240916-v8lfes1bmg_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

240916-v8lfes1bmg_pw_infected.zip
Size

1.3MB
MD5

adcc604fea3c27cc073cc16a9ceeec04
SHA1

7d1029ad5ba518f767be9a63a68b7b8b50b51fc3
SHA256

4c46bcfda5ed1eece4bf3f44e884c3283344e11baa9a055756bf5da5561af523
SHA512

6a1d7949d5462b7896d46fe788c701e733c4de42653a7a2d870c22c730f35615eaaa3740c25034b89a9e7309cd336d63dad16b68aa4e4d75a161e4ac9ce4e413
SSDEEP

24576:ikqr3XXP6phWZ8284sdjGL3I5iUcIObbeY99RsvO8A54/oBonYMFIVBXWL6C0c:tqTHPgcZbYj2OcIm98HAG/Uonn8XCZz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Artemis.dll
unpack002/Artemis.exe

Files

240916-v8lfes1bmg_pw_infected.zip
.zip

Password: infected
Artemis.zip
.zip
Artemis.dll
.dll windows:6 windows x64 arch:x64

965dcd44d95084efe1180deaa0f9c993

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
getsockname
socket
ntohs
htons
setsockopt
getaddrinfo
WSASetLastError
WSACreateEvent
WSACloseEvent
select
__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
getnameinfo
getpeername
WSASocketW
shutdown
freeaddrinfo
send
gethostname
htonl
WSAIoctl
WSAResetEvent
getsockopt

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
SetEvent
CloseHandle
ResetEvent
CreateEventA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
CreateFile2
GetCurrentProcess
CreateFileMappingFromApp
MapViewOfFileFromApp
FreeLibrary
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetLastError
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetTickCount64
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
ReleaseSRWLockExclusive
UnmapViewOfFile
FindFirstFileW
FindFirstFileExW
GetLocaleInfoEx
LocalFree
AreFileApisANSI
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileAttributesExW
GetFileInformationByHandleEx
FindNextFileW

user32

CloseClipboard
OpenClipboard
CallNextHookEx
SetClipboardData
GetWindowTextA
GetForegroundWindow
EmptyClipboard

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Query_perf_frequency
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Mtx_unlock
?_Random_device@std@@YAIXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
_Cnd_signal
_Cnd_init_in_situ
_Cnd_wait
_Thrd_id
_Thrd_join
_Cnd_destroy_in_situ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??7ios_base@std@@QEBA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Tolower
_Toupper
??1ctype_base@std@@UEAA@XZ
??0ctype_base@std@@QEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Winerror_map@std@@YAHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Thrd_hardware_concurrency
?__ExceptionPtrCreate@@YAXPEAX@Z
_Strxfrm
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Strcoll
_Cnd_broadcast
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?tolower@?$ctype@D@std@@QEBADD@Z

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__C_specific_handler
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__std_terminate
__current_exception_context
strstr
_CxxThrowException
memcpy
memset
strchr
memcmp
strrchr
memchr
memmove
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
free
calloc

api-ms-win-crt-runtime-l1-1-0

terminate
_errno
__sys_errlist
__sys_nerr
_seh_filter_dll
strerror
_configure_narrow_argv
_initialize_narrow_environment
_beginthreadex
abort
_initterm_e
_initterm
_initialize_onexit_table
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

isupper
isxdigit
strcspn
isalnum
tolower
ispunct
isdigit
_strdup
isgraph
toupper
strpbrk
islower
strncmp
strnlen
iscntrl
isalpha
strspn
strncpy
isspace
strcmp
strncat

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoull
atoi
strtoll
strtoul
wcstombs

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_lseeki64
fgets
_open
__stdio_common_vsprintf
fopen
feof
__stdio_common_vswprintf
_close
fputs
ftell
__acrt_iob_func
fseek
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
_fileno
_write
fgetc
fclose
fflush
fputc
_read

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_access
_stat64
_lock_file
_access_s
_unlink

api-ms-win-crt-math-l1-1-0

log2
floorf
log10
pow
floor
sin
exp
cosh
_fdopen
sinh
fmod
cos
tanh
ceilf
ceil
atan2
atan
asin
acos
tan
ldexp
sqrt
round
frexp
_ldsign
_fdsign
modf
log
_dsign

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
clock
_gmtime64_s
_localtime64_s
_difftime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-utility-l1-1-0

qsort

wldap32

ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord211
ord33
ord143
ord35
ord79
ord30
ord200
ord301
ord217
ord46
ord32

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore

Exports

Exports

NextHook

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Artemis.exe
.exe windows:6 windows x64 arch:x64

b55b30229b7112a6bb671d0e332dca1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
MultiByteToWideChar
ReleaseSRWLockExclusive
GetConsoleWindow
VirtualProtectEx
CloseHandle
Process32Next
CreateToolhelp32Snapshot
OpenProcess
LoadLibraryExA
SetConsoleTitleA
Sleep
Process32First
QueryPerformanceCounter
SetEvent
VerSetConditionMask
GetProcAddress
DeleteCriticalSection
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionEx
SetLastError
GetEnvironmentVariableA
GetLastError
GetSystemDirectoryA
CreateEventA
WriteProcessMemory
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetTickCount
FreeLibrary
AcquireSRWLockExclusive

user32

GetAsyncKeyState
MoveWindow
TranslateMessage
LoadIconA
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId
SetWindowsHookExA
PostThreadMessageW
GetSystemMetrics
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
GetWindowRect
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
DispatchMessageA
SetWindowTextW
FindWindowA
WindowFromPoint
ReleaseDC
SetClipboardData
GetClipboardData
ShowWindow
GetCapture
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
GetMonitorInfoA
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
SetProcessDPIAware
UnregisterClassA
GetClientRect
SetWindowLongW
SetCursor
SetCapture
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps

advapi32

CryptDestroyHash
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptHashData
CryptCreateHash
CryptGetHashParam

msvcp140

?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
_Strcoll
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Xtime_get_ticks
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
__std_terminate
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memmove
__std_exception_destroy
memchr
strrchr
__std_exception_copy
memset
strstr
strchr

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh
_set_new_mode
realloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
__sys_errlist
__sys_nerr
_beginthreadex
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcspn
tolower
isspace
isblank
strpbrk
strspn
strncmp
strncpy
isalnum
strcmp
_strdup
toupper

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
_read
_write
_fileno
__acrt_iob_func
_lseeki64
_close
fflush
fgets
_set_fmode
fclose
fputc
_open
fopen
fseek
fwrite
_wfopen
feof
__stdio_common_vswprintf
__stdio_common_vsprintf
fread
fputs
__stdio_common_vsscanf
_fseeki64
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoul
strtoll
strtol
atoi

api-ms-win-crt-math-l1-1-0

acosf
sqrtf
ceilf
_dsign
sinf
_fdopen
__setusermatherr
cosf
floorf

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_stat64
_fstat64

ws2_32

htons
socket
__WSAFDIsSet
WSAIoctl
setsockopt
select
WSACleanup
getsockopt
send
accept
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAStartup
WSAWaitForMultipleEvents
closesocket
WSASetLastError
WSAGetLastError
ntohs
WSACreateEvent
bind
connect
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
getsockname
htonl

wldap32

ord60
ord211
ord46
ord217
ord45
ord41
ord50
ord22
ord26
ord27
ord143
ord32
ord33
ord35
ord79
ord30
ord200
ord301

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

965dcd44d95084efe1180deaa0f9c993

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

wldap32

normaliz

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 403KB - Virtual size: 402KB

.data Size: 40KB - Virtual size: 49KB

.pdata Size: 56KB - Virtual size: 55KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 8KB - Virtual size: 7KB

b55b30229b7112a6bb671d0e332dca1d

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

gdi32

advapi32

msvcp140

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

wldap32

normaliz

crypt32

Sections

.text Size: 795KB - Virtual size: 794KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 5KB - Virtual size: 8KB

.pdata Size: 38KB - Virtual size: 38KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 403KB - Virtual size: 402KB

.data
Size: 40KB - Virtual size: 49KB

.pdata
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 795KB - Virtual size: 794KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 5KB - Virtual size: 8KB

.pdata
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB