Cloaked[.]zip | Triage

Resubmissions

27/09/2024, 01:52

240927-cadc2ssarh 8

27/09/2024, 01:49

240927-b82ymaygnk 8

Sharing

Copy URL Twitter E-mail

General

Target

Cloaked.zip
Size

1.8MB
MD5

ef6920e7d8ed2457936b3f933cdb032b
SHA1

df63aa4b5287b2666b33e7edea0cb6ef97a7c03c
SHA256

3cab428b1e3b30f3c3e1e284228d29eb1eee242e17e0cff66d97626439ac7733
SHA512

6247471a79fae006853dd880457c77c7376bd80022f5d47869fccf3e6e44b40543c923af9216f53448e1c5ad3153ae6156656fea58cccabecabf6cdf5ce6c44d
SSDEEP

49152:tlTOTAVhfBPZWoOt6wWTJDvOpr8x6tWsw11VBhYknmSB1PeTKe:tpOTAVFBTGY97P6tWs61VB/nmC1GGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cloaked.exe
unpack001/mapper/CloakedMapper.exe

Files

Cloaked.zip
.zip
Cloaked.exe
.exe windows:6 windows x64 arch:x64

d756f559314a3163864ba282332e914c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Languages\C++\CloakedSkibidi\bin\Cloaked.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

winmm

PlaySoundA

kernel32

AreFileApisANSI
GetFileInformationByHandleEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetFileAttributesExW
Process32First
VirtualProtect
VirtualAlloc
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentThread
Process32Next
FindNextFileW
CloseHandle
GetSystemInfo
AddVectoredExceptionHandler
GetThreadContext
GetProcAddress
DebugBreak
FindFirstFileExW
VirtualQuery
IsDebuggerPresent
GetComputerNameA
DeviceIoControl
CreateFileW
GetCurrentThreadId
LeaveCriticalSection
CreateFileMappingA
GetCurrentProcessId
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
SetConsoleTextAttribute
GetStdHandle
SetCurrentConsoleFontEx
lstrcmpiA
MultiByteToWideChar
GetModuleFileNameW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetTickCount
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
GetModuleFileNameA
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
QueryPerformanceCounter
FindFirstFileW
CreateFileMappingW
CreateFileA
GetFileSizeEx
CreateThread
GetCurrentProcess
ReadFile
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapDestroy
GetLastError
MapViewOfFile
UnmapViewOfFile
Sleep
SleepEx

user32

ClientToScreen
GetCapture
GetKeyboardLayout
GetDC
OpenClipboard
SetCapture
SetCursorPos
TrackMouseEvent
SetCursor
GetClientRect
IsWindowUnicode
CloseClipboard
ReleaseCapture
SendInput
GetCursorPos
ShowCursor
FindWindowA
GetForegroundWindow
GetAsyncKeyState
EmptyClipboard
GetClipboardData
PeekMessageA
LoadCursorA
PostQuitMessage
MessageBoxA
UpdateWindow
TranslateMessage
SetLayeredWindowAttributes
GetWindowLongA
SetWindowLongA
ShowWindow
RegisterClassExW
UnregisterClassW
DestroyWindow
DispatchMessageA
DefWindowProcW
SetClipboardData
GetSystemMetrics
ScreenToClient
GetMessageExtraInfo
GetKeyState

gdi32

GetPixel

advapi32

CryptGenRandom
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptEncrypt

shell32

ShellExecuteA
SHGetFolderPathW

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_lock
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Thrd_detach
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

iphlpapi

GetAdaptersInfo

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

crypt32

CryptQueryObject
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

ws2_32

accept
WSACleanup
closesocket
WSAIoctl
htonl
recv
listen
send
WSAGetLastError
ioctlsocket
bind
connect
getpeername
__WSAFDIsSet
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
ntohl
gethostname
sendto
recvfrom
socket
freeaddrinfo
getaddrinfo
select
WSAStartup

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
_CxxThrowException
memcmp
memchr
memset
memmove
__intrinsic_setjmp
longjmp
strrchr
strchr
strstr
__std_terminate
__std_exception_copy
__C_specific_handler
memcpy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_invalid_parameter_noinfo_noreturn
exit
system
_errno
strerror
__sys_nerr
_invalid_parameter_noinfo
_getpid
terminate
abort
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_beginthreadex

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
realloc
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

fclose
fgetc
fwrite
_read
_lseeki64
fgetpos
setvbuf
feof
fputs
fopen
__p__commode
fputc
_write
_close
_open
fsetpos
_popen
_pclose
fgets
fread
_fseeki64
_get_stream_buffer_pointers
ungetc
fflush
ftell
__acrt_iob_func
fseek
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlink
_lock_file
_access
_fstat64
_unlock_file

api-ms-win-crt-string-l1-1-0

strncmp
tolower
wcscpy_s
strcpy_s
strncpy
_strdup
strcmp
isupper
strspn
strpbrk
strcspn

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtol
atoi
atof
strtod
strtoull
strtoul
strtoll

api-ms-win-crt-math-l1-1-0

ceilf
cosf
fmodf
sinf
atan2f
_dsign
powf
_dclass
acosf
__setusermatherr
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imgui.ini
mapper/CloakedMapper.exe
.exe windows:6 windows x64 arch:x64

eec870ab86a6815ef4b2df4b79638e49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Languages\C++\Cloaked\bin\mapper\SerenaRewriteMapper.pdb

Imports

kernel32

CloseHandle
GetProcAddress
GetCurrentProcessId
GetTempPathW
GetModuleHandleA
GetConsoleWindow
AcquireSRWLockExclusive
GetModuleHandleW
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
SetConsoleTitleA
VirtualFree
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
ReleaseSRWLockExclusive

user32

MessageBoxA

advapi32

RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW

msvcp140

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

ntdll

RtlInitUnicodeString
NtQuerySystemInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
memmove
__std_exception_destroy
__std_exception_copy
wcsstr
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset

api-ms-win-crt-stdio-l1-1-0

fputc
fgetc
fread
fflush
__p__commode
_fseeki64
_get_stream_buffer_pointers
setvbuf
fgetpos
fwrite
ungetc
_set_fmode
fsetpos
fclose

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wremove
_unlock_file

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_initterm_e
__p___argc
__p___argv
_initterm
_c_exit
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
terminate
_set_app_type
_seh_filter_exe
_cexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d756f559314a3163864ba282332e914c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

winmm

kernel32

user32

gdi32

advapi32

shell32

msvcp140

iphlpapi

ntdll

imm32

d3dx11_43

d3dcompiler_43

dwmapi

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 358KB - Virtual size: 358KB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 57KB - Virtual size: 57KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 5KB

eec870ab86a6815ef4b2df4b79638e49

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 10KB - Virtual size: 11KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 358KB - Virtual size: 358KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 176B