C:\Users\Max\Desktop\xxx\x64\Release\Aqua rework.pdb
Static task
static1
1 signatures
General
-
Target
gaia_5.0.exe
-
Size
1.7MB
-
MD5
7a5f4eaac9b8c3473c0be96d669e0f2d
-
SHA1
404df3cad74e834f401f6f7388659ae40048502d
-
SHA256
cb7a035f767c41e14ca50ceca6e02cdd030837df30d8b9fe30c156ba0130422a
-
SHA512
411628ddacec04d3b70788ab29c06b5222d2f4516847e13b58756e8158ab0f6c8e52d76acc8f5405631ea5ae1c8c9aa4ed6c8beafe820e4105df3eb5e2629728
-
SSDEEP
24576:eIO7GwX7otsFkRwito0UvsoxBsndJCM59aagTl4PmUIgi7yp+6iJib:eW8WOkR3HUkorsndJCwaplG5fp3g
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource gaia_5.0.exe
Files
-
gaia_5.0.exe.exe windows:6 windows x64 arch:x64
37309404a8282bcd0f04782015b26964
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
SetConsoleTitleA
GetModuleHandleW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OutputDebugStringW
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
GetConsoleWindow
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetTickCount
OpenProcess
CreateRemoteThread
CreateThread
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLocaleInfoA
LoadLibraryW
GetStdHandle
CheckRemoteDebuggerPresent
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GlobalFree
GlobalLock
GlobalUnlock
VirtualProtect
CreateFileMappingW
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentThreadId
CreateFileA
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GlobalAlloc
user32
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
GetSystemMetrics
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect
MoveWindow
PostQuitMessage
SetWindowTextW
MessageBoxA
LoadCursorW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetWindowLongA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyboardLayout
TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
SetCursorPos
IsWindowUnicode
GetClientRect
GetWindowLongW
GetForegroundWindow
advapi32
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
GetUserNameA
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
msvcp140
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??7ios_base@std@@QEBA_NXZ
?setf@ios_base@std@@QEAAHHH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Xbad_function_call@std@@YAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_frequency
_Query_perf_counter
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xbad_alloc@std@@YAXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
ws2_32
freeaddrinfo
ntohl
gethostname
inet_pton
WSAGetLastError
sendto
recvfrom
getaddrinfo
select
__WSAFDIsSet
bind
listen
WSACleanup
htonl
accept
WSAIoctl
WSAStartup
WSASetLastError
gethostbyname
socket
setsockopt
ntohs
getsockopt
send
recv
htons
connect
closesocket
getsockname
getpeername
ioctlsocket
secureenginesdk64
ord504
ord21
ord22
ord104
normaliz
IdnToAscii
wldap32
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord143
ord217
ord46
ord301
ord60
ord30
ord200
ord211
crypt32
CryptStringToBinaryA
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertOpenStore
CertCloseStore
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
shlwapi
PathFindFileNameW
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140
memset
memcpy
memcmp
__std_exception_copy
strchr
memmove
memchr
__std_terminate
strstr
__std_exception_destroy
_CxxThrowException
strrchr
__C_specific_handler
__current_exception
__current_exception_context
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-string-l1-1-0
strcmp
strncmp
strpbrk
strncpy
isupper
strcspn
strspn
tolower
_strdup
api-ms-win-crt-stdio-l1-1-0
_popen
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
_open
_close
_write
_read
__acrt_iob_func
_wfopen
fclose
fflush
fread
fseek
ftell
_get_stream_buffer_pointers
__p__commode
_set_fmode
fgetc
fgetpos
fputc
_lseeki64
fsetpos
_fseeki64
__stdio_common_vsscanf
feof
fputs
fopen
setvbuf
ungetc
fgets
_pclose
api-ms-win-crt-heap-l1-1-0
_set_new_mode
realloc
calloc
_callnewh
malloc
free
api-ms-win-crt-utility-l1-1-0
srand
rand
qsort
api-ms-win-crt-math-l1-1-0
sinf
acosf
ceilf
sqrtf
__setusermatherr
fmodf
_dsign
_dclass
cosf
api-ms-win-crt-convert-l1-1-0
strtol
strtoull
strtod
strtoll
strtoul
atoi
api-ms-win-crt-runtime-l1-1-0
__p___argv
_register_thread_local_exe_atexit_callback
strerror
__sys_nerr
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_c_exit
exit
_errno
_invalid_parameter_noinfo_noreturn
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_seh_filter_exe
_initialize_narrow_environment
_invalid_parameter_noinfo
_configure_narrow_argv
_getpid
abort
system
terminate
_cexit
_resetstkoflw
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-filesystem-l1-1-0
_fstat64
_access
_unlock_file
_lock_file
_unlink
_stat64
api-ms-win-crt-time-l1-1-0
strftime
_time64
_localtime64
_gmtime64
api-ms-win-crt-locale-l1-1-0
localeconv
_configthreadlocale
___lc_codepage_func
shell32
ShellExecuteA
Sections
.text Size: 805KB - Virtual size: 804KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 734KB - Virtual size: 737KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ