dhm6hb[.]zip | Triage

Resubmissions

21-09-2024 23:08

240921-24va4azajf 7

21-09-2024 23:08

240921-24mw1syhrh 3

21-09-2024 23:05

240921-22ykqsyhjh 3

Sharing

Copy URL

Twitter E-mail

General

Target

dhm6hb.zip
Size

1.4MB
MD5

c9dc50ae9c21b0b9c197cd8ed3933ce9
SHA1

e31a23ad267bb07f7e350152f7c238a0eae8f378
SHA256

ff63748d7e23e908dc77ef2ee99de79ea60d2d1e31df71f01bfda0f4d802ca65
SHA512

e184dd258cf4982eefbc48a6f0922ee4de1a844e00913cf7a0cfe17a29840fd3c038c0ec5432c9e223dc617b4baa6a9cefcaed48aabbf4cc77b5069255e212b9
SSDEEP

24576:ZJWZ7iMmQECwzEDSdiaKECn+6g+b4EDfpvC/ePXO36m7KJf4G6x:GiLpCwwDrEC+6g+bTNCSoel4Jx

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Artemis.dll
unpack001/Artemis.exe

Files

dhm6hb.zip
.zip
Artemis.dll
.dll windows:6 windows x64 arch:x64

a09723eeb7d26d665555600a30566958

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
getsockname
socket
ntohs
htons
setsockopt
getaddrinfo
WSASetLastError
WSACreateEvent
WSACloseEvent
select
__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
getnameinfo
getpeername
WSASocketW
shutdown
freeaddrinfo
send
gethostname
htonl
WSAIoctl
WSAResetEvent
getsockopt

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
SetEvent
CloseHandle
ResetEvent
CreateEventA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
CreateFile2
GetCurrentProcess
CreateFileMappingFromApp
MapViewOfFileFromApp
FreeLibrary
IsBadReadPtr
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetLastError
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetTickCount64
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
ReleaseSRWLockExclusive
UnmapViewOfFile
FindFirstFileW
FindFirstFileExW
GetLocaleInfoEx
LocalFree
AreFileApisANSI
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileAttributesExW
GetFileInformationByHandleEx
FindNextFileW

user32

CloseClipboard
OpenClipboard
CallNextHookEx
SetClipboardData
GetWindowTextA
GetForegroundWindow
EmptyClipboard

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Query_perf_frequency
_Query_perf_counter
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Mtx_unlock
?_Random_device@std@@YAIXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
_Cnd_signal
_Cnd_init_in_situ
_Cnd_wait
_Thrd_id
_Thrd_join
_Cnd_destroy_in_situ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??7ios_base@std@@QEBA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Tolower
_Toupper
??1ctype_base@std@@UEAA@XZ
??0ctype_base@std@@QEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Winerror_map@std@@YAHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Thrd_hardware_concurrency
?__ExceptionPtrCreate@@YAXPEAX@Z
_Strxfrm
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Strcoll
_Cnd_broadcast
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__C_specific_handler
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__std_terminate
__current_exception_context
strstr
_CxxThrowException
memcpy
memset
strchr
memcmp
strrchr
memchr
memmove
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
free
calloc

api-ms-win-crt-runtime-l1-1-0

terminate
_errno
__sys_errlist
__sys_nerr
_seh_filter_dll
strerror
_configure_narrow_argv
_initialize_narrow_environment
_beginthreadex
abort
_initterm_e
_initterm
_initialize_onexit_table
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

isupper
isxdigit
strcspn
isalnum
tolower
ispunct
isdigit
_strdup
isgraph
toupper
strpbrk
islower
strncmp
strnlen
iscntrl
isalpha
strspn
strncpy
isspace
strcmp
strncat

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoull
atoi
strtoll
strtoul
wcstombs

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_lseeki64
fgets
_open
__stdio_common_vsprintf
fopen
feof
__stdio_common_vswprintf
_close
fputs
ftell
__acrt_iob_func
fseek
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
_fileno
_write
fgetc
fclose
fflush
fputc
_read

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_fstat64
_access
_stat64
_lock_file
_access_s
_unlink

api-ms-win-crt-math-l1-1-0

log2
floorf
log10
pow
floor
sin
exp
cosh
_fdopen
sinh
fmod
cos
tanh
ceilf
ceil
atan2
atan
asin
acos
tan
ldexp
sqrt
round
frexp
_ldsign
_fdsign
modf
log
_dsign

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
clock
_gmtime64_s
_localtime64_s
_difftime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-utility-l1-1-0

qsort

wldap32

ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord211
ord33
ord143
ord35
ord79
ord30
ord200
ord301
ord217
ord46
ord32

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore

Exports

Exports

NextHook

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Artemis.exe
.exe windows:6 windows x64 arch:x64

71a03ded4a3e24c4592e79bf19919764

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetFileAttributesExW
GetLocaleInfoEx
AreFileApisANSI
GetModuleHandleW
FormatMessageA
LocalFree
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
Sleep
GetTickCount
GetFileInformationByHandleEx
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive
GetConsoleWindow
VirtualProtectEx
CloseHandle
Process32Next
CreateToolhelp32Snapshot
OpenProcess
LoadLibraryExA
SetConsoleTitleA
WriteProcessMemory
Process32First
QueryPerformanceCounter
GetEnvironmentVariableA
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
SetLastError
GetLastError
GetSystemDirectoryA
CreateEventA
EnterCriticalSection
WaitForSingleObject
MultiByteToWideChar
GlobalAlloc

user32

GetWindowRect
GetSystemMetrics
DispatchMessageA
MonitorFromWindow
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
GetAsyncKeyState
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
SetProcessDPIAware
UnregisterClassA
GetClientRect
MoveWindow
TranslateMessage
LoadIconA
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId
SetWindowsHookExA
PostThreadMessageW
FindWindowA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
SetWindowLongW
SetWindowPos
GetDC
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor

gdi32

GetDeviceCaps
CreateSolidBrush

advapi32

CryptDestroyKey
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptDestroyHash

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmAssociateContextEx
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memmove
memchr
strrchr
memset
memcpy
strchr
strstr
__std_exception_copy
__std_exception_destroy
__std_terminate
memcmp

api-ms-win-crt-heap-l1-1-0

calloc
free
_callnewh
_set_new_mode
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__sys_errlist
__sys_nerr
_beginthreadex
abort
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_errno
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcspn
isblank
isspace
strpbrk
strspn
strcmp
toupper
strncmp
strncpy
tolower
_strdup
isalnum

api-ms-win-crt-stdio-l1-1-0

__p__commode
fflush
_read
_write
_fileno
_close
fclose
_lseeki64
_set_fmode
fseek
fgets
__acrt_iob_func
ftell
fwrite
_open
fopen
_wfopen
__stdio_common_vsprintf
fread
feof
__stdio_common_vswprintf
fputc
__stdio_common_vsscanf
fputs
__stdio_common_vfprintf
_fseeki64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
wcstombs
strtoll

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_fdsign
_ldsign
acosf
ceilf
cosf
floorf
sinf
_fdopen
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_unlink
_stat64

ws2_32

recvfrom
getaddrinfo
sendto
getpeername
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
freeaddrinfo
WSAEventSelect
WSAIoctl
ioctlsocket
gethostname
setsockopt
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSACleanup
WSASetLastError
WSAEnumNetworkEvents
WSAStartup
recv
ntohs
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAGetLastError

wldap32

ord32
ord50
ord45
ord60
ord211
ord33
ord35
ord27
ord217
ord143
ord79
ord30
ord200
ord301
ord26
ord41
ord46
ord22

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertOpenStore
CryptQueryObject
CertFreeCertificateChain
CertCloseStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertGetNameStringA
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension

Sections

.text
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a09723eeb7d26d665555600a30566958

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

wldap32

normaliz

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 404KB - Virtual size: 404KB

.data Size: 40KB - Virtual size: 49KB

.pdata Size: 55KB - Virtual size: 55KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 8KB - Virtual size: 7KB

71a03ded4a3e24c4592e79bf19919764

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

gdi32

advapi32

msvcp140

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

wldap32

normaliz

crypt32

Sections

.text Size: 855KB - Virtual size: 854KB

.rdata Size: 315KB - Virtual size: 314KB

.data Size: 5KB - Virtual size: 9KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 404KB - Virtual size: 404KB

.data
Size: 40KB - Virtual size: 49KB

.pdata
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 855KB - Virtual size: 854KB

.rdata
Size: 315KB - Virtual size: 314KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB