General

Malware Config

Signatures

Files

• d014-9a13-4c86.exe

  .exe windows:6 windows x64 arch:x64

  1d316dd7c563a9044aa112cb40e6e5ba

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  d3d11

  D3D11CreateDeviceAndSwapChain

  kernel32

  GetTickCount64

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  SetCursor

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  BitBlt

  advapi32

  AdjustTokenPrivileges

  shell32

  ShellExecuteA

  ole32

  CreateStreamOnHGlobal

  msvcp140

  _Strxfrm

  crypt32

  CryptBinaryToStringA

  ws2_32

  inet_ntop

  setupapi

  SetupDiGetClassDevsA

  gdiplus

  GdipGetImageEncoders

  shlwapi

  PathFileExistsA

  imm32

  ImmSetCompositionWindow

  d3dcompiler_47

  D3DCompile

  dwmapi

  DwmExtendFrameIntoClientArea

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  _CxxThrowException

  api-ms-win-crt-runtime-l1-1-0

  _initialize_onexit_table

  api-ms-win-crt-stdio-l1-1-0

  fseek

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-time-l1-1-0

  _localtime64_s

  api-ms-win-crt-string-l1-1-0

  _stricmp

  api-ms-win-crt-filesystem-l1-1-0

  rename

  api-ms-win-crt-convert-l1-1-0

  strtol

  api-ms-win-crt-environment-l1-1-0

  _dupenv_s

  api-ms-win-crt-math-l1-1-0

  ceilf

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �� %L���g�Ƽ@P���Ң�K��,H|D���� ����j�
  ,xI�ȧ�yA�a����z)�VM�.�](؊!�:�Z������+�}��Wh�z{D�J�=r2�'�3,kb� l|��Ty�.��2��<�y
  ���w��3
  �s��\55��‚���64d�Gb9�H~��ɦ �����HG�I���W����(IJ�7E�f��v���X�JR��X=� �'�-���f�����x�ѭ�n��j���^Q�i�+2K����.� �x��<a"�viJ���S� �X^fd�� h��J+D�֥ ���?y�j��Z&��-z��R �H���kZH}��p~uu ��"��)����>�$t����z��7]��%{9�w��N<�����u��
  rӶCT�.R�*�r�5̣$�\ 5�KF�މ0L���c�C
  ��"f����#���]|���U�QM����[����[g��.j� IPˤ��>�):����L'd�I��s��(���B��ǂm+>v� �Đffm( �(2� R�D��v��q�� ����2'���xMI�s��3IB ���*��C8�1r��f����&.� .H��O���;�g����)*@񐩃=Nq��P[[��t���ڐ�*�S�d�_��+�!�� yB��]',�9� �5t�S���% /w�4�2�u{p�buّ��6���l�xP�ɽcE��i��ΏM���v��}����#pE����%�d�����?jOJ�-�f�DA�c=� �۾ʾ�ꤤ ��� �)��@��m���޵�;�UJ��1+=�<�:�}��E��og�Lzoފ6��e��fC���E�j�PLBh���x�������� w�]h3�Z��z��4��<YB2g^x��*VC�S8���j*���wêB��Q��RD��=>a䘁���0�%��u���l\~ׅ�/�n������=�=O�q��ͫL��/���������>s����G���e����,�*��4n5�x�t��S�����h`nHV*��7���`�q���J���O���yx'���V��� ۥ˪�$^�+��\�?y<����扅���g�^N �h��9������%Vu�t��8LtET�[&+'Ș��N��Ƿ�{�9s7��^Y���<�
  �5 ��u����
  �@FO>�Xp��[���,/�%gehF�ra�S^ݾ���7��#; �^� �U�-Kd[�w��J"9�� )Q��SUt%-�w�h�3s��`��$��9y�N�߾4$�b�2���@݋x� �ز�S�'c���۔�L���F�Ě��^��QGc%�� wd�&�� �ca}��D`�9Y���2���QH��af��~>7r��&��:Ҹ��P����"l%1� "Ojtm�@}W� ��/�Z�uV�
  q-[׀Z��{+�x��"k�ߢ,�6�[���Q��k%\�V���:��T���9���O�� jƈ���U=�\���/�t�x
  nF��W;�hV��m���3r����L1�J�A��bF����s� �N��[�����c�_��6��_A���]��ۓקg|CŷG��@2mV�=����8M.M��o��� �m��N��u�=�C�P�n)�; 4�����c+���'S{xm����7k� Ʃ>v�8C6�8�����@����.'���� �x] ��mb򆏰<�C50�%}�Dh|����|���K��̹:=�� q��Q����mj�� ���婴�Y���9��d��D�W��E���.ڔ���vՀ�z�������T��1c^�͸���R�?�t� �@D�b!�Ek0g��/�������Wg�t�0Q�66�����dO�;���u(�Lw���<cl�P��Hn��O��~1+��)�p��ü,$���JJ�}+"عƚ�>%; 'P%���Us&VJ�~O�]���h�2�w��4rӠ/��7���> G�I_ �Tw��q��ߖ�f�wZ�)����):�1��v`߫�0�C��}}���^�� "r!h�t4~�c^��X��m6�^}��q�E��5E�����KQW�j y+�E:�6'��;�#����y�����NZ��޺g��x5'�~�%0pG��R�?3 �������Ў @�][�p��s��Y� ����l]^�Lx�_� M�Q/���H[,�W��Vpu �!e��\,q�������˝ԁ�C�-'��X��d+�J��c��*φq,�L��y���Aè����21ԕ�%�V5��|�����X�WƷYO�`{q�G qx ���M�VaF�;�
  ]��.��bmX����}�L:�� v�X�Z�3���5Q�~���TF�� �L��v��>������ ���˘;�O���:f����O��32�~,�@2�F_���e��f|�~5�2d�Q���5�Uҩz@ ��'���[�P�����z�_;���]�1)����?��.�����>[!n I�)��KM�um�Ң�ye��E��5s�]{ J�ԹR͉J�C�#&W�ЋTǤ�]a3I;z ��ܾ�m������K0��@i(��{��)�i��+d�`&���b:a۽n9f �z����$���2��
  Y9/�>T%<\zL�ւ���X��D�?:#���DMG���I������ `����F�"�>���ws�Uv�ܰ�8��;�
  4f��ߒq�?������>إ��O�O�R.Y��z�(e6+ɣ�����o7 �!Hl'�=�5돴��ꋧ�a��n#�`}Çg���t�%�?G��X h*���.[�U�E!a�Dm�=y��� =�Y� T�=l�Y�9��g���}������N� \ᆵ\��_�j��'���Y sJ�}p�Y2d
  Y���ua^ �}��a�)o�R��]����q&x��Q)����2�MF �X���u̮�J<��z�Sy�� Q���E�M�T��K*�Vt���SVo� D@�nxe��uq�rݹ�@%������.?P��[bt�y)(ҵ��kxz.�v*�=��Ȯ`F�!�b������u0�]I��9E�)ꍠ�i�]�Sg������E��E

  Sections

  .text

  Size: - Virtual size: 417KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 2.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 15.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 17.9MB - Virtual size: 17.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ