PinkEye V3[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

PinkEye V3.rar
Size

8.3MB
MD5

17c7723d5e0d3cc167e8f8c1bb122f6f
SHA1

cd0dbe61706b0320eefd952f1702a8aad33dd699
SHA256

bc789af02d1eea9d2713c7d50544ac84f728e39424ceda1d4f4a6b03b05ad28e
SHA512

a3881d0886545918a56cdb289ad43b398bba4b023a519917fccea537f9c4cc11e865c8796cfa023e4ae35dafa7c2d20d49ce80a670ed7d279fd767520792269b
SSDEEP

196608:nNnKkbbsNuKlDlDkPkJByCYrsEHryur3HeuFrOcj1zQxSGG6kbn2KJdo:nNnTCdjksWFsarL3Heu9XVQxlG6GnrJu

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PinkEye V3/PinkEye.exe
unpack001/PinkEye V3/bin/PinkEye.dll
unpack001/PinkEye V3/bin/PinkEye.sys
unpack001/PinkEye V3/bin/PinkEyeInjector.dll
unpack001/PinkEye V3/bin/Taigei64.dll
unpack001/PinkEye V3/bin/drv64.dll
unpack001/PinkEye V3/bin/kdu.exe

Files

PinkEye V3.rar
.rar
PinkEye V3/PinkEye.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\C5\source\repos\PinkEye\PinkEye\bin\x64\Release\PinkEye.pdb

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PinkEye V3/bin/PinkEye.dll
.dll windows:6 windows x64 arch:x64

f6f9f177b1c9952ba6b770bc52116a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

ZwQueueApcThread

kernel32

lstrcatA
LoadLibraryA
lstrcpynA

shell32

SHGetFolderPathA

Exports

Exports

?f1@@YAXPEBX@Z

Sections

.text
Size: 1024B - Virtual size: 593B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.-Mc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PinkEye V3/bin/PinkEye.sys
.sys windows:10 windows x64 arch:x64

d832302ba032273720bd9a94d834b1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ObfDereferenceObject
wcsnlen
_wcsicmp
RtlEqualUnicodeString
ProbeForRead
ZwClose
PsGetCurrentThreadTeb
PsLookupProcessByProcessId
ObOpenObjectByPointer
PsIsProcessBeingDebugged
ZwQueryInformationProcess
__C_specific_handler
PsProcessType
ExAllocatePoolWithTag
ExFreePoolWithTag
PsWrapApcWow64Thread
IoGetCurrentProcess
ObReferenceObjectByHandleWithTag
ObfReferenceObject
ObfDereferenceObjectWithTag
ZwOpenFile
ZwMakeTemporaryObject
ZwCreateSection
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlRunOnceInitialize
RtlRunOnceBeginInitialize
RtlRunOnceComplete
KeStackAttachProcess
KeUnstackDetachProcess
ObMakeTemporaryObject
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ZwQuerySecurityObject
RtlImageNtHeader
RtlImageDirectoryEntryToData
KeInitializeApc
KeInsertQueueApc
ZwQuerySection
MmMapViewOfSection
MmUnmapViewOfSection
KeTestAlertThread
PsInitialSystemProcess
KeDelayExecutionThread
PsCreateSystemThread
PsTerminateSystemThread
IoIs32bitProcess
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetCurrentProcessId

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.u|4
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinkEye V3/bin/PinkEyeInjector.dll
.dll windows:6 windows x64 arch:x64

285d8681cda01de0824b63fad16912b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\C5\source\repos\PinkEyeInjector\x64\Release\PinkEyeInjector.pdb

Imports

user32

GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
FindWindowA

kernel32

HeapFree
WriteConsoleW
CloseHandle
CreateFileW
LoadLibraryExA
Sleep
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

InjectDll

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinkEye V3/bin/Taigei64.dll
.dll windows:6 windows x64 arch:x64

5fdb5e4b32ad7ee52dcb35ca36fae4bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
Sleep
GetCommandLineW
LocalFree
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
EncodePointer
InterlockedFlushSList
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile

shell32

CommandLineToArgvW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtConnectPort
NtRequestWaitReplyPort
RtlVirtualUnwind
NtCreateFile
NtDeviceIoControlFile
NtDelayExecution
RtlInitUnicodeString
NtQueryInformationProcess
RtlPcToFileHeader
RtlUnwindEx
NtClose

Exports

Exports

RegisterForProvider
RegisterForProvider2
SB_SMS_GetCtrlCountEx
SB_SMS_QuickCommandEx
SB_SMS_ReadBlockEx
SB_SMS_ReadByteEx
SB_SMS_ReadWordEx
SB_SMS_WriteBlockEx
SB_SMS_WriteByteEx
SB_SMS_WriteWordEx

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinkEye V3/bin/drv64.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

gProvTable
gVersion

Sections

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinkEye V3/bin/kdu.exe
.exe windows:6 windows x64 arch:x64

2aedd7c6c9531a89b2f15f15eded56f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\C5\Downloads\KDU-master\KDU-master\Source\Hamakaze\output\x64\Release-Silent\kdu.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
LoadLibraryExW
HeapCreate
HeapAlloc
HeapDestroy
GetStartupInfoW
WriteProcessMemory
ResumeThread
UnmapViewOfFile
DeleteFileW
CreateProcessW
GetModuleHandleW
GetCurrentProcessId
ReadFile
WriteFile
SetFilePointer
TerminateProcess
Sleep
VirtualUnlock
VirtualLock
TerminateThread
CreateThread
HeapSetInformation
GetSystemDirectoryW
CreateFileW
VirtualFree
CreateEventW
GetProcessHeap
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetStdHandle
GetModuleFileNameW
FormatMessageW
GetSystemInfo
VirtualAllocEx
ReadProcessMemory
GetSystemTimeAsFileTime
VirtualFreeEx
CreateFileMappingW
MapViewOfFile
GetFirmwareEnvironmentVariableW
GetConsoleMode
ExpandEnvironmentStringsW
LoadLibraryW
GetCurrentDirectoryW
WriteConsoleW
RtlCompareMemory
CloseHandle
WaitForSingleObject
GetLastError
GetCurrentProcess
VirtualAlloc
SetDllDirectoryW
SetLastError
HeapReAlloc
HeapSize
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleOutputCP
FlushFileBuffers
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ntdll

NtSetInformationProcess
LdrLockLoaderLock
RtlTimeToSecondsSince1970
NtLoadDriver
NtTerminateProcess
LdrUnlockLoaderLock
NtSetValueKey
NtOpenSection
NtQueryObject
LdrFindEntryForAddress
NtOpenFile
NtWaitForSingleObject
NtFsControlFile
RtlLengthRequiredSid
NtUnloadDriver
RtlEqualUnicodeString
LdrGetProcedureAddress
RtlNtdllName
NtDuplicateObject
NtSetSecurityObject
RtlDoesFileExists_U
NtCreateMutant
RtlGetVersion
LdrUnloadDll
NtAlpcDisconnectPort
RtlCreateSecurityDescriptor
NtAlpcCreatePort
RtlCreateAcl
NtAlpcAcceptConnectPort
RtlLengthSid
NtReplyWaitReceivePort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlInitializeSid
NtDeviceIoControlFile
NtOpenKey
NtMapViewOfSection
NtUnmapViewOfSection
LdrLoadDll
NtCreateSection
LdrAccessResource
RtlSetLastWin32Error
NtCreateFile
RtlNtStatusToDosError
RtlEqualSid
RtlInitString
RtlFreeHeap
NtQueryDirectoryObject
RtlFreeSid
RtlExpandEnvironmentStrings
NtOpenDirectoryObject
NtFlushBuffersFile
RtlUnicodeStringToAnsiString
NtClose
NtQueryInformationToken
RtlAllocateAndInitializeSid
LdrFindResource_U
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtOpenProcess
RtlFreeUnicodeString
NtQueryInformationProcess
NtWriteFile
NtQuerySystemInformation
RtlAllocateHeap
NtOpenThread
NtFreeVirtualMemory
NtOpenProcessToken
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
NtAdjustPrivilegesToken
RtlImageNtHeader
RtlAddAccessAllowedAce

rpcrt4

UuidCreate

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiRemoveDevice

newdev

UpdateDriverForPlugAndPlayDevicesW

bcrypt

BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider

msdelta

DeltaFree
ApplyDeltaB

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 8KB - Virtual size: 8KB

f6f9f177b1c9952ba6b770bc52116a5f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 593B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 56B

.pdata Size: 512B - Virtual size: 36B

.-Mc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

d832302ba032273720bd9a94d834b1b0

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 280B

.pdata Size: 512B - Virtual size: 276B

INIT Size: 2KB - Virtual size: 1KB

.u|4 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 512B - Virtual size: 280B

285d8681cda01de0824b63fad16912b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 432B

.reloc Size: 2KB - Virtual size: 1KB

5fdb5e4b32ad7ee52dcb35ca36fae4bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ntdll

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 2KB - Virtual size: 1KB

Headers

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 1024B - Virtual size: 593B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 56B

.pdata
Size: 512B - Virtual size: 36B

.-Mc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 280B

.pdata
Size: 512B - Virtual size: 276B

INIT
Size: 2KB - Virtual size: 1KB

.u|4
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 512B - Virtual size: 280B

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 76KB - Virtual size: 75KB

.reloc
Size: 3KB - Virtual size: 2KB