fixedtickle[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fixedtickle.exe
Size

37.5MB
MD5

1efa48a328fb91b2c00108301f06d8f7
SHA1

0384c73f14e88f36410ddf5a2f6d58a7b4039f13
SHA256

1fa5cf8df889f95e9e0c3f9dff2f657a8ce16368994da43195816f61e2a3cb02
SHA512

10df74344e149d753df223af41f0956e1f0e188c440c2fc58bf5edda2babf2f4ef518b6392fd72c97ed3b3c6c61748ef2cf9764b9a254d3635396370c7ab1282
SSDEEP

786432:Fy600nAR4kGCs7u5l/TBsZv5dln/yZg5HPy6WYBM4h1xh/Vkm:gB0+GCsK5NORP6kd/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fixedtickle.exe

Files

fixedtickle.exe
.exe windows:6 windows x64 arch:x64

2d44ed22508237d197d3c4fc93b7c727

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameA

d3dcompiler_43

D3DCompile

gdi32

CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

kernel32

VirtualProtect
SetLastError
VirtualFree
GetCurrentProcess
OutputDebugStringA
VirtualAlloc
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GetCurrentThread
Process32FirstW
CloseHandle
GetSystemInfo
LoadLibraryW
Module32FirstW
GetThreadContext
GetModuleHandleW
GetConsoleWindow
Module32NextW
GetTickCount
AllocConsole
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryA
UnmapViewOfFile
QueryPerformanceCounter
MapViewOfFile
GetModuleHandleA
GetFileSizeEx
ReadFile
HeapAlloc
HeapFree
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
GetCurrentThreadId
WakeAllConditionVariable
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
WriteProcessMemory
FreeLibrary
GetProcAddress
CreateFileMappingW
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateFileA
DeleteCriticalSection

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MEBAHXZ

shell32

ShellExecuteW

Exports

Exports

??0Assembler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Assembler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0BaseAssembler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseBuilder@_abi_1_10@asmjit@@QEAA@XZ
??0BaseCompiler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseEmitter@_abi_1_10@asmjit@@QEAA@W4EmitterType@12@@Z
??0Builder@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Builder@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0CodeHolder@_abi_1_10@asmjit@@QEAA@PEBUTemporary@Support@12@@Z
??0Compiler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Compiler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0ConstPool@_abi_1_10@asmjit@@QEAA@PEAVZone@12@@Z
??0ErrorHandler@_abi_1_10@asmjit@@QEAA@XZ
??0FileLogger@_abi_1_10@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0JitAllocator@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@012@@Z
??0JitRuntime@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z
??0Logger@_abi_1_10@asmjit@@QEAA@XZ
??0Pass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0StringLogger@_abi_1_10@asmjit@@QEAA@XZ
??0Target@_abi_1_10@asmjit@@QEAA@XZ
??1Assembler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Assembler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1BaseAssembler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseBuilder@_abi_1_10@asmjit@@UEAA@XZ
??1BaseCompiler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseEmitter@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@x86@_abi_1_10@asmjit@@UEAA@XZ
??1CodeHolder@_abi_1_10@asmjit@@QEAA@XZ
??1Compiler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Compiler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1ConstPool@_abi_1_10@asmjit@@QEAA@XZ
??1ErrorHandler@_abi_1_10@asmjit@@UEAA@XZ
??1FileLogger@_abi_1_10@asmjit@@UEAA@XZ
??1JitAllocator@_abi_1_10@asmjit@@QEAA@XZ
??1JitRuntime@_abi_1_10@asmjit@@UEAA@XZ
??1Logger@_abi_1_10@asmjit@@UEAA@XZ
??1Pass@_abi_1_10@asmjit@@UEAA@XZ
??1StringLogger@_abi_1_10@asmjit@@UEAA@XZ
??1Target@_abi_1_10@asmjit@@UEAA@XZ
??_FAssembler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FAssembler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FCodeHolder@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FFileLogger@_abi_1_10@asmjit@@QEAAXXZ
??_FJitAllocator@_abi_1_10@asmjit@@QEAAXXZ
??_FJitRuntime@_abi_1_10@asmjit@@QEAAXXZ
?_add@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@23@@Z
?_alloc@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_N@Z
?_archTraits@_abi_1_10@asmjit@@3QBUArchTraits@12@B
?_cleanupBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUCommonInfo@1234@B
?_emit@Assembler@a64@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@Assembler@x86@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@BaseBuilder@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@23@00PEBU423@@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAII@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@@Z
?_emitOpArray@BaseEmitter@_abi_1_10@asmjit@@UEAAIIPEBUOperand_@23@_K@Z
?_grow@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_init@Zone@_abi_1_10@asmjit@@QEAAX_K0PEBUTemporary@Support@23@@Z
?_init@ZoneStackBase@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_K@Z
?_insert@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_instInfoTable@InstDB@a64@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstSignature@1234@B
?_log@FileLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@W4ConstPoolScope@23@PEBX_K@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBD@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBD@Z
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBDZZ
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBDZZ
?_newStack@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@IIPEBD@Z
?_opChar@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D@Z
?_opChars@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D_K@Z
?_opFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDZZ
?_opHex@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBX_KD@Z
?_opNumber@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@_KI1W4StringFormatFlags@23@@Z
?_opSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUOpSignature@1234@B
?_opString@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBD_K@Z
?_opVFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDPEAD@Z
?_prepareBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@_abi_1_10@asmjit@@QEAAXPEAVZoneAllocator@23@I@Z
?_release@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_reserve@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_resize@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@II_N@Z
?_resize@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_typeData@TypeUtils@_abi_1_10@asmjit@@3UTypeData@123@B
?_zeroBlock@Zone@_abi_1_10@asmjit@@2UBlock@123@B
?add@ConstPool@_abi_1_10@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addBefore@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?addFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVFuncNode@23@PEAV423@@Z
?addFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?addFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?addInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?addNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?addPass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?align@Assembler@a64@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@Assembler@x86@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4AlignMode@23@I@Z
?alloc@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@_abi_1_10@asmjit@@YAIPEAPEAX_KW4MemoryFlags@123@@Z
?allocDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_KW4MemoryFlags@123@@Z
?allocZeroed@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@_abi_1_10@asmjit@@YAXPEBDH0@Z
?assign@String@_abi_1_10@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?bind@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bind@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bindLabel@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVLabel@23@I_K@Z
?clear@String@_abi_1_10@asmjit@@QEAAIXZ
?clearDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?codeSize@CodeHolder@_abi_1_10@asmjit@@QEBA_KXZ
?comment@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KW4CopySectionFlags@23@@Z
?copyFrom@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@AEBV123@@Z
?copySectionData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KIW4CopySectionFlags@23@@Z
?debugOutput@DebugUtils@_abi_1_10@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?detach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?dup@Zone@_abi_1_10@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embed@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embedConstPool@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedConstPool@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedDataArray@BaseAssembler@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedDataArray@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabelDelta@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?embedLabelDelta@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?emitAnnotatedJump@BaseCompiler@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?emitArgsAssignment@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@AEBVFuncArgsAssignment@23@@Z
?emitEpilog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?emitProlog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?endFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@_abi_1_10@asmjit@@QEAAPEAVSection@23@XZ
?eq@String@_abi_1_10@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@_abi_1_10@asmjit@@YAPEBDI@Z
?fill@ConstPool@_abi_1_10@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@FuncFrame@_abi_1_10@asmjit@@QEAAIXZ
?flatten@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?flushInstructionCache@VirtMem@_abi_1_10@asmjit@@YAXPEAX_K@Z
?formatData@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@PEBX_K5@Z
?formatDataType@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@@Z
?formatFeature@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4Arch@23@I@Z
?formatInstruction@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_K@Z
?formatLabel@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@I@Z
?formatNode@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@3@Z
?formatOperand@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBUOperand_@23@@Z
?formatRegister@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@W4RegType@23@I@Z
?formatTypeId@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4TypeId@23@@Z
?getTickCount@OSUtils@_abi_1_10@asmjit@@YAIXZ
?growBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?hardenedRuntimeInfo@VirtMem@_abi_1_10@asmjit@@YA?AUHardenedRuntimeInfo@123@XZ
?host@CpuInfo@_abi_1_10@asmjit@@SAAEBV123@XZ
?info@VirtMem@_abi_1_10@asmjit@@YA?AUInfo@123@XZ
?init@CallConv@_abi_1_10@asmjit@@QEAAIW4CallConvId@23@AEBVEnvironment@23@@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@AEBVCpuFeatures@23@_K@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@_K@Z
?init@FuncDetail@_abi_1_10@asmjit@@QEAAIAEBUFuncSignature@23@AEBVEnvironment@23@@Z
?init@FuncFrame@_abi_1_10@asmjit@@QEAAIAEBVFuncDetail@23@@Z
?instIdToString@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@IAEAVString@23@@Z
?isLabelValid@BaseEmitter@_abi_1_10@asmjit@@QEBA_NI@Z
?labelByName@BaseEmitter@_abi_1_10@asmjit@@QEAA?AVLabel@23@PEBD_KI@Z
?labelIdByName@CodeHolder@_abi_1_10@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@I@Z
?logf@Logger@_abi_1_10@asmjit@@QEAAIPEBDZZ
?logv@Logger@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVAlignNode@23@W4AlignMode@23@I@Z
?newCommentNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVCommentNode@23@PEBD_K@Z
?newConstPoolNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVConstPoolNode@23@@Z
?newEmbedDataNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVEmbedDataNode@23@W4TypeId@23@PEBX_K3@Z
?newFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?newFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?newInstNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVInstNode@23@IW4InstOptions@23@I@Z
?newInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?newJumpAnnotation@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVJumpAnnotation@23@XZ
?newJumpNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVJumpNode@23@IW4InstOptions@23@AEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?newLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@@Z
?newLabelLink@CodeHolder@_abi_1_10@asmjit@@QEAAPEAULabelLink@23@PEAVLabelEntry@23@I_K_JAEBUOffsetFormat@23@@Z
?newLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@@Z
?newNamedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@PEBD_KW4LabelType@23@I@Z
?newRelocEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAURelocEntry@23@W4RelocType@23@@Z
?newSection@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVSection@23@PEBD_KW4SectionFlags@23@IH@Z
?newVirtReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVVirtReg@23@W4TypeId@23@UOperandSignature@23@PEBD@Z
?onAttach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onSettingsUpdated@BaseEmitter@_abi_1_10@asmjit@@UEAAXXZ
?padEnd@String@_abi_1_10@asmjit@@QEAAI_KD@Z
?passByName@BaseBuilder@_abi_1_10@asmjit@@QEBAPEAVPass@23@PEBD@Z
?prepare@String@_abi_1_10@asmjit@@QEAAPEADW4ModifyOp@123@_K@Z
?protect@VirtMem@_abi_1_10@asmjit@@YAIPEAX_KW4MemoryFlags@123@@Z
?protectJitMemory@VirtMem@_abi_1_10@asmjit@@YAXW4ProtectJitAccess@123@@Z
?query@JitAllocator@_abi_1_10@asmjit@@QEBAIPEAXPEAPEAX1PEA_K@Z
?queryFeatures@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAVCpuFeatures@23@@Z
?queryRWInfo@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAUInstRWInfo@23@@Z
?registerLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVLabelNode@23@@Z
?release@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX@Z
?release@VirtMem@_abi_1_10@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_K@Z
?relocateToBase@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?removeNodes@BaseBuilder@_abi_1_10@asmjit@@QEAAXPEAVBaseNode@23@0@Z
?rename@BaseCompiler@_abi_1_10@asmjit@@QEAAXAEBVBaseReg@23@PEBDZZ
?reportError@BaseEmitter@_abi_1_10@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?reset@CodeHolder@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ConstPool@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?reset@JitAllocator@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@String@_abi_1_10@asmjit@@QEAAIXZ
?reset@Zone@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?resolveUnresolvedLinks@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?run@FuncPass@_abi_1_10@asmjit@@UEAAIPEAVZone@23@PEAVLogger@23@@Z
?runPasses@BaseBuilder@_abi_1_10@asmjit@@QEAAIXZ
?section@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?section@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?sectionByName@CodeHolder@_abi_1_10@asmjit@@QEBAPEAVSection@23@PEBD_K@Z
?sectionNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVSectionNode@23@I@Z
?serializeTo@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?setCursor@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?setErrorHandler@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setErrorHandler@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setLogger@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setLogger@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setOffset@BaseAssembler@_abi_1_10@asmjit@@QEAAI_K@Z
?setStackSize@BaseCompiler@_abi_1_10@asmjit@@QEAAIIII@Z
?sformat@Zone@_abi_1_10@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX_K@Z
?stackAlignment@Environment@_abi_1_10@asmjit@@QEBAIXZ
?statistics@JitAllocator@_abi_1_10@asmjit@@QEBA?AUStatistics@123@XZ
?stringToInstId@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@PEBD_K@Z
?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?truncate@String@_abi_1_10@asmjit@@QEAAI_K@Z
?typeIdToRegSignature@ArchUtils@_abi_1_10@asmjit@@YAIW4Arch@23@W4TypeId@23@PEAW4523@PEAUOperandSignature@23@@Z
?updateFuncFrame@FuncArgsAssignment@_abi_1_10@asmjit@@QEBAIAEAVFuncFrame@23@@Z
?updateSectionLinks@BaseBuilder@_abi_1_10@asmjit@@QEAAXXZ
?validate@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KW4ValidationFlags@23@@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 383KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 707KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d44ed22508237d197d3c4fc93b7c727

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

d3dcompiler_43

gdi32

imm32

kernel32

msvcp140

shell32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

Size: 383KB - Virtual size: 392KB

Size: 707KB - Virtual size: 712KB

Size: 46KB - Virtual size: 48KB

Size: 512B - Virtual size: 4KB

Size: 4KB - Virtual size: 8KB

.edata Size: 21KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: 18.9MB - Virtual size: 18.9MB

.boot Size: 16.2MB - Virtual size: 16.2MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 4KB - Virtual size: 8KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.edata
Size: 21KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: 18.9MB - Virtual size: 18.9MB

.boot
Size: 16.2MB - Virtual size: 16.2MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 4KB - Virtual size: 8KB