3804a98417f0f38935a93414a35d4a53b9d22ca778d7e4e14c0b44fc05c06c7d

Sharing

Copy URL Twitter E-mail

General

Target

3804a98417f0f38935a93414a35d4a53b9d22ca778d7e4e14c0b44fc05c06c7d
Size

3.2MB
MD5

2fb1c8241405ddb78cbbd4c6796a3283
SHA1

61184d48d7d519a526a9626f84ad062e13893ada
SHA256

3804a98417f0f38935a93414a35d4a53b9d22ca778d7e4e14c0b44fc05c06c7d
SHA512

70a3a3eb13726a8c08809a5107697cbe29af1ea588ac861e3d66df4f45973ef22a7b36f532e520749045e5990e60e45d81850f19355ead7dca2cb8cfef0a83ea
SSDEEP

49152:0wf5q1LjV9OJpVDHSzvkw8DDp6vE80jFPb:RHKvkb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3804a98417f0f38935a93414a35d4a53b9d22ca778d7e4e14c0b44fc05c06c7d

Files

3804a98417f0f38935a93414a35d4a53b9d22ca778d7e4e14c0b44fc05c06c7d
.exe windows:6 windows x64 arch:x64

f9766c073c9a90a7a4c4df06d184b948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\绯红源码带验证 -英文界面\x64\GeminiPro\EVA-PUBG-Pro.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
setsockopt
inet_ntoa
ioctlsocket
recvfrom
htons
sendto
__WSAFDIsSet
closesocket
select
shutdown
getpeername
getsockname
send
socket
ntohs
connect
recv
getsockopt

ws2_32

freeaddrinfo
getaddrinfo
WSASocketW
getnameinfo

dwmapi

DwmExtendFrameIntoClientArea

d3dcompiler_43

D3DCompile

leechcore

LcClose
LcCommand
LcCreate

vmm

VMMDLL_PidGetFromName
VMMDLL_MemWrite
VMMDLL_Close
VMMDLL_ConfigSet
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Scatter_PrepareWrite
VMMDLL_Initialize
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_CloseHandle
VMMDLL_ConfigGet
VMMDLL_Scatter_Clear
VMMDLL_Scatter_PrepareEx
VMMDLL_Map_GetPhysMem
VMMDLL_Scatter_Execute
VMMDLL_ProcessGetInformationAll
VMMDLL_MemReadEx
VMMDLL_ProcessGetModuleBaseU
VMMDLL_MemFree
VMMDLL_WinReg_QueryValueExU
VMMDLL_Map_GetEATU
VMMDLL_Scatter_Initialize

user32

RegisterClassExW
TranslateMessage
PeekMessageA
GetWindowLongPtrA
PostQuitMessage
UpdateWindow
GetDesktopWindow
GetWindowLongW
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
UnregisterClassW
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
UnregisterClassA
IsWindowUnicode
SetWindowLongPtrA
RegisterClassExA
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CreateWindowExW
GetWindowRect
DispatchMessageA
DefWindowProcW
PostMessageA
mouse_event
GetKeyboardLayout

kernel32

GetACP
IsValidCodePage
HeapReAlloc
CreateProcessW
GetExitCodeProcess
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
GetOEMCP
SetFilePointerEx
GetFileSizeEx
GetFileType
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FreeEnvironmentStringsW
SetEnvironmentVariableW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
FlsAlloc
PurgeComm
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
GetCPInfoExW
GetExitCodeThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WriteFile
CreateFileW
Sleep
GetLastError
LoadLibraryA
CloseHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
WaitForSingleObject
GetModuleHandleA
GetProcAddress
CreateEventA
GetLocaleInfoA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
SetConsoleTitleA
GetStdHandle
SetConsoleMode
SetCurrentConsoleFontEx
VirtualAlloc
GetConsoleMode
GetTickCount64
SetConsoleOutputCP
ReadFile
RtlUnwind
GetCommTimeouts
SetupComm
WaitCommEvent
CreateFileA
SetEvent
TerminateThread
GetCommState
CreateThread
ResetEvent
ClearCommError
GetOverlappedResult
SetCommMask
SetCommTimeouts
SetCommState
HeapFree
HeapAlloc
GetProcessHeap
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

gdi32

GetDeviceCaps

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9766c073c9a90a7a4c4df06d184b948

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

setupapi

iphlpapi

shell32

wsock32

ws2_32

dwmapi

d3dcompiler_43

leechcore

vmm

user32

kernel32

imm32

gdi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 525KB - Virtual size: 524KB

.data Size: 22KB - Virtual size: 47KB

.pdata Size: 150KB - Virtual size: 149KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 525KB - Virtual size: 524KB

.data
Size: 22KB - Virtual size: 47KB

.pdata
Size: 150KB - Virtual size: 149KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 5KB - Virtual size: 4KB