Launcher[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Launcher.zip
Size

11.3MB
MD5

2d57fcfbe26753cecb101e7e76707bf1
SHA1

c8d15a52beb454c3578aa9ff1aa43e5f30a46ea7
SHA256

ab71e3b850197e4f0c159a12db3d4f3765088eb422bb1b9f7cc4e2f3da10f14e
SHA512

d8493d19efcfc805001642413203bdffc26166fd62e59c28622b6862225bd89d5ce46625568e38a74edb003af3639edbb39e489460f8f3daf9083acdefcdd539
SSDEEP

196608:lcfvHBPNq+B0P8YpNo1zfVjuqQiZ26sSfFai02b51kNPve2+Qb4hwee0+ncQM:aXRsQ07o1zdUiZjsIJ02b5112+QbKec7

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcher/Solara.exe
unpack001/Launcher/accessibilitycpl.dll
unpack001/Launcher/oleprn.dll
unpack001/Launcher/wwancfg.dll

Files

Launcher.zip
.zip
Launcher/Debug/Addition.dll
Launcher/Debug/Autoupdater.ini
Launcher/Debug/DebugPPF.tmp
Launcher/Debug/DebugPPT.tmp
Launcher/Debug/Helper.dll
Launcher/Debug/Management.log
Launcher/Debug/Resource.dll
Launcher/Debug/main.ini
Launcher/Debug/ukm_db
Launcher/Packaged/Main.ini
.xml
Launcher/Packaged/Resource.dll
Launcher/Packaged/Utils.dll
.xml
Launcher/Solara.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

]u{W?
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Launcher/accessibilitycpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

164af912471cbe0c60259e8ab08b3a77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AccessibilityCpl.pdb

Imports

msvcrt

wcsspn
_vsnprintf_s
_wcslwr_s
__CxxFrameHandler3
wcscspn
wcsrchr
_ltow_s
_vsnwprintf
memcpy
memcmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
calloc
wcsstr
_wcsicmp
__C_specific_handler
malloc
free
vswprintf_s
_vscwprintf
memmove_s
_itow_s
memcpy_s
_wtoi
wcschr
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapSize
HeapDestroy
HeapAlloc

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
SizeofResource
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
FindResourceExW
LoadResource
LockResource
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

oleaut32

VariantClear
SysAllocString

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCloseKey
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

EtwEventWriteTransfer
EtwLogTraceEvent
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn

kernel32

GetFileAttributesW
DeleteFileW
CompareStringOrdinal
LoadLibraryExW
OpenMutexW
OpenJobObjectW
IsProcessInJob
OOBEComplete
GetThreadUILanguage
GetProcessMitigationPolicy
LocalAlloc
ReleaseSRWLockShared
DeleteProcThreadAttributeList
CreateThreadpoolTimer
InitializeCriticalSectionEx
AcquireSRWLockShared
AcquireSRWLockExclusive
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
GetModuleFileNameW
DeactivateActCtx
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
LocalFree
ActivateActCtx
ReleaseActCtx
CreateActCtxW
ReleaseSRWLockExclusive
CreateProcessW
GetAtomNameW
GlobalLock
GlobalUnlock
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW

shlwapi

SHStrDupW
ord156
ord174
ord24
ord176
ord514
ord256
ord437
ord172
ord278
ord158
ord204
ord219
ord199
ord618

shell32

ord25
SHParseDisplayName
SHGetStockIconInfo
ShellExecuteExW
ShellExecuteW
ord155
ord18
SHBindToObject

ole32

CoTaskMemAlloc
CoGetObject

user32

GetWindowLongPtrW
GetFocus
DestroyIcon
SetTimer
DestroyWindow
SystemParametersInfoW
UnregisterClassA
KillTimer
SendMessageW
DefWindowProcW
SendInput
GetKeyState
GetShellWindow
GetWindowThreadProcessId
GetUserObjectInformationW
GetThreadDesktop
SetDesktopColorTransform
SendNotifyMessageW

dui70

?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@Element@DirectUI@@SAJXZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
InitProcessPriv
InitThread
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetClassInfoPtr@TouchSwitch@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetOnText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetOffText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetToggleValue@TouchSwitch@DirectUI@@QEAAHXZ
?SliderUpdated@TouchSlider@DirectUI@@SA?AVUID@@XZ
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
??1IDataEngine@DirectUI@@UEAA@XZ
??0IDataEngine@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??0IDataEntry@DirectUI@@QEAA@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Release@Value@DirectUI@@QEAAXXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetShortcut@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
GetElementDataEntry
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?SetDataEngine@Repeater@DirectUI@@QEAAXPEAUIDataEngine@2@@Z
?AddString@Combobox@DirectUI@@QEAAHPEBG@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCTrackBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCSysLink@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
UnInitProcessPriv
UnInitThread
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z

dwmapi

DwmIsCompositionEnabled

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher/buffed/chidedOcurred.xml
.xml
Launcher/buffed/decineSatoriiCoppy.xml
.xml
Launcher/buffed/ecocide.xml
.xml
Launcher/buffed/gheddaOptimal.xml
.xml
Launcher/buffed/pickup.xml
.xml
Launcher/buffed/pictaviSina.xml
.xml
Launcher/oleprn.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5a9a8e0a0dd00c835eee8847bfab87ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

oleprn.pdb

Imports

msvcrt

_wtol
_wcsnicmp
_vsnwprintf
_purecall
free
__C_specific_handler
memcpy_s
_local_unwind
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcscspn
wcsrchr
wcschr
realloc
malloc
iswalnum
iswxdigit
iswdigit
towlower
memset

atl

ord25
ord27
ord30
ord31
ord22
ord18
ord15
ord21
ord16
ord23
ord26
ord32

ntdll

NtOpenThreadToken
NtSetInformationThread
NtClose
WinSqmIncrementDWORD
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError

kernel32

GetComputerNameW
SetLastError
lstrcmpW
CompareStringOrdinal
FormatMessageW
GetWindowsDirectoryW
GetFileAttributesW
GetSystemDefaultLocaleName
FreeLibrary
LoadLibraryExW
GlobalFree
DeleteFileW
CreateThread
WaitForSingleObject
GetExitCodeProcess
WriteFile
GetTempPathW
CreateFileW
HeapFree
VirtualFree
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
MultiByteToWideChar
ReleaseSemaphore
GetModuleHandleExW
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
IsDebuggerPresent
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
GetCurrentProcess
GetProcAddress
lstrcmpiW
GetModuleFileNameA
CreateSemaphoreExW
GetVersionExW
GetModuleHandleW
GetLastError
GetCurrentThreadId
RaiseException
DebugBreak
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
AcquireSRWLockExclusive
WideCharToMultiByte

advapi32

RegOpenKeyW
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

CallWindowProcW
CreateWindowExW
DefWindowProcW
UnionRect
PtInRect
GetClassInfoW
RegisterClassW
GetWindowLongPtrW
SetWindowLongPtrW
GetForegroundWindow
GetLastActivePopup
GetDesktopWindow
MessageBoxW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
SendMessageW
GetWindow
EndPaint
GetClientRect
BeginPaint
InvalidateRect
DestroyWindow
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IsWindow
ShowWindow
SetFocus
GetParent
LoadStringW
PeekMessageW
IntersectRect

winspool.drv

ClosePrinter
XcvDataW
GetPrinterDataExW
EnumPortsW
DeviceCapabilitiesW
AddPrinterConnectionW
ConfigurePortW
ord203
ord204
EnumJobsW
GetPrinterW
GetPrinterDriverW
GetPrinterDataW
OpenPrinterW

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW
InternetErrorDlg

gdi32

SetViewportOrgEx
SetMapMode
LPtoDP
GetDeviceCaps
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
DeleteDC
CreateRectRgnIndirect

shell32

ShellExecuteExW

ole32

StringFromCLSID
CoTaskMemFree
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CoCreateGuid
OleRegEnumVerbs
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
VariantChangeType
LoadRegTypeLi
SetErrorInfo
OleCreatePropertyFrame
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement

clusapi

GetNodeClusterState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher/wwancfg.dll
.dll windows:10 windows x64 arch:x64

49decdfb6773b3da00526a10323a4d5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wwancfg.pdb

Imports

msvcrt

_callnewh
memcpy
memcpy_s
_wcsicmp
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_wtoi
wcsstr
toupper
memcmp
__CxxFrameHandler3
iswdigit
memset

ntdll

EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlIpv4AddressToStringW
EtwGetTraceEnableLevel
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv6AddressToStringW
EtwRegisterTraceGuidsW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
IIDFromString
CoUninitialize
CoInitializeEx
CLSIDFromString
CoTaskMemFree
StringFromCLSID

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
WaitForMultipleObjectsEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
FileTimeToLocalFileTime
CreateFileW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

MatchTagsInCmdLine
RegisterHelper
PrintMessageFromModule
MatchEnumTag
RegisterContext

wwapi

WwanDeleteDMConfigProfile
WwanEnumerateInterfaces
WwanSetProfile
WwanGetProfile
WwanGetProfileList
WwanRegisterNotification
WwanDeleteProfile
WwanDisconnect
WwanAllocateMemory
WwanQueryInterface
WwanScan
WwanCloseHandle
WwanSetInterface
WwanOpenHandle
WwanConnect
WwanSetDMConfigProfile
WwanFreeMemory
WwanGetDMConfigProfile
WwanGetProfileState
WwanConnectAdditionalPdpContext
WwanGetProfileListByPurpose
WwanGetDMConfigProfileList

wcmapi

WcmCloseHandle
WcmSetParameter
WcmQueryProperty
WcmFreeMemory
WcmOpenHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

]u{W? Size: 338KB - Virtual size: 337KB

.text Size: 110KB - Virtual size: 110KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

164af912471cbe0c60259e8ab08b3a77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

oleaut32

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

kernel32

shlwapi

shell32

ole32

user32

dui70

dwmapi

sspicli

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 120B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

5a9a8e0a0dd00c835eee8847bfab87ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

ntdll

kernel32

advapi32

user32

winspool.drv

wininet

]u{W?
Size: 338KB - Virtual size: 337KB

.text
Size: 110KB - Virtual size: 110KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 440B