source+(4)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

source+(4).rar
Size

4.5MB
MD5

97b6f63b26456b2d2307f7076e699071
SHA1

9fa2d3c6cb494970211dbb1b494c78888f0a39d2
SHA256

bf4e2d7ab5b57825500b93decee01376fefff01131330c2bea88231cef088328
SHA512

57800539a14bc558d3b1d822a88f2c1c4ff58012c67b0d38ef3b6d62867929fc743350631c40a39220681d8d8375c2175b284da66103682fa4d3f1cb20e7efc2
SSDEEP

98304:vqNu8i0gw2bsXDlv3ZohWhSmHY8ZsC9tGdb9jMVxHWX0kgDfG:vqbi0g3wR3ZohWAh8ZsI0RMV9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/source (4)/driver.sys
unpack001/source (4)/null.sys
unpack001/source (4)/x64/Fortnite External.exe
unpack001/source (4)/x64/driver.sys
unpack001/source (4)/x64/mapperRelease.exe

Files

source+(4).rar
.rar
source (4)/driver.sys
.sys windows:10 windows x64 arch:x64

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\admin\Documents\base\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
MmIsAddressValid
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source (4)/null.sys
.sys windows:10 windows x64 arch:x64

f1b779fce1420e3923c2781f3a1debbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

ntoskrnl.exe

strstr
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
ObfDereferenceObject
ObReferenceObjectByName
ZwQuerySystemInformation
IoDriverObjectType

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source (4)/prv slot.sln
source (4)/reverse/Driver/defs.h
source (4)/reverse/Driver/driver.h
source (4)/reverse/FVector.h
source (4)/reverse/Imgui/imconfig.h
source (4)/reverse/Imgui/imgui.cpp
source (4)/reverse/Imgui/imgui.h
source (4)/reverse/Imgui/imgui_demo.cpp
source (4)/reverse/Imgui/imgui_draw.cpp
source (4)/reverse/Imgui/imgui_impl_dx9.cpp
source (4)/reverse/Imgui/imgui_impl_dx9.h
source (4)/reverse/Imgui/imgui_impl_win32.cpp
source (4)/reverse/Imgui/imgui_impl_win32.h
source (4)/reverse/Imgui/imgui_internal.h
source (4)/reverse/Imgui/imgui_widgets.cpp
.vbs
source (4)/reverse/Imgui/imstb_rectpack.h
source (4)/reverse/Imgui/imstb_textedit.h
source (4)/reverse/Imgui/imstb_truetype.h
source (4)/reverse/Keybind.h
source (4)/reverse/Main.cpp
source (4)/reverse/Main.h
source (4)/reverse/Options.h
source (4)/reverse/Print.hpp
source (4)/reverse/Skicript.hpp
source (4)/reverse/antidebugger.h
source (4)/reverse/d3d9_x.h
source (4)/reverse/directx9/d3dx9.h
source (4)/reverse/directx9/d3dx9.lib
source (4)/reverse/directx9/d3dx9anim.h
source (4)/reverse/directx9/d3dx9core.h
source (4)/reverse/directx9/d3dx9effect.h
source (4)/reverse/directx9/d3dx9math.h
source (4)/reverse/directx9/d3dx9math.inl
source (4)/reverse/directx9/d3dx9mesh.h
source (4)/reverse/directx9/d3dx9shader.h
source (4)/reverse/directx9/d3dx9shape.h
source (4)/reverse/directx9/d3dx9tex.h
source (4)/reverse/directx9/d3dx9xof.h
source (4)/reverse/icon.h
source (4)/reverse/icons1.h
source (4)/reverse/libcurl.lib
source (4)/reverse/offsets.h
source (4)/reverse/prv slot.vcxproj
.ps1
source (4)/reverse/prv slot.vcxproj.user
source (4)/reverse/resource.h
source (4)/reverse/reverse.aps
source (4)/reverse/reverse.rc
source (4)/reverse/reverse.vcxproj.filters
source (4)/reverse/reverse.vcxproj.user
source (4)/reverse/stb_image.h
source (4)/reverse/ud.h
source (4)/reverse/x64/Release/Fortnite External.exe.recipe
source (4)/reverse/x64/Release/Fortnite External.iobj
source (4)/reverse/x64/Release/Fortnite External.ipdb
source (4)/reverse/x64/Release/Main.obj
source (4)/reverse/x64/Release/fuck nigga.tlog/CL.command.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/CL.read.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/CL.write.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/Cl.items.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/fuck nigga.lastbuildstate
source (4)/reverse/x64/Release/fuck nigga.tlog/link.command.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/link.read.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/link.secondary.1.tlog
source (4)/reverse/x64/Release/fuck nigga.tlog/link.write.1.tlog
source (4)/reverse/x64/Release/imgui.obj
source (4)/reverse/x64/Release/imgui_draw.obj
source (4)/reverse/x64/Release/imgui_impl_dx9.obj
source (4)/reverse/x64/Release/imgui_impl_win32.obj
source (4)/reverse/x64/Release/imgui_widgets.obj
source (4)/reverse/x64/Release/prv slot.log
source (4)/reverse/x64/Release/vc143.pdb
source (4)/reverse/xor.hpp
source (4)/reverse/xstring.h
source (4)/x64/Fortnite External.exe
.exe windows:6 windows x64 arch:x64

0dc196ddf87069b0839318fd5d7c0839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
CreateFileW
Beep
CloseHandle
DeviceIoControl
Sleep
CreateThread
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
SetConsoleTextAttribute
GlobalFree
SetConsoleTitleA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalLock
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalUnlock
GlobalAlloc
ReleaseSRWLockExclusive

user32

GetWindowLongA
GetWindowRect
SetLayeredWindowAttributes
GetForegroundWindow
UpdateWindow
GetSystemMetrics
mouse_event
GetAsyncKeyState
SetWindowDisplayAffinity
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
FindWindowA
PostQuitMessage
GetWindow
PeekMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongW
DefWindowProcA

gdi32

GetStockObject

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??7ios_base@std@@QEBA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Random_device@std@@YAIXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

d3d9

Direct3DCreate9Ex

vcruntime140

__current_exception
__current_exception_context
memmove
_CxxThrowException
memcmp
memchr
__std_exception_destroy
__C_specific_handler
__std_terminate
__std_exception_copy
strstr
memset
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

isprint
strcmp
strncpy
strlen

api-ms-win-crt-stdio-l1-1-0

fread
__p__commode
fgetpos
_fseeki64
fsetpos
setvbuf
ungetc
_set_fmode
fputc
fgetc
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
fflush
fclose
_wfopen
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
ftell
fseek
_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

atan2
fabs
fmodf
tanf
asin
powf
pow
atan2f
ceilf
sqrtf
sinf
floorf
cosf
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_crt_atexit
_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
terminate
_cexit
exit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
system
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

SetLayeredWindow
SetWindowLongV

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 474KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source (4)/x64/driver.sys
.sys windows:10 windows x64 arch:x64

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\admin\Documents\base\build\driver\driver.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
MmUnmapIoSpace
MmMapIoSpaceEx
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmGetPhysicalMemoryRanges
MmCopyMemory
MmGetVirtualForPhysical
MmIsAddressValid
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress
ZwQuerySystemInformation

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source (4)/x64/mapperRelease.exe
.exe windows:6 windows x64 arch:x64

c60db94b215a68469c8288f812a68181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\inc\Desktop\mapper\x64\Release\mapperRelease.pdb

Imports

kernel32

CloseHandle
GetProcAddress
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
GetModuleHandleA
SetUnhandledExceptionFilter
GetTempPathW
FormatMessageA
GetLocaleInfoEx
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
Process32FirstW
VirtualFree
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LocalFree

user32

GetShellWindow
GetWindowThreadProcessId

advapi32

RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??Bid@locale@std@@QEAA_KXZ

ntdll

NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__C_specific_handler
wcsstr
__std_exception_copy
__std_exception_destroy
memcmp
_CxxThrowException
__current_exception_context
__current_exception
__std_terminate
memset
memmove

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_fseeki64
fread
fsetpos
_get_stream_buffer_pointers
__p__commode
fputc
setvbuf
fgetpos
fwrite
ungetc
fflush
fgetc
fclose

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wremove
_unlock_file

api-ms-win-crt-string-l1-1-0

_wcsicmp
_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
__p___wargv
__p___argc
_invalid_parameter_noinfo_noreturn
_crt_atexit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
abort
_exit
terminate
_c_exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 128B

.pdata Size: 512B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 664B

.reloc Size: 512B - Virtual size: 36B

f1b779fce1420e3923c2781f3a1debbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 1020B

.data Size: 512B - Virtual size: 16B

.pdata Size: 512B - Virtual size: 108B

INIT Size: 512B - Virtual size: 298B

.reloc Size: 512B - Virtual size: 20B

0dc196ddf87069b0839318fd5d7c0839

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

imm32

msvcp140

d3d9

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 474KB - Virtual size: 478KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

a673f839deae5b29b0e8a0fe26dfcd36

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 128B

.pdata Size: 512B - Virtual size: 192B

INIT Size: 1024B - Virtual size: 664B

.reloc Size: 512B - Virtual size: 36B

c60db94b215a68469c8288f812a68181

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 128B

.pdata
Size: 512B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 664B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1020B

.data
Size: 512B - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 108B

INIT
Size: 512B - Virtual size: 298B

.reloc
Size: 512B - Virtual size: 20B

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 474KB - Virtual size: 478KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 128B

.pdata
Size: 512B - Virtual size: 192B

INIT
Size: 1024B - Virtual size: 664B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 264B