strela | 323bf0e1ae2b9c9cd927b0cb9576200d3b2d2a773eadaa01d0c49c42dc4013d9

Sharing

Copy URL

Twitter E-mail

General

Target

323bf0e1ae2b9c9cd927b0cb9576200d3b2d2a773eadaa01d0c49c42dc4013d9
Size

8.8MB
MD5

1968ed41a3bafe939c0a8c08af0e7d0f
SHA1

761ab918102ceb8d4f432762e34c8da6edbf2f0d
SHA256

323bf0e1ae2b9c9cd927b0cb9576200d3b2d2a773eadaa01d0c49c42dc4013d9
SHA512

95cc444e03fef4334c0556f5510d609149cd3062101ed4eaaf620b7b69723e8d072b00fa6d8c52b3c74f1c8d64829a537fc6ac0ca620a63694a6981e71e72fb0
SSDEEP

98304:YQuJGszDmnR2kJyAAIQSd2dh7ZRuvad9AfixwVU2HEZ5xIGBpui:Yc2kJPApSd2d1uvaPAfiq+gIX

Score

10^/10

strela

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
sample	family_strela

Strela family
strela

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
323bf0e1ae2b9c9cd927b0cb9576200d3b2d2a773eadaa01d0c49c42dc4013d9

Files

323bf0e1ae2b9c9cd927b0cb9576200d3b2d2a773eadaa01d0c49c42dc4013d9
.exe windows:6 windows x86 arch:x86

0e114f0cc9fb8b57a64e17f76ebf9d4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\146heaven-client\client\CElement\CElementClient\DbgReleaseLAA\ElementClient.pdb

Imports

zlibwapi

ord26
ord46
ord2

elementskill

?SetLevel@ElementSkill@GNET@@SAHIH@Z
?LoadSkillData@ElementSkill@GNET@@SAXPAX@Z
?LearnCondition@ElementSkill@GNET@@SAHIAAULearnRequirement@2@H@Z
?Condition@ElementSkill@GNET@@SAHIAAUUseRequirement@2@H@Z
?PetLearn@ElementSkill@GNET@@SAHIAAUPetRequirement@2@H@Z
?GetAbilityPercent@ElementSkill@GNET@@SAHI@Z
?GetRequiredBook@ElementSkill@GNET@@SAHIH@Z
?Destroy@ElementSkill@GNET@@QAEXXZ
?GoblinLearn@ElementSkill@GNET@@SAHIAAUGoblinRequirement@2@H@Z
?GetComboSkActivated@ElementSkill@GNET@@SAXABUComboSkillState@2@AAV?$vector@U?$pair@IH@std@@V?$allocator@U?$pair@IH@std@@@2@@std@@@Z
?Query@VisibleState@GNET@@SAPBV12@HH@Z
?GetName@ElementSkill@GNET@@SAPB_WI@Z
?GetCommonCoolDown@ElementSkill@GNET@@SAHI@Z
?GetIcon@ElementSkill@GNET@@SAPBDI@Z
?GetNativeName@ElementSkill@GNET@@SAPBDI@Z
?InitStaticData@ElementSkill@GNET@@SAXXZ
?GetComboSkPreSkill@ElementSkill@GNET@@SAHI@Z
?GetInherentSkills@ElementSkill@GNET@@SAABV?$vector@IV?$allocator@I@std@@@std@@H@Z
?NextSkill@ElementSkill@GNET@@SAII@Z
?IsMovingSkill@ElementSkill@GNET@@SA_NI@Z
?SetAbility@ElementSkill@GNET@@SAHIH@Z
?GetVersion@ElementSkill@GNET@@SAHXZ
?GoblinCondition@ElementSkill@GNET@@SAHIAAUGoblinUseRequirement@2@H@Z
?GetEffect@ElementSkill@GNET@@SAPBDI@Z
?GetExecuteTime@ElementSkill@GNET@@SAHIH@Z
?GetMaxAbility@ElementSkill@GNET@@SAHIH@Z
?GetAbility@ElementSkill@GNET@@SAHI@Z
?GetRequiredRealmLevel@ElementSkill@GNET@@SAHIH@Z
?GetRequiredLevel@ElementSkill@GNET@@SAHIH@Z
?IsOverridden@ElementSkill@GNET@@SA_NI@Z
?GetType@ElementSkill@GNET@@SADI@Z
?IsGoblinSkill@ElementSkill@GNET@@SA_NI@Z
?Query@TeamState@GNET@@SAPBV12@H@Z
?GetRequiredMoney@ElementSkill@GNET@@SAHIH@Z
?GetRequiredSp@ElementSkill@GNET@@SAHIH@Z
?Create@ElementSkill@GNET@@SAPAV12@IH@Z

winmm

timeGetTime

ws2_32

WSACleanup
closesocket
socket
ioctlsocket
WSAStartup
inet_ntoa
gethostbyname
inet_addr
WSAGetLastError
__WSAFDIsSet
bind
getsockname
select
htons
ntohs
recv
send
sendto
setsockopt
connect

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetCandidateListW
ImmGetDescriptionW
ImmIsIME
ImmGetProperty

d3d8

Direct3DCreate8

ddraw

DirectDrawCreate

dsound

ord11

speedtreert

?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?Authorize@CSpeedTreeRT@@SAXPBD@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??0STextures@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
??0CSpeedTreeRT@@QAE@XZ
??1CSpeedTreeRT@@QAE@XZ
??2CSpeedTreeRT@@SAPAXI@Z
??3CSpeedTreeRT@@SAXPAX@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z
?GetTreeSize@CSpeedTreeRT@@QBEXAAM0@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetDiscreteLeafLodLevel@CSpeedTreeRT@@QBEGM@Z
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z

ftdriver

?CreateFTManager@@YAPAVIFTManager@@HHH@Z

shlwapi

StrToIntW
PathFindFileNameA
PathAppendW
PathFindExtensionA
PathFileExistsA
PathFileExistsW

wininet

HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetOpenUrlW
HttpAddRequestHeadersA
HttpSendRequestA

kernel32

VirtualAlloc
VirtualFree
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileMappingW
WinExec
GlobalSize
WaitForSingleObjectEx
LoadLibraryExA
GlobalReAlloc
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetVersionExA
IsProcessorFeaturePresent
SetFilePointer
IsDBCSLeadByte
GetWindowsDirectoryA
GlobalFree
GetTickCount
GetCommandLineA
GetFileAttributesA
CreateFileW
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcpyW
IsBadReadPtr
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
VirtualProtect
GetModuleHandleA
TerminateProcess
OpenProcess
VirtualQueryEx
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateFileA
DeviceIoControl
Sleep
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GlobalMemoryStatus
lstrlenA
GetComputerNameW
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
FlushInstructionCache
ReleaseMutex
CreateMutexW
IsBadWritePtr
ReadFile
WriteFile
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
DeleteFileA
GetCurrentDirectoryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventW
ExitThread
CreateDirectoryA
FindFirstFileA
FindNextFileA
GetFileSize
ResetEvent
WaitForMultipleObjects
GetExitCodeThread
GetLocalTime
CopyFileA
GetCommandLineW
OutputDebugStringA
ExitProcess
ResumeThread
FindClose
ConnectNamedPipe
CreateNamedPipeW
CreateMutexA
CreateProcessW
GetDiskFreeSpaceA
OutputDebugStringW
SignalObjectAndWait
SetThreadPriority
SetThreadPriorityBoost
GetPrivateProfileStringW
WritePrivateProfileStringW
SetCurrentDirectoryA
GetCurrentDirectoryA
IsDebuggerPresent
GetVersion
DuplicateHandle
SuspendThread
GetPrivateProfileIntA
GetPrivateProfileStringA
SetCurrentDirectoryW
OpenFile
ReleaseSemaphore
CreateSemaphoreW
SetLastError
QueueUserAPC
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MulDiv
lstrcmpW
lstrcmpiW
IsDBCSLeadByteEx
QueryPerformanceCounter
QueryPerformanceFrequency
LocalAlloc

user32

RegisterClipboardFormatW
ReleaseCapture
DestroyCursor
LoadCursorFromFileA
IntersectRect
SetRect
WindowFromDC
CreateWindowExA
EnumThreadWindows
GetWindowDC
IsWindowUnicode
SetCaretPos
GetClipboardData
GetKeyboardLayout
CreateCaret
GetAncestor
GetParent
GetDesktopWindow
SetWindowLongA
FillRect
GetSysColor
wsprintfW
GetWindowTextLengthW
GetGUIThreadInfo
ChangeDisplaySettingsW
LoadIconW
SetCursor
MessageBoxA
EndPaint
BeginPaint
GetForegroundWindow
PeekMessageW
DispatchMessageW
TranslateMessage
SetWindowTextW
SetCursorPos
SetWindowLongW
AdjustWindowRectEx
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
InvalidateRect
GetAsyncKeyState
GetMenuBarInfo
EnumChildWindows
SetActiveWindow
SetCapture
IsWindow
UnregisterClassW
SendMessageW
GetClassNameW
FindWindowW
GetWindowLongW
GetWindowTextW
IsWindowEnabled
SetTimer
keybd_event
GetFocus
SetFocus
CharNextW
GetDlgItem
DestroyWindow
IsChild
GetClassInfoExW
CallWindowProcW
GetMessageW
RegisterWindowMessageW
MessageBoxW
LoadCursorW
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
GetClientRect
PostMessageW
ClientToScreen
GetKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
GetCursorPos
PostQuitMessage
EnumWindows
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowA
PtInRect
IsRectEmpty
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameA
GetWindowTextA
AdjustWindowRect
SetForegroundWindow
GetActiveWindow
UpdateWindow
GetSystemMetrics
MoveWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetCapture

gdi32

PtInRegion
BitBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
GetDIBits
TextOutA
ExtTextOutW
SetBkColor
SetTextColor
SetTextAlign
CreateDIBSection
CreateFontW
GetTextExtentPoint32W
SetMapMode
CreateFontIndirectW
CreateEllipticRgn
GetGlyphOutlineW
EnumFontFamiliesExW
CreatePolygonRgn
GetObjectW

advapi32

RegCloseKey
OpenProcessToken
OpenThreadToken
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyA
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconW
SHOpenFolderAndSelectItems
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning
CLSIDFromString
CoGetClassObject
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
SysStringLen
VariantCopy
SysFreeString
SysAllocString
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SysAllocStringLen

msvcp140

_Xtime_get_ticks
?id@?$ctype@_W@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ

urlmon

URLDownloadToFileW

vcruntime140

_except_handler4_common
__current_exception_context
_setjmp3
__current_exception
longjmp
__CxxFrameHandler
__std_type_info_name
memchr
strchr
wcschr
wcsrchr
wcsstr
_local_unwind4
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__RTDynamicCast
memmove
strstr
_purecall
memset
memcpy
__CxxFrameHandler3
strrchr
__std_terminate

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

_CIacos
_libm_sse2_pow_precise
frexp
_ftol
_CIcosh
_libm_sse2_tan_precise
_isnan
_CItanh
_libm_sse2_log10_precise
__setusermatherr
ldexp
ceil
_CIsinh
modf
_CIpow
_CIatan2
_libm_sse2_atan_precise
floor
_libm_sse2_sin_precise
_libm_sse2_cos_precise
_CIfmod
_libm_sse2_asin_precise
_libm_sse2_log_precise
_libm_sse2_exp_precise
_libm_sse2_acos_precise
_libm_sse2_sqrt_precise
_finite

api-ms-win-crt-stdio-l1-1-0

fseek
_fileno
__stdio_common_vswprintf
__stdio_common_vfprintf
__stdio_common_vfscanf
__acrt_iob_func
ftell
setvbuf
fgets
tmpnam
fclose
freopen
ferror
getc
fopen
fputs
fread
fflush
__stdio_common_vfwprintf
_popen
__stdio_common_vswscanf
__stdio_common_vsscanf
__stdio_common_vswprintf_s
tmpfile
clearerr
_wfopen
_pclose
_set_fmode
ungetc
feof
fgetws
__stdio_common_vsprintf
__p__commode
fwrite
fgetwc

api-ms-win-crt-time-l1-1-0

_time64
_time32
_gmtime32
strftime
_localtime64
_mktime32
_gmtime64
_localtime32
_mktime64
clock
asctime
_difftime64

api-ms-win-crt-string-l1-1-0

strncpy
wcsncpy_s
strncmp
wcsncat
iswdigit
iscntrl
_strlwr
_wcsicmp
isdigit
_strnicmp
_strupr
isupper
strcoll
tolower
toupper
strpbrk
islower
strcspn
wcsncpy
isalnum
isalpha
_strdup
isspace
_stricmp
isxdigit
ispunct
_wcsupr
_wcslwr
wcsncmp
strncat

api-ms-win-crt-filesystem-l1-1-0

rename
remove
_rmdir
_stat32
_wremove
_stat64i32
_fstat64i32
_findnext64i32
_mkdir
_findclose
_findnext32
_access
_findfirst32
_findfirst64i32
_splitpath

api-ms-win-crt-convert-l1-1-0

strtoul
atof
_itoa
_wtoi
strtod
atoi
_itow
atol

api-ms-win-crt-heap-l1-1-0

_recalloc
_callnewh
_set_new_mode
free
malloc
realloc
calloc

api-ms-win-crt-runtime-l1-1-0

system
strerror
_beginthread
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo
_errno
_get_wide_winmain_command_line
_initialize_wide_environment
_resetstkoflw
_configure_wide_argv
_set_app_type
_seh_filter_exe
_wassert
exit
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
setlocale

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e114f0cc9fb8b57a64e17f76ebf9d4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlibwapi

elementskill

winmm

ws2_32

imm32

d3d8

ddraw

dsound

speedtreert

ftdriver

shlwapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

urlmon

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 232KB - Virtual size: 658KB

.data1 Size: 2KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 459KB - Virtual size: 458KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 232KB - Virtual size: 658KB

.data1
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 459KB - Virtual size: 458KB