Blaze Kernal[.]rar

Resubmissions

09/10/2024, 02:16

241009-cqkr3axfnh 8

09/10/2024, 02:15

09/10/2024, 02:05

09/10/2024, 02:00

09/10/2024, 01:56

Sharing

Copy URL Twitter E-mail

General

Target

Blaze Kernal.rar
Size

65.6MB
MD5

e0c521809a997cba735c92f77b609c0e
SHA1

00b3e4b3675deeee25d8ea247e3bd0a1a9e939e8
SHA256

cfe5a01fe215cd93f9033852ef3ee8dcbd3c33833f848f5b4b7b4099ec67ed51
SHA512

535548f4c58f1c98d6ae09636c1d63890885ff86b8a346ed9cf18cf568e9060fe66f408a4b6ac4345b8ad97bfacb2d8108af380bd904ed683da5ee84e39bcb30
SSDEEP

1572864:5oCO5/9Lny7ZkQaqaaEyhrIrkFvbqPYJ887q/LXpQK7:mCORpuZkQaJmWSqg2VDV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Blaze Spoofer.exe
unpack001/SafeGuard-Lib.dll

Files

Blaze Kernal.rar
.rar
Blaze Spoofer.exe
.exe windows:6 windows x64 arch:x64

b16912c7c0354cd6769380b95f862b6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

LoadLibraryW

user32

ClientToScreen

advapi32

GetTokenInformation

shell32

SHFileOperationA

safeguard-lib

?authenticateUser@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

msvcp140

?good@ios_base@std@@QEBA_NXZ

imm32

ImmSetCompositionWindow

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

wininet

InternetOpenUrlA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncpy_s

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-math-l1-1-0

sinf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z

Sections

.text
Size: - Virtual size: 825KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9OC
Size: - Virtual size: 45.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.@,#
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&8^
Size: 67.3MB - Virtual size: 67.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SafeGuard-Lib.dll
.dll windows:6 windows x64 arch:x64

b32e5a88b4cf7ab7a70a7fcd5b1aac03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

ntdll

NtProtectVirtualMemory

msvcp140

_Query_perf_frequency

ws2_32

WSACleanup

setupapi

SetupDiGetDeviceInstanceIdA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fgetc

api-ms-win-crt-heap-l1-1-0

_aligned_malloc

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

??0Assembler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Assembler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0BaseAssembler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseBuilder@_abi_1_10@asmjit@@QEAA@XZ
??0BaseCompiler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseEmitter@_abi_1_10@asmjit@@QEAA@W4EmitterType@12@@Z
??0Builder@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Builder@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0CodeHolder@_abi_1_10@asmjit@@QEAA@PEBUTemporary@Support@12@@Z
??0Compiler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Compiler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0ConstPool@_abi_1_10@asmjit@@QEAA@PEAVZone@12@@Z
??0ErrorHandler@_abi_1_10@asmjit@@QEAA@XZ
??0FileLogger@_abi_1_10@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0JitAllocator@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@012@@Z
??0JitRuntime@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z
??0Logger@_abi_1_10@asmjit@@QEAA@XZ
??0Pass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0SDK@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StringLogger@_abi_1_10@asmjit@@QEAA@XZ
??0Target@_abi_1_10@asmjit@@QEAA@XZ
??1Assembler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Assembler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1BaseAssembler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseBuilder@_abi_1_10@asmjit@@UEAA@XZ
??1BaseCompiler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseEmitter@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@x86@_abi_1_10@asmjit@@UEAA@XZ
??1CodeHolder@_abi_1_10@asmjit@@QEAA@XZ
??1Compiler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Compiler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1ConstPool@_abi_1_10@asmjit@@QEAA@XZ
??1ErrorHandler@_abi_1_10@asmjit@@UEAA@XZ
??1FileLogger@_abi_1_10@asmjit@@UEAA@XZ
??1JitAllocator@_abi_1_10@asmjit@@QEAA@XZ
??1JitRuntime@_abi_1_10@asmjit@@UEAA@XZ
??1Logger@_abi_1_10@asmjit@@UEAA@XZ
??1Pass@_abi_1_10@asmjit@@UEAA@XZ
??1StringLogger@_abi_1_10@asmjit@@UEAA@XZ
??1Target@_abi_1_10@asmjit@@UEAA@XZ
??_FAssembler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FAssembler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FCodeHolder@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FFileLogger@_abi_1_10@asmjit@@QEAAXXZ
??_FJitAllocator@_abi_1_10@asmjit@@QEAAXXZ
??_FJitRuntime@_abi_1_10@asmjit@@QEAAXXZ
?_add@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@23@@Z
?_alloc@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_N@Z
?_archTraits@_abi_1_10@asmjit@@3QBUArchTraits@12@B
?_cleanupBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUCommonInfo@1234@B
?_emit@Assembler@a64@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@Assembler@x86@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@BaseBuilder@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@23@00PEBU423@@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAII@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@@Z
?_emitOpArray@BaseEmitter@_abi_1_10@asmjit@@UEAAIIPEBUOperand_@23@_K@Z
?_grow@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_init@Zone@_abi_1_10@asmjit@@QEAAX_K0PEBUTemporary@Support@23@@Z
?_init@ZoneStackBase@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_K@Z
?_insert@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_instInfoTable@InstDB@a64@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstSignature@1234@B
?_log@FileLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@W4ConstPoolScope@23@PEBX_K@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBD@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBD@Z
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBDZZ
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBDZZ
?_newStack@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@IIPEBD@Z
?_opChar@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D@Z
?_opChars@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D_K@Z
?_opFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDZZ
?_opHex@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBX_KD@Z
?_opNumber@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@_KI1W4StringFormatFlags@23@@Z
?_opSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUOpSignature@1234@B
?_opString@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBD_K@Z
?_opVFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDPEAD@Z
?_prepareBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@_abi_1_10@asmjit@@QEAAXPEAVZoneAllocator@23@I@Z
?_release@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_reserve@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_resize@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@II_N@Z
?_resize@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_typeData@TypeUtils@_abi_1_10@asmjit@@3UTypeData@123@B
?_zeroBlock@Zone@_abi_1_10@asmjit@@2UBlock@123@B
?add@ConstPool@_abi_1_10@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addBefore@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?addFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVFuncNode@23@PEAV423@@Z
?addFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?addFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?addInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?addNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?addPass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?align@Assembler@a64@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@Assembler@x86@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4AlignMode@23@I@Z
?alloc@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@_abi_1_10@asmjit@@YAIPEAPEAX_KW4MemoryFlags@123@@Z
?allocDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_KW4MemoryFlags@123@@Z
?allocZeroed@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@_abi_1_10@asmjit@@YAXPEBDH0@Z
?assign@String@_abi_1_10@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?authenticateUser@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?bind@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bind@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bindLabel@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVLabel@23@I_K@Z
?clear@String@_abi_1_10@asmjit@@QEAAIXZ
?clearDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?codeSize@CodeHolder@_abi_1_10@asmjit@@QEBA_KXZ
?comment@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KW4CopySectionFlags@23@@Z
?copyFrom@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@AEBV123@@Z
?copySectionData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KIW4CopySectionFlags@23@@Z
?debugOutput@DebugUtils@_abi_1_10@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?detach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?downloadFile@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?dup@Zone@_abi_1_10@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embed@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embedConstPool@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedConstPool@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedDataArray@BaseAssembler@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedDataArray@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabelDelta@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?embedLabelDelta@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?emitAnnotatedJump@BaseCompiler@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?emitArgsAssignment@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@AEBVFuncArgsAssignment@23@@Z
?emitEpilog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?emitProlog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?endFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@_abi_1_10@asmjit@@QEAAPEAVSection@23@XZ
?eq@String@_abi_1_10@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@_abi_1_10@asmjit@@YAPEBDI@Z
?extendSubscription@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?fill@ConstPool@_abi_1_10@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@FuncFrame@_abi_1_10@asmjit@@QEAAIXZ
?flatten@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?flushInstructionCache@VirtMem@_abi_1_10@asmjit@@YAXPEAX_K@Z
?formatData@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@PEBX_K5@Z
?formatDataType@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@@Z
?formatFeature@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4Arch@23@I@Z
?formatInstruction@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_K@Z
?formatLabel@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@I@Z
?formatNode@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@3@Z
?formatOperand@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBUOperand_@23@@Z
?formatRegister@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@W4RegType@23@I@Z
?formatTypeId@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4TypeId@23@@Z
?getFileContent@SDK@@QEAA?AV?$vector@EV?$allocator@E@std@@@std@@XZ
?getTickCount@OSUtils@_abi_1_10@asmjit@@YAIXZ
?getVariable@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$basic_json@Vmap@std@@Vvector@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@_N_J_KNVallocator@2@Uadl_serializer@json_abi_v3_11_2@nlohmann@@V?$vector@EV?$allocator@E@std@@@2@@json_abi_v3_11_2@nlohmann@@V23@@Z
?growBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?hardenedRuntimeInfo@VirtMem@_abi_1_10@asmjit@@YA?AUHardenedRuntimeInfo@123@XZ
?host@CpuInfo@_abi_1_10@asmjit@@SAAEBV123@XZ
?info@VirtMem@_abi_1_10@asmjit@@YA?AUInfo@123@XZ
?init@CallConv@_abi_1_10@asmjit@@QEAAIW4CallConvId@23@AEBVEnvironment@23@@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@AEBVCpuFeatures@23@_K@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@_K@Z
?init@FuncDetail@_abi_1_10@asmjit@@QEAAIAEBUFuncSignature@23@AEBVEnvironment@23@@Z
?init@FuncFrame@_abi_1_10@asmjit@@QEAAIAEBVFuncDetail@23@@Z
?injectDLL@SDK@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?instIdToString@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@IAEAVString@23@@Z
?isLabelValid@BaseEmitter@_abi_1_10@asmjit@@QEBA_NI@Z
?isSessionValid@SDK@@QEAA_NXZ
?labelByName@BaseEmitter@_abi_1_10@asmjit@@QEAA?AVLabel@23@PEBD_KI@Z
?labelIdByName@CodeHolder@_abi_1_10@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@I@Z
?logf@Logger@_abi_1_10@asmjit@@QEAAIPEBDZZ
?logv@Logger@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVAlignNode@23@W4AlignMode@23@I@Z
?newCommentNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVCommentNode@23@PEBD_K@Z
?newConstPoolNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVConstPoolNode@23@@Z
?newEmbedDataNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVEmbedDataNode@23@W4TypeId@23@PEBX_K3@Z
?newFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?newFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?newInstNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVInstNode@23@IW4InstOptions@23@I@Z
?newInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?newJumpAnnotation@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVJumpAnnotation@23@XZ
?newJumpNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVJumpNode@23@IW4InstOptions@23@AEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?newLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@@Z
?newLabelLink@CodeHolder@_abi_1_10@asmjit@@QEAAPEAULabelLink@23@PEAVLabelEntry@23@I_K_JAEBUOffsetFormat@23@@Z
?newLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@@Z
?newNamedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@PEBD_KW4LabelType@23@I@Z
?newRelocEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAURelocEntry@23@W4RelocType@23@@Z
?newSection@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVSection@23@PEBD_KW4SectionFlags@23@IH@Z
?newVirtReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVVirtReg@23@W4TypeId@23@UOperandSignature@23@PEBD@Z
?onAttach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onSettingsUpdated@BaseEmitter@_abi_1_10@asmjit@@UEAAXXZ
?padEnd@String@_abi_1_10@asmjit@@QEAAI_KD@Z
?passByName@BaseBuilder@_abi_1_10@asmjit@@QEBAPEAVPass@23@PEBD@Z
?prepare@String@_abi_1_10@asmjit@@QEAAPEADW4ModifyOp@123@_K@Z
?protect@VirtMem@_abi_1_10@asmjit@@YAIPEAX_KW4MemoryFlags@123@@Z
?protectJitMemory@VirtMem@_abi_1_10@asmjit@@YAXW4ProtectJitAccess@123@@Z
?query@JitAllocator@_abi_1_10@asmjit@@QEBAIPEAXPEAPEAX1PEA_K@Z
?queryFeatures@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAVCpuFeatures@23@@Z
?queryRWInfo@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAUInstRWInfo@23@@Z
?registerLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVLabelNode@23@@Z
?registerUser@SDK@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?release@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX@Z
?release@VirtMem@_abi_1_10@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_K@Z
?relocateToBase@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?removeNodes@BaseBuilder@_abi_1_10@asmjit@@QEAAXPEAVBaseNode@23@0@Z
?rename@BaseCompiler@_abi_1_10@asmjit@@QEAAXAEBVBaseReg@23@PEBDZZ
?reportError@BaseEmitter@_abi_1_10@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?reset@CodeHolder@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ConstPool@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?reset@JitAllocator@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@String@_abi_1_10@asmjit@@QEAAIXZ
?reset@Zone@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?resolveUnresolvedLinks@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?run@FuncPass@_abi_1_10@asmjit@@UEAAIPEAVZone@23@PEAVLogger@23@@Z
?runPasses@BaseBuilder@_abi_1_10@asmjit@@QEAAIXZ
?section@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?section@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?sectionByName@CodeHolder@_abi_1_10@asmjit@@QEBAPEAVSection@23@PEBD_K@Z
?sectionNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVSectionNode@23@I@Z
?serializeTo@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?setCursor@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?setErrorHandler@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setErrorHandler@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setLogger@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setLogger@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setOffset@BaseAssembler@_abi_1_10@asmjit@@QEAAI_K@Z
?setStackSize@BaseCompiler@_abi_1_10@asmjit@@QEAAIIII@Z
?sformat@Zone@_abi_1_10@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX_K@Z
?stackAlignment@Environment@_abi_1_10@asmjit@@QEBAIXZ
?statistics@JitAllocator@_abi_1_10@asmjit@@QEBA?AUStatistics@123@XZ
?stringToInstId@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@PEBD_K@Z
?timeToReadableString@SDK@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?truncate@String@_abi_1_10@asmjit@@QEAAI_K@Z
?typeIdToRegSignature@ArchUtils@_abi_1_10@asmjit@@YAIW4Arch@23@W4TypeId@23@PEAW4523@PEAUOperandSignature@23@@Z
?updateFuncFrame@FuncArgsAssignment@_abi_1_10@asmjit@@QEBAIAEAVFuncFrame@23@@Z
?updateSectionLinks@BaseBuilder@_abi_1_10@asmjit@@QEAAXXZ
?validate@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KW4ValidationFlags@23@@Z

Sections

.text
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sigma0
Size: - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sigma1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sigma2
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b16912c7c0354cd6769380b95f862b6c

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

shell32

safeguard-lib

msvcp140

imm32

dwmapi

d3dx11_43

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 825KB

.rdata Size: - Virtual size: 220KB

.data Size: - Virtual size: 876KB

.pdata Size: - Virtual size: 34KB

.9OC Size: - Virtual size: 45.7MB

.@,# Size: 512B - Virtual size: 440B

.&8^ Size: 67.3MB - Virtual size: 67.3MB

.rsrc Size: 512B - Virtual size: 469B

.reloc Size: 512B - Virtual size: 284B

b32e5a88b4cf7ab7a70a7fcd5b1aac03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

msvcp140

ws2_32

setupapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 496KB

.rdata Size: - Virtual size: 177KB

.data Size: - Virtual size: 42KB

.pdata Size: - Virtual size: 16KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.sigma0 Size: - Virtual size: 6.9MB

.sigma1 Size: 3KB - Virtual size: 3KB

.text
Size: - Virtual size: 825KB

.rdata
Size: - Virtual size: 220KB

.data
Size: - Virtual size: 876KB

.pdata
Size: - Virtual size: 34KB

.9OC
Size: - Virtual size: 45.7MB

.@,#
Size: 512B - Virtual size: 440B

.&8^
Size: 67.3MB - Virtual size: 67.3MB

.rsrc
Size: 512B - Virtual size: 469B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: - Virtual size: 496KB

.rdata
Size: - Virtual size: 177KB

.data
Size: - Virtual size: 42KB

.pdata
Size: - Virtual size: 16KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.sigma0
Size: - Virtual size: 6.9MB

.sigma1
Size: 3KB - Virtual size: 3KB

.sigma2
Size: 8.6MB - Virtual size: 8.6MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 233B