExA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitThread
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindClose

tdh

TdhGetPropertySize
TdhGetEventInformation

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity/bin/liblava/LICENSE.txt
AutoGpuAffinity/bin/liblava/lava-triangle.exe
.exe windows:6 windows x64 arch:x64

86673b098e8c0e572febf660aa669870

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken

shell32

DragFinish
DragQueryPoint
DragAcceptFiles
DragQueryFileW
SHGetFolderPathW

kernel32

TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
VerSetConditionMask
GetLastError
GetModuleHandleExW
FormatMessageW
FreeLibrary
GetProcAddress
LoadLibraryA
FlushFileBuffers
GetFileAttributesA
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDriveTypeA
GetFileAttributesExW
ReadFile
RemoveDirectoryW
SetFilePointerEx
CreateFile2
GetVolumeInformationA
CloseHandle
SetErrorMode
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileInformationByHandleEx
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AreFileApisANSI
SetFileInformationByHandle
FindFirstFileW
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
TerminateProcess
SetThreadExecutionState
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventA

user32

SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
WindowFromPoint
ClipCursor
AdjustWindowRectEx
CreateWindowExA
RegisterClassExA
UnregisterClassA
GetMessageW
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
GetWindowRect
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
GetClientRect
GetDC
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetWindowTextW
RemovePropW
GetPropW
SetPropW
UnregisterClassW
ReleaseDC
OpenClipboard
SetRect
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessageTime
SendMessageW
PostMessageW
WaitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
FlashWindow
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
SetFocus
GetActiveWindow
GetKeyState
MapVirtualKeyW
SetCapture

gdi32

CreateRectRgn
DeleteObject
CreateDIBSection
CreateDCW
DeleteDC
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
CreateBitmap

msvcp140

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Cnd_signal
_Cnd_destroy_in_situ
_Thrd_id
_Thrd_join
?id@?$numpunct@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?fail@ios_base@std@@QEBA_NXZ
?bad@ios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

vcruntime140

memcpy
__std_terminate
_CxxThrowException
memcmp
memmove
memset
strstr
__std_exception_destroy
__current_exception_context
__current_exception
__C_specific_handler
strrchr
strchr
_purecall
__std_exception_copy
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_exe
_initterm
_initterm_e
exit
_exit
_errno
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_set_app_type

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_aligned_realloc
realloc
calloc
malloc
_callnewh
_set_new_mode
free
_aligned_free

api-ms-win-crt-math-l1-1-0

cos
sqrtf
tanf
cosf
ceilf
acosf
sin
_ldclass
_fdclass
_dclass
_dsign
sinf
powf
ldexp
fmodf
__setusermatherr

api-ms-win-crt-string-l1-1-0

strncmp
isspace
strcmp
strspn
strcspn
strncpy
isdigit

api-ms-win-crt-stdio-l1-1-0

fopen_s
feof
ferror
_fseeki64
fgetc
fsetpos
fgetpos
_get_stream_buffer_pointers
setvbuf
ungetc
_set_fmode
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
fputc
_fsopen
__stdio_common_vsnprintf_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtod
strtoull
strtol

api-ms-win-crt-time-l1-1-0

_mktime64
_gmtime64_s
_localtime64_s
strftime
_localtime64

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_mkdir

Sections

.text
Size: 930KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity/bin/restart64/LICENSE.txt
AutoGpuAffinity/bin/restart64/restart64.exe
.exe windows:5 windows x64 arch:x64

2a69fe822ced9bf301916c1307e497a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
HeapReAlloc
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
SetStdHandle
GetStringTypeW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WriteConsoleW
CreateFileW
IsWow64Process
GetModuleFileNameW
Sleep
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetStartupInfoW
TerminateProcess
OpenProcess
GetCurrentProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
LCMapStringW
EnterCriticalSection
GetLastError
HeapFree
HeapAlloc
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
DecodePointer
HeapSetInformation
GetVersion
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FlushFileBuffers

user32

SetWindowPlacement
GetWindowRect
EnumWindows
GetWindowPlacement
SetWindowPos
ShowWindow
IsWindowVisible
SetForegroundWindow
DialogBoxParamW
OpenInputDesktop
FindWindowW
GetClientRect
CloseDesktop
EndDialog
FindWindowExW
MessageBoxW
UnregisterHotKey
RegisterHotKey
GetWindowThreadProcessId
GetShellWindow
PostMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegRenameKey
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CreateProcessWithTokenW
OpenProcessToken
RegSetValueExW

setupapi

SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutoGpuAffinity/config.ini

Sharing

General

Malware Config

Signatures

Files

5bc16b5845145eb0edb88983820691b1

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 3KB - Virtual size: 28KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 2KB - Virtual size: 1KB

1d1c6619283850f5eccab312c8c8778d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 420B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 52B

8820879eff6ea945ebe2e0cbc63f8000

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

17f3247fa6593e2577a42f20ebffdf43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

shlwapi

user32

kernel32

tdh

Sections

.text Size: 307KB - Virtual size: 307KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 24KB

.pdata Size: 19KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

86673b098e8c0e572febf660aa669870

Headers

DLL Characteristics

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 3KB - Virtual size: 28KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 420B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 52B

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 307KB - Virtual size: 307KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 24KB

.pdata
Size: 19KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 930KB - Virtual size: 930KB

.rdata
Size: 341KB - Virtual size: 341KB

.data
Size: 36KB - Virtual size: 55KB

.pdata
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 521KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB