Netflix[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Netflix.rar
Size

22.8MB
MD5

ccad2c19bad926aa8b267cf829b8bfcf
SHA1

2d4cc42a815c1a3e3dc8e00e53f2d84dc9300d46
SHA256

e79568103d671a9baa1377b26893056d0438128ee4fd4e6a1f98d7a11786ff7b
SHA512

0ab89d3bdb5c2d83cd7b6b937e92652707ba2915297cfd8d657eaa9418941ce5455232756ec4cad7af375eaa4fa326c17f337f3f74efa5a3b18a6052b944614c
SSDEEP

393216:a4DQcoLptwQzY6uNCONF4VBpEbfZvSYCNFztNhI40hqSjqaHROr3t:ycottwFjNsB4ZkNJXbSjHk

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Netflix/Netflix.exe
unpack001/Netflix/bin/NetflixUI.dll
unpack001/Netflix/bin/NetflixUI2.dll
unpack001/Netflix/bin/NetflixUI3.dll

Files

Netflix.rar
.rar
Netflix/Netflix.exe
.exe windows:6 windows x64 arch:x64

8e3dad4d4ea6736338bcc4aca7b446c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW

kernel32

SetLastError
WriteConsoleW
HeapReAlloc
CreateDirectoryW
SizeofResource
SetConsoleCtrlHandler
GetCommandLineW
GetStdHandle
WriteFile
TerminateProcess
GetModuleFileNameW
SetEnvironmentVariableW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netflix/bin/Images/Icon.ico
Netflix/bin/Images/Netflix UI.png
.png
Netflix/bin/Images/Transparent.png
.png
Netflix/bin/NetflixUI.dll
.dll windows:6 windows x64 arch:x64

e0b2ad3ca05bef5971f6dedfcced8f56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\TonyX\Desktop\New folder - Copy\Project1\x64\Release\Project1.pdb

Imports

kernel32

WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
RtlUnwind

Exports

Exports

setInput

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netflix/bin/NetflixUI2.dll
.dll windows:6 windows x64 arch:x64

6828dc61e40a940402dd5a4fc62f03b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\TonyX\Desktop\New folder - Copy\Project1\x64\Debug\Project1.pdb

Imports

msvcp140d

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0_Lockit@std@@QEAA@H@Z

vcruntime140d

memcpy
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memset
memcmp
__C_specific_handler
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
_purecall

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

cosh
exp
fabs
fmod
log
log10
sin
sinh
sqrt
tan
tanh
ceil
ldexp
log2
round
_free_dbg
_malloc_dbg
_callnewh
malloc
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
atan2
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_CrtDbgReportW
_initterm
_initterm_e
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
strtod
fgetc
fflush
fclose
_get_stream_buffer_pointers
_CrtDbgReport
strtoll
strtol
_errno
_invalid_parameter
cos
asin
acos
floor
pow
abs
strlen
strcmp
atoi
_dsign
_unlock_file
_lock_file
ungetc
atan
setvbuf
fwrite
_fseeki64
fsetpos
fread
_register_onexit_function
fputc
fgetpos
__stdio_common_vsprintf
tolower
strnlen
strspn
strtoull

kernel32

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress

Exports

Exports

setInput

Sections

.text
Size: 984KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 273B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netflix/bin/NetflixUI3.dll
.dll windows:6 windows x64 arch:x64

e89ba283a10c8884756d6aff09c9dc9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\TonyX\Desktop\New folder - Copy\Project1\x64\Debug\Project1.pdb

Imports

msvcp140d

?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0_Lockit@std@@QEAA@H@Z

vcruntime140d

memcpy
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
memchr
memset
__C_specific_handler
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
_purecall

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

fmod
log
log10
sin
sinh
sqrt
tan
tanh
ceil
ldexp
log2
round
_free_dbg
_malloc_dbg
_callnewh
malloc
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
exp
_crt_at_quick_exit
_cexit
_CrtDbgReportW
_initterm
_initterm_e
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
wcscpy_s
strtod
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_CrtDbgReport
_invalid_parameter
fabs
cos
atan2
atan
asin
acos
floor
pow
abs
strlen
strcmp
atoi
_dsign
cosh
_unlock_file
_lock_file
ungetc
setvbuf
fwrite
_crt_atexit
_fseeki64
fsetpos
__stdio_common_vsprintf
tolower
_errno
strnlen
strspn
strtoull

kernel32

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress

Exports

Exports

setInput

Sections

.text
Size: 979KB - Virtual size: 978KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netflix/output.bytecode
Netflix/workspace/IY_FE.iy
Netflix/workspace/bca2afc1415c691595c16ff6cefde60f-cache.lua
.ps1
Netflix/workspace/dex/deps_version.dat
Netflix/workspace/dex/rbx_api.dat
Netflix/workspace/dex/rbx_rmd.dat

Sharing

General

Malware Config

Signatures

Files

8e3dad4d4ea6736338bcc4aca7b446c9

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 147KB

.pdata Size: 6KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 21.5MB - Virtual size: 21.5MB

.reloc Size: 2KB - Virtual size: 1KB

e0b2ad3ca05bef5971f6dedfcced8f56

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

6828dc61e40a940402dd5a4fc62f03b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

kernel32

Exports

Exports

Sections

.text Size: 984KB - Virtual size: 984KB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 81KB - Virtual size: 81KB

.msvcjmc Size: 512B - Virtual size: 273B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

e89ba283a10c8884756d6aff09c9dc9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

kernel32

Exports

Exports

Sections

.text Size: 979KB - Virtual size: 978KB

.rdata Size: 332KB - Virtual size: 331KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 81KB - Virtual size: 80KB

.msvcjmc Size: 512B - Virtual size: 269B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 147KB

.pdata
Size: 6KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 984KB - Virtual size: 984KB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 81KB - Virtual size: 81KB

.msvcjmc
Size: 512B - Virtual size: 273B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 979KB - Virtual size: 978KB

.rdata
Size: 332KB - Virtual size: 331KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 81KB - Virtual size: 80KB

.msvcjmc
Size: 512B - Virtual size: 269B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB