C:\Users\circleci\project\_builds\vs-16-2019\xvclient\Release\libxvclient.pdb
Static task
static1
1 signatures
General
-
Target
msimg32.dll
-
Size
6.2MB
-
MD5
1cd3af0e73daf4ec0d18a21945d94b0c
-
SHA1
5756f5875365a49dae431ee32f34b5eecff6df83
-
SHA256
affc80fed0ad2b288db4fb25488b631302a7c26eed698cfc197c43e54886e250
-
SHA512
aacee19bc9f000f4d0f521582d576f11a29aaf46a9fc82d203bbf74f8f3e3cfab382690298ee90639d04ef1814ce5ed643aa520d807995a5f083196c0c8e7ce8
-
SSDEEP
98304:A6vth6HjL23qzZ0+ca29gjYCUP5zCmstJX3kkk5HDiTk:ltgL2dhEJX3kk4iTk
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource msimg32.dll
Files
-
msimg32.dll.dll windows:6 windows x86 arch:x86
a33923273a1fe81068d450fb4ecc633f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ws2_32
WSAGetLastError
WSACleanup
shutdown
WSARecv
WSASetLastError
gethostname
ntohs
send
recv
WSASocketW
WSASend
WSAIoctl
WSAStartup
setsockopt
select
listen
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
freeaddrinfo
getaddrinfo
ntohl
htons
htonl
WSAStringToAddressW
advapi32
RegCloseKey
RegisterEventSourceW
ReportEventW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
kernel32
IsValidCodePage
SetStdHandle
GetFileSizeEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetACP
GetDateFormatW
HeapAlloc
HeapFree
GetModuleFileNameW
ExitProcess
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetProcessHeap
HeapSize
WriteConsoleW
GetTimeFormatW
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsFree
VerSetConditionMask
CloseHandle
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsSetValue
VerifyVersionInfoA
MultiByteToWideChar
CreateWaitableTimerA
GetSystemTimeAsFileTime
Sleep
GetModuleHandleA
GetProcAddress
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
DeviceIoControl
MoveFileExW
AreFileApisANSI
FreeLibrary
LoadLibraryW
GetVersionExA
GetTickCount
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetStringTypeW
InitializeSListHead
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
user32
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
Exports
Exports
AlphaBlend
??0IAresDnsDelegate@xc@@QAE@XZ
??0ICallbackHandler@xc@@QAE@XZ
??0IEventDelegate@xvca@xc@@QAE@XZ
??0IEvents@Analytics@xc@@QAE@XZ
??0IReceiver@Log@xc@@QAE@XZ
??0ISocketDelegate@xc@@QAE@XZ
??1CallbackHandler@xc@@UAE@XZ
??1IAresDnsDelegate@xc@@UAE@XZ
??1ICallbackHandler@xc@@UAE@XZ
??1IEventDelegate@xvca@xc@@UAE@XZ
??1IEvents@Analytics@xc@@UAE@XZ
??1IReceiver@Log@xc@@UAE@XZ
??1ISocketDelegate@xc@@UAE@XZ
??_7CallbackHandler@xc@@6BIEventDelegate@xvca@1@@
??_7CallbackHandler@xc@@6BIEvents@Analytics@1@@
??_7CallbackHandler@xc@@6BIReceiver@Log@1@@
??_7CallbackHandler@xc@@6BISocketDelegate@1@@
??_7IAresDnsDelegate@xc@@6B@
??_7ICallbackHandler@xc@@6BIEventDelegate@xvca@1@@
??_7ICallbackHandler@xc@@6BIEvents@Analytics@1@@
??_7ICallbackHandler@xc@@6BIReceiver@Log@1@@
??_7ICallbackHandler@xc@@6BISocketDelegate@1@@
??_7IEventDelegate@xvca@xc@@6B@
??_7IEvents@Analytics@xc@@6B@
??_7IReceiver@Log@xc@@6B@
??_7ISocketDelegate@xc@@6B@
?ActivationStateChanged@CallbackHandler@xc@@UBEXW4xc_activation_state@@W4xc_client_reason@@@Z
?AddAPIEvent@CallbackHandler@xc@@UAEXABW4APIRequestType@Analytics@2@ABW4xc_client_reason@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddAnalyticsEvent@CallbackHandler@xc@@UAEXABV?$FiniteString@$0BK@@Analytics@2@ABW4xc_client_reason@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddFilesystemEvent@CallbackHandler@xc@@UAEXABW4FilesystemEventType@Analytics@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1@Z
?AddXvcaAnalyticsEvent@CallbackHandler@xc@@UAEXABW4XvcaEventType@Analytics@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AutoUpdateChanged@CallbackHandler@xc@@UBEXXZ
?ConnStatusChanged@CallbackHandler@xc@@UBEXXZ
?IconsChanged@CallbackHandler@xc@@UBEXXZ
?InAppMessagesChanged@CallbackHandler@xc@@UBEXXZ
?LatestAppChanged@CallbackHandler@xc@@UBEXXZ
?Log@CallbackHandler@xc@@UBEXW4xc_log_level@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PostSocketCreate@CallbackHandler@xc@@UAE_NIW4xc_socket_type@@@Z
?PreSocketClose@CallbackHandler@xc@@UAE_NI@Z
?RefreshDone@CallbackHandler@xc@@UBEXXZ
?S_NullAnalyticsEvent@CallbackHandler@xc@@CAXPAXPBDW4xc_client_reason@@1@Z
?S_NullLog@CallbackHandler@xc@@CAXPAXW4xc_log_level@@PBD@Z
?S_NullPostSocketCreate@CallbackHandler@xc@@CA_NPAXIW4xc_socket_type@@@Z
?S_NullPreSocketClose@CallbackHandler@xc@@CA_NPAXI@Z
?S_NullXvcaEvent@CallbackHandler@xc@@CAXPAXPBD@Z
?SmartLocationChanged@CallbackHandler@xc@@UBEXXZ
?SubscriptionChanged@CallbackHandler@xc@@UBEXXZ
?VpnConnectionRecommendationsChanged@CallbackHandler@xc@@UBEXXZ
?VpnRootChanged@CallbackHandler@xc@@UBEXXZ
?XvcaEvent@CallbackHandler@xc@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?current_completion@custom_tracking@@SAPAPAUcompletion@1@XZ
xc_activation_request_delete
xc_activation_request_device_information_delete
xc_activation_request_device_information_new
xc_activation_request_device_information_set_bios_id
xc_activation_request_device_information_set_manufacturer
xc_activation_request_device_information_set_oem
xc_activation_request_device_information_set_platform
xc_activation_request_set_device_information
xc_activation_request_set_google_iap_purchase_token
xc_activation_request_set_iap_aware
xc_activation_request_set_idfa
xc_activation_request_set_installation_id_signature
xc_activation_request_set_receipt
xc_activation_request_set_referrer
xc_activation_request_set_search_ads_json
xc_activation_request_set_utm_campaign
xc_auto_update_delete
xc_auto_update_get_installer_size
xc_auto_update_get_installer_url
xc_auto_update_get_version
xc_client_activate
xc_client_cancel_activation
xc_client_cancel_support_ticket
xc_client_check_if_token_belongs_to_different_account
xc_client_copy_auto_update
xc_client_copy_credentials
xc_client_copy_diagnostics
xc_client_copy_favourites_list
xc_client_copy_in_app_message_list
xc_client_copy_info
xc_client_copy_last_known_non_vpn_conn_status
xc_client_copy_latest_app
xc_client_copy_recent_places_list
xc_client_copy_smart_location
xc_client_copy_subscription
xc_client_copy_vpn_root
xc_client_copy_vpn_root_full
xc_client_copy_xvca_info_json
xc_client_copy_xvca_mgr
xc_client_create_activation_request_code
xc_client_create_activation_request_free_trial
xc_client_create_activation_request_google_iap
xc_client_create_activation_request_magic_installer
xc_client_create_activation_request_magic_link
xc_client_create_activation_request_receipt
xc_client_create_activation_request_user_pass
xc_client_create_in_app_purchase_request
xc_client_create_tracking_event
xc_client_create_vpn_session
xc_client_create_web_sign_in_request
xc_client_delete
xc_client_fetch_conn_status
xc_client_fetch_credentials
xc_client_generate_speed_test_endpoints_for_all
xc_client_generate_speed_test_endpoints_for_continent
xc_client_generate_speed_test_endpoints_for_recommended
xc_client_generate_vpn_endpoints
xc_client_get_activation_state
xc_client_get_selected_vpn_protocol
xc_client_http_get_request
xc_client_in_app_purchase
xc_client_info_delete
xc_client_info_get_instances_last_refresh_time
xc_client_info_get_smart_location_algorithm_id
xc_client_info_get_smart_location_algorithm_version
xc_client_info_subscription_get_license_status
xc_client_info_subscription_get_status
xc_client_is_hacked
xc_client_iterate_places
xc_client_maybe_refresh
xc_client_network_changed
xc_client_new
xc_client_request_auto_update
xc_client_request_google_iap_obfuscated_account_id
xc_client_request_mfa_code
xc_client_reset_user_settings
xc_client_run
xc_client_send_set_password_email
xc_client_send_setup_devices_email
xc_client_send_tracking_event
xc_client_send_web_sign_in_request
xc_client_send_xvca_events
xc_client_set_email_address
xc_client_set_selected_vpn_protocol
xc_client_sign_in_with_web_token
xc_client_sign_out
xc_client_stop
xc_client_submit_speed_test_result
xc_client_submit_support_ticket
xc_client_update_google_iap_purchase_token
xc_client_update_in_app_purchase_receipt
xc_client_validate_mfa_code
xc_conn_status_delete
xc_conn_status_dup
xc_conn_status_get_asn
xc_conn_status_get_city
xc_conn_status_get_connection_type
xc_conn_status_get_country_code
xc_conn_status_get_ip
xc_conn_status_get_is_connected_to_vpn
xc_conn_status_get_isp
xc_conn_status_get_location_name
xc_conn_status_get_region
xc_continent_copy_country_list
xc_continent_delete
xc_continent_get_id
xc_continent_get_name
xc_continent_list_copy_item_at_index
xc_continent_list_delete
xc_continent_list_get_count
xc_country_copy_location_list
xc_country_delete
xc_country_dup
xc_country_get_code
xc_country_get_icon_path
xc_country_get_id
xc_country_get_name
xc_country_get_place_id
xc_country_list_copy_item_at_index
xc_country_list_delete
xc_country_list_get_count
xc_credentials_delete
xc_credentials_dup
xc_credentials_get_access_token
xc_free
xc_global_init
xc_global_user_agent
xc_in_app_message_delete
xc_in_app_message_get_button_text
xc_in_app_message_get_button_url
xc_in_app_message_get_id
xc_in_app_message_get_message
xc_in_app_message_list_copy_item_at_index
xc_in_app_message_list_delete
xc_in_app_message_list_get_count
xc_in_app_purchase_request_delete
xc_in_app_purchase_request_set_referrer
xc_in_app_purchase_request_set_utm_campaign
xc_in_app_purchase_request_set_utm_content
xc_in_app_purchase_request_set_utm_medium
xc_in_app_purchase_request_set_utm_source
xc_in_app_purchase_request_set_utm_term
xc_latest_app_delete
xc_latest_app_get_version_string
xc_latest_app_get_website_url
xc_location_delete
xc_location_dup
xc_location_get_icon_path
xc_location_get_id
xc_location_get_name
xc_location_get_place_id
xc_location_list_copy_item_at_index
xc_location_list_delete
xc_location_list_get_count
xc_network_type_to_string
xc_place_list_add_place
xc_place_list_contains_place
xc_place_list_delete
xc_place_list_remove_place
xc_speed_test_endpoint_delete
xc_speed_test_endpoint_get_ip
xc_speed_test_endpoint_get_location_id
xc_speed_test_endpoint_list_copy_item_at_index
xc_speed_test_endpoint_list_delete
xc_speed_test_endpoint_list_get_count
xc_subscription_current_payment_method
xc_subscription_delete
xc_subscription_get_billing_cycle
xc_subscription_get_experiment_value
xc_subscription_get_experiments
xc_subscription_get_expiration_time
xc_subscription_get_free_trial_status
xc_subscription_get_is_auto_bill
xc_subscription_get_is_business
xc_subscription_get_is_renewable
xc_subscription_get_is_satisfied
xc_subscription_get_play_store_obfuscated_id
xc_subscription_get_play_store_sku_at_index
xc_subscription_get_play_store_sku_list_size
xc_subscription_get_referral_dashboard_url
xc_subscription_get_referral_url
xc_subscription_get_subscription_id
xc_subscription_get_website_url
xc_subscription_is_email_address_set
xc_subscription_is_last_auto_bill_failure
xc_subscription_is_password_set
xc_subscription_is_using_in_app_purchase
xc_subscription_last_in_app_purchase_transaction_id
xc_subscription_original_in_app_purchase_transaction_id
xc_tracking_event_delete
xc_tracking_event_set_apple_search_ads_content
xc_tracking_event_set_deeplink_url
xc_tracking_event_set_device_model
xc_tracking_event_set_event_time
xc_tracking_event_set_install_time
xc_tracking_event_set_lat
xc_tracking_event_set_os_locale
xc_tracking_event_set_rdid
xc_tracking_event_set_referrer
xc_tracking_event_set_user_agent
xc_vpn_endpoint_are_equal
xc_vpn_endpoint_copy_config
xc_vpn_endpoint_copy_credentials
xc_vpn_endpoint_copy_description
xc_vpn_endpoint_copy_option
xc_vpn_endpoint_copy_shared_secret
xc_vpn_endpoint_credentials_delete
xc_vpn_endpoint_credentials_get_password
xc_vpn_endpoint_credentials_get_username
xc_vpn_endpoint_delete
xc_vpn_endpoint_get_host
xc_vpn_endpoint_get_ip
xc_vpn_endpoint_get_location_name
xc_vpn_endpoint_get_obfs_method_name
xc_vpn_endpoint_get_port
xc_vpn_endpoint_get_protocol
xc_vpn_endpoint_hash_code
xc_vpn_endpoint_list_copy_item_at_index
xc_vpn_endpoint_list_delete
xc_vpn_endpoint_list_get_count
xc_vpn_root_copy_continent_list
xc_vpn_root_copy_recommended_list
xc_vpn_root_delete
xc_vpn_session_delete
xc_vpn_session_disconnected
xc_vpn_session_heartbeat
xc_vpn_session_request_permission_to_connect
xc_web_sign_in_request_delete
xc_web_sign_in_request_set_device_name
xc_web_sign_in_request_set_os_name
xc_web_sign_in_request_set_os_version
xc_web_sign_in_token_delete
xc_xvca_manager_set_split_tunneling_applications
xc_xvca_mgr_accd_test_cancel
xc_xvca_mgr_accd_test_start
xc_xvca_mgr_begin_attempt
xc_xvca_mgr_begin_connection
xc_xvca_mgr_begin_session
xc_xvca_mgr_copy_current_attempt_id
xc_xvca_mgr_copy_current_connection_id
xc_xvca_mgr_copy_current_session_id
xc_xvca_mgr_delete
xc_xvca_mgr_end_attempt
xc_xvca_mgr_end_connection
xc_xvca_mgr_end_session
xc_xvca_mgr_init
xc_xvca_mgr_send_xvca_events
xc_xvca_mgr_set_battery_charge_percentage
xc_xvca_mgr_set_battery_optimisation_enabled
xc_xvca_mgr_set_device_idle_state
xc_xvca_mgr_set_dns_config_method
xc_xvca_mgr_set_enabled
xc_xvca_mgr_set_experiment_name
xc_xvca_mgr_set_network_lock_state
xc_xvca_mgr_set_network_reachability_state
xc_xvca_mgr_set_split_tunneling_mode
xvclient_version
Sections
.text Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 208KB - Virtual size: 244KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 891KB - Virtual size: 891KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ