shika[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

shika.zip
Size

3.6MB
MD5

86cab226f4355dea5cf24b24b60b477c
SHA1

f721307a9907fe55411ff7553f28417e6c01f760
SHA256

9398a03094af216315a2fda0dea941d346c92dfa762fe90c071758fdb798e822
SHA512

381e25789a9ea8109c18a2736037444db6ea438f332ddaba28e0305f4a9b72e7c75f26d698e0fa7df7735831188f6c20096fceb5d284aa67cc02beb8ce014137
SSDEEP

98304:DNi8bFkklKLws6CUKw2R6dyoFFktErrHAIK2j22QKi7BD:DN+k8Lp6rK57oEt+L22QF7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/shika/launcher.exe
unpack001/shika/shika.dll

Files

shika.zip
.zip

Password: shika
shika/config.json
shika/imgui.ini
shika/launcher.exe
.exe windows:6 windows x64 arch:x64

Password: shika

470fdb0c1d3ab5d333d05e9f6901db10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\EtoShinya\source\repos\shika\x64\Release\launcher.pdb

Imports

kernel32

GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
GetCurrentProcess
ResumeThread
Sleep
VirtualAllocEx
GetLastError
LocalFree
FormatMessageA
GetCurrentDirectoryW
CloseHandle
GetProcAddress
WaitForSingleObject
WriteProcessMemory
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

comdlg32

GetOpenFileNameA

advapi32

OpenProcessToken
CreateProcessAsUserA

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strcoll
?_Syserror_map@std@@YAPEBDH@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
memchr
memmove
__current_exception_context
memset
__std_terminate
__std_exception_destroy
__std_exception_copy
strchr
__C_specific_handler
_CxxThrowException
__current_exception

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fflush
_fseeki64
_get_stream_buffer_pointers
fclose
fgetc
__stdio_common_vfprintf
fread
fsetpos
fwrite
__stdio_common_vsprintf
__p__commode
fgetpos
setvbuf
fputc
__acrt_iob_func
ungetc

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
realloc
malloc

api-ms-win-crt-math-l1-1-0

_dsign
__setusermatherr
_dclass

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtod

api-ms-win-crt-runtime-l1-1-0

__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_errno
_crt_atexit
_register_thread_local_exe_atexit_callback
system
_cexit
_seh_filter_exe
_c_exit
__p___argv
_set_app_type
_get_initial_narrow_environment
_initterm
_invalid_parameter_noinfo_noreturn
terminate
_initterm_e
exit
_exit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shika/shika.dll
.dll windows:6 windows x64 arch:x64

Password: shika

5ebc2e9b6b36f496b4e147e6278249f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetStdHandle
VirtualProtect
GetCurrentProcess
CreateFileW
Sleep
CloseHandle
GetProcAddress
GetCurrentProcessId
lstrcmpiW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
GetLastError
FormatMessageA
SetConsoleMode
GetConsoleMode
CreateThread
AllocConsole
GetCurrentThreadId
QueueUserAPC
OpenThread
ReleaseSRWLockShared
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
LoadResource
SetLastError
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
GetLocaleInfoEx
LockResource
FindResourceA
SizeofResource
GetConsoleWindow
ExitProcess
GetTickCount64
ReleaseSRWLockExclusive
GetModuleHandleA
GetModuleFileNameA
SetConsoleTextAttribute
GetCurrentThread
SuspendThread
AreFileApisANSI
AcquireSRWLockShared
AcquireSRWLockExclusive

user32

ReleaseCapture
FindWindowA
GetKeyState
GetMessageExtraInfo
LoadCursorA
ShowWindow
EnumWindows
GetClassNameA
GetWindowThreadProcessId
GetCursorPos
RegisterClassExA
SetWindowLongPtrA
CreateWindowExA
DefWindowProcA
CallWindowProcA
ScreenToClient
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
GetCapture
ClientToScreen
TrackMouseEvent
SetCursorPos
OpenClipboard
GetKeyboardLayout
IsWindowUnicode
GetForegroundWindow
GetClientRect
SetCursor
SetCapture

shell32

ShellExecuteA

msvcp140

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??_7_Facet_base@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
??_7facet@locale@std@@6B@
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Facet_base@std@@UEAA@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$ctype@D@std@@2V0locale@2@A
??_7codecvt_base@std@@6B@
_Xtime_get_ticks
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
??1codecvt_base@std@@UEAA@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Query_perf_frequency
_Query_perf_counter
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtQuerySection
NtProtectVirtualMemory
RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140

__std_exception_destroy
__std_exception_copy
_purecall
__RTDynamicCast
memcpy
memchr
memcmp
memmove
__intrinsic_setjmp
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
strrchr
longjmp
strchr
memset
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
realloc
_callnewh
calloc
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm_e
_errno
system
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo
_register_onexit_function
strerror
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
abort
exit

api-ms-win-crt-stdio-l1-1-0

fputc
fflush
fclose
fgetc
fwrite
tmpnam
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
_ftelli64
_popen
tmpfile
__stdio_common_vsprintf
_pclose
clearerr
__stdio_common_vsprintf_s
ftell
fseek
feof
getc
fopen
ferror
freopen
__acrt_iob_func
__stdio_common_vfprintf
_wfopen
__stdio_common_vsscanf
fgets

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename
remove

api-ms-win-crt-string-l1-1-0

isblank
isspace
tolower
strncpy
iscntrl
isalpha
strspn
ispunct
isdigit
strcmp
islower
isgraph
isupper
strcoll
strpbrk
isxdigit
strncmp
toupper
isalnum

api-ms-win-crt-math-l1-1-0

_fdsign
exp
floor
floorf
fmod
fmodf
_dsign
_dclass
_fdclass
_ldclass
acos
acosf
frexp
ldexp
log
asin
atan2
atan2f
ceil
ceilf
log10
cos
logf
pow
sqrtf
sqrt
_ldsign
sinf
sin
powf
tan
cosf

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtoull
strtoul
atof

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func
setlocale

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_difftime64
clock
_mktime64
strftime
_gmtime64
_time64
_localtime64

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: shika

Password: shika

470fdb0c1d3ab5d333d05e9f6901db10

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 512B - Virtual size: 508B

Password: shika

5ebc2e9b6b36f496b4e147e6278249f1

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 21KB - Virtual size: 67KB

.pdata Size: 64KB - Virtual size: 64KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 512B - Virtual size: 508B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 21KB - Virtual size: 67KB

.pdata
Size: 64KB - Virtual size: 64KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 7KB - Virtual size: 7KB