nixware.exe?ex=670e24bc&is=670cd33c&hm=af5878e94690e9a510718688af3b94871b080031d1827cea314136c3157e3fe2&

First submission 2024-10-13 17:16:02 Last sumbission 2024-10-14 16:46:03

File details

File type:	PE32+ executable (console) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	1172.5 KB (1200640 bytes)
Compile time:	2024-07-09 01:42:07
MD5:	53f178ea0c14b901bc30cc22687d384d
SHA1:	b27c9ced6419575d18e0be9a79985a1937a0e8c9
SHA256:	f2b707c3cf25fd49571811650b22df7f568b5cdc0c83988094599d0ece04e6c2
Import Hash :	6f181bbb9b68fced5b0aaae00cf24483
Sections 6	.text .rdata .data .pdata .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	58/76 VT report date: 2024-10-13 14:23:05
Malware Type 2	trojan downloader
Threat Type 3	lazy nekark elxlr

URLs, FQDN and IP indicators 3

URL	Host (FQDN/IP)	Date Added
hXXps://cdn.discordapp.com/attachments/1289678790795989092/1289682028106879037/nixware.exe?ex=670e24bc&is=670cd33c&hm=af5878e94690e9a510718688af3b94871b080031d1827cea314136c3157e3fe2&	cdn.discordapp.com	2024-10-14 16:46:07
hXXps://cdn.discordapp.com/attachments/1258166379819958384/1272335405701664891/TDPremium.exe?ex=670c572f&is=670b05af&hm=19d2e6e42a682825bb03a4f293fdd2ff045d1ff6f47b2d8c133a8baecbdc33cd&	cdn.discordapp.com	2024-10-13 17:29:06
hXXps://cdn.discordapp.com/attachments/1284571634396823643/1284579226904825978/TDPremium.exe?ex=670cb7e2&is=670b6662&hm=1ebd2975a18b2620ba105e8f87db597566d01766d8d3ad600fa755b8d1919b41&	cdn.discordapp.com	2024-10-13 17:16:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0xd77c0	882688	2c88178632d855ff054a26d5d36304a6bcb30e83	6b4bb2679cdcc725d3d7781e825c24ba
.rdata	0xd9000	0x2ab8a	175104	b31663b637e4d121e11bbcdf101b7eb45daee0ae	ec8b054c0e12ee09fc660fd08174c162
.data	0x104000	0x1b918	104448	c577e0d4ce3b8e4c5029e8582d09b7bfa9cbb382	91a2e2a8834c21236688279e5e797549
.pdata	0x120000	0x843c	34304	acec35ffde7874031d774ec48ba04eb1618e1c20	c5a4169827e7e7c42488a80ff5017bdd
.rsrc	0x129000	0x1e8	512	4f852fc6fdcee92e86e167b158d2b886d7885596	02bf6b9ce69074dfd5c11a7453a0d75a
.reloc	0x12a000	0x8f4	2560	34c6de3e3003b99447fd2a63a9500a736daafe5e	5f758df0e519758a0a5a725b81f5657a

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x129060	392	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='requireAdministrator' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x129060

392

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 11

FindWindowA
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
%s.%s.tmp
Text
imgui_log.txt
Library
d3d9.dll
api-ms-win-crt-utility-l1-1-0.dll
ADVAPI32.dll
secur32.dll
rpcrt4.dll
d3dx9_43.dll
security.dll
dwmapi.dll
normaliz.dll
vcruntime140.dll
WS2_32.dll
WLDAP32.dll
SHELL32.dll
msvcp140.dll
xinput1_3.dll
api-ms-win-crt-string-l1-1-0.dll
xinput1_2.dll
xinput9_1_0.dll
api-ms-win-crt-time-l1-1-0.dll
VCRUNTIME140_1.dll
IMM32.dll
KERNEL32.dll
Crypt32.dll
USER32.dll
USERENV.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
xinput1_1.dll
xinput1_4.dll
api-ms-win-crt-stdio-l1-1-0.dll
IPHLPAPI.DLL
api-ms-win-crt-conio-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll

Strings analysis - Possible IPs found 26

127.0.0.1
2.5.4.8
2.5.4.9
2.5.4.6
2.5.4.7
2.5.4.4
2.5.4.5
2.5.4.3
2.5.4.72
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
1.3.14.3
2.5.4.45
101.3.4.2
2.5.29.19
2.5.4.65
2.5.29.17
2.5.4.46
2.5.29.18
2.5.4.44
2.5.4.43
2.5.4.42
2.5.4.41

Strings analysis - Possible URLs found 6

https://curl.haxx.se/docs/http-cookies.html
ftp://%s:%s@%s
file://
http://www.dotcolon.net/
file://%s%s%s
http://www.dotcolon.net/Vegur

Import functions

MSVCP140.dll 72 CRYPT32.dll 16 KERNEL32.dll 84 dwmapi.dll 1 d3dx9_43.dll 2 api-ms-win-crt-locale-l1-1-0.dll 3 api-ms-win-crt-filesystem-l1-1-0.dll 7 api-ms-win-crt-math-l1-1-0.dll 12 api-ms-win-crt-utility-l1-1-0.dll 3 VCRUNTIME140.dll 15 api-ms-win-crt-conio-l1-1-0.dll 1 USER32.dll 45 IMM32.dll 4 api-ms-win-crt-string-l1-1-0.dll 10 VCRUNTIME140_1.dll 1 api-ms-win-crt-runtime-l1-1-0.dll 28 api-ms-win-crt-convert-l1-1-0.dll 7 SHELL32.dll 1 RPCRT4.dll 3 api-ms-win-crt-stdio-l1-1-0.dll 35 d3d9.dll 1 USERENV.dll 1 api-ms-win-crt-time-l1-1-0.dll 2 WLDAP32.dll 18 api-ms-win-crt-heap-l1-1-0.dll 6 ADVAPI32.dll 16 WS2_32.dll 29 Normaliz.dll 1

Function	Address	Souspicious	Anti Debug
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1400d93e0
?always_noconv@codecvt_base@std@@QEBA_NXZ	0x1400d93e8
??Bid@locale@std@@QEAA_KXZ	0x1400d93f0
?_Winerror_map@std@@YAHH@Z	0x1400d93f8
?_Syserror_map@std@@YAPEBDH@Z	0x1400d9400
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ	0x1400d9408
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z	0x1400d9410
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x1400d9418
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ	0x1400d9420
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x1400d9428
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z	0x1400d9430
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ	0x1400d9438
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z	0x1400d9440
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z	0x1400d9448
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400d9450
??Bios_base@std@@QEBA_NXZ	0x1400d9458
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z	0x1400d9460
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z	0x1400d9468
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z	0x1400d9470
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z	0x1400d9478
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400d9480
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x1400d9488
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400d9490
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z	0x1400d9498
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z	0x1400d94a0
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ	0x1400d94a8
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1400d94b0
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400d94b8
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x1400d94c0
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z	0x1400d94c8
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1400d94d0
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z	0x1400d94d8
?_Xbad_alloc@std@@YAXXZ	0x1400d94e0
?_Xlength_error@std@@YAXPEBD@Z	0x1400d94e8
_Query_perf_frequency	0x1400d94f0
?_Throw_Cpp_error@std@@YAXH@Z	0x1400d94f8
_Cnd_do_broadcast_at_thread_exit	0x1400d9500
_Thrd_sleep	0x1400d9508
_Thrd_id	0x1400d9510
_Query_perf_counter	0x1400d9518
_Thrd_detach	0x1400d9520
_Xtime_get_ticks	0x1400d9528
_Thrd_join	0x1400d9530
?_Xout_of_range@std@@YAXPEBD@Z	0x1400d9538
?_Random_device@std@@YAIXZ	0x1400d9540
??1_Lockit@std@@QEAA@XZ	0x1400d9548
??0_Lockit@std@@QEAA@H@Z	0x1400d9550
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A	0x1400d9558
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ	0x1400d9560
?uncaught_exception@std@@YA_NXZ	0x1400d9568
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1400d9570
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z	0x1400d9578
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ	0x1400d9580
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ	0x1400d9588
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ	0x1400d9590
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A	0x1400d9598
?_Xbad_function_call@std@@YAXXZ	0x1400d95a0
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A	0x1400d95a8
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z	0x1400d95b0
?id@?$ctype@D@std@@2V0locale@2@A	0x1400d95b8
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ	0x1400d95c0
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z	0x1400d95c8
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z	0x1400d95d0
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1400d95d8
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ	0x1400d95e0
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z	0x1400d95e8
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z	0x1400d95f0
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ	0x1400d95f8
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z	0x1400d9600
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z	0x1400d9608
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z	0x1400d9610
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ	0x1400d9618

Function	Address	Souspicious	Anti Debug
CertFreeCertificateChainEngine	0x1400d9088
CertCreateCertificateChainEngine	0x1400d9090
CryptQueryObject	0x1400d9098
CertFreeCertificateChain	0x1400d90a0
CertOpenStore	0x1400d90a8
CertCloseStore	0x1400d90b0
CertEnumCertificatesInStore	0x1400d90b8
CertFindCertificateInStore	0x1400d90c0
CertFreeCertificateContext	0x1400d90c8
CryptStringToBinaryA	0x1400d90d0
PFXImportCertStore	0x1400d90d8
CryptDecodeObjectEx	0x1400d90e0
CertAddCertificateContextToStore	0x1400d90e8
CertFindExtension	0x1400d90f0
CertGetNameStringA	0x1400d90f8
CertGetCertificateChain	0x1400d9100

Function	Address	Souspicious	Anti Debug
EnterCriticalSection	0x1400d9138
LeaveCriticalSection	0x1400d9140
SleepEx	0x1400d9148
GetSystemDirectoryA	0x1400d9150
VerifyVersionInfoA	0x1400d9158
GetTickCount	0x1400d9160
MoveFileExA	0x1400d9168
WaitForSingleObjectEx	0x1400d9170
GetEnvironmentVariableA	0x1400d9178
GetFileType	0x1400d9180
ReadFile	0x1400d9188
PeekNamedPipe	0x1400d9190
WaitForMultipleObjects	0x1400d9198
CreateFileA	0x1400d91a0
GetFileSizeEx	0x1400d91a8
GetLocaleInfoEx	0x1400d91b0
FindClose	0x1400d91b8
FindFirstFileExW	0x1400d91c0
FindNextFileW	0x1400d91c8
Module32FirstW	0x1400d91d0
SetFileInformationByHandle	0x1400d91d8
FormatMessageA	0x1400d91e0
GetModuleHandleW	0x1400d91e8
GetModuleFileNameA	0x1400d91f0
AreFileApisANSI	0x1400d91f8
GetFileInformationByHandleEx	0x1400d9200
ReleaseSRWLockExclusive	0x1400d9208
AcquireSRWLockExclusive	0x1400d9210
WakeAllConditionVariable	0x1400d9218
SleepConditionVariableSRW	0x1400d9220
RtlCaptureContext	0x1400d9228
RtlLookupFunctionEntry	0x1400d9230
RtlVirtualUnwind	0x1400d9238
UnhandledExceptionFilter	0x1400d9240
SetUnhandledExceptionFilter	0x1400d9248
TerminateProcess	0x1400d9250
IsProcessorFeaturePresent	0x1400d9258
IsDebuggerPresent	0x1400d9260
GetCurrentProcessId	0x1400d9268
GetCurrentThreadId	0x1400d9270
GetSystemTimeAsFileTime	0x1400d9278
InitializeSListHead	0x1400d9280
OutputDebugStringW	0x1400d9288
GetLastError	0x1400d9290
OpenProcess	0x1400d9298
GetStdHandle	0x1400d92a0
SetConsoleTextAttribute	0x1400d92a8
SetLastError	0x1400d92b0
GetCurrentProcess	0x1400d92b8
DeleteCriticalSection	0x1400d92c0
InitializeCriticalSectionEx	0x1400d92c8
GetProcessHeap	0x1400d92d0
HeapSize	0x1400d92d8
WideCharToMultiByte	0x1400d92e0
HeapFree	0x1400d92e8
HeapReAlloc	0x1400d92f0
HeapAlloc	0x1400d92f8
HeapDestroy	0x1400d9300
CreateDirectoryA	0x1400d9308
QueryPerformanceCounter	0x1400d9310
FreeLibrary	0x1400d9318
VerSetConditionMask	0x1400d9320
GetProcAddress	0x1400d9328
QueryPerformanceFrequency	0x1400d9330
LoadLibraryA	0x1400d9338
GetModuleHandleA	0x1400d9340
GlobalUnlock	0x1400d9348
GlobalLock	0x1400d9350
LocalFree	0x1400d9358
GlobalFree	0x1400d9360
GlobalAlloc	0x1400d9368
MultiByteToWideChar	0x1400d9370
Module32NextW	0x1400d9378
Beep	0x1400d9380
CloseHandle	0x1400d9388
WriteProcessMemory	0x1400d9390
Process32FirstW	0x1400d9398
GetCurrentThread	0x1400d93a0
Process32NextW	0x1400d93a8
CreateToolhelp32Snapshot	0x1400d93b0
SetConsoleTitleA	0x1400d93b8
ReadProcessMemory	0x1400d93c0
Sleep	0x1400d93c8
CreateFileW	0x1400d93d0

Function	Address	Souspicious	Anti Debug
DwmExtendFrameIntoClientArea	0x1400d9e10

Function	Address	Souspicious	Anti Debug
D3DXMatrixTranspose	0x1400d9df8
D3DXVec3Transform	0x1400d9e00

Function	Address	Souspicious	Anti Debug
___lc_codepage_func	0x1400d9ac8
localeconv	0x1400d9ad0
_configthreadlocale	0x1400d9ad8

Function	Address	Souspicious	Anti Debug
_stat64	0x1400d9a50
_mkdir	0x1400d9a58
_lock_file	0x1400d9a60
_fstat64	0x1400d9a68
_unlock_file	0x1400d9a70
_access	0x1400d9a78
_unlink	0x1400d9a80

Function	Address	Souspicious	Anti Debug
ceilf	0x1400d9ae8
cosf	0x1400d9af0
fmodf	0x1400d9af8
acosf	0x1400d9b00
_hypotf	0x1400d9b08
sinf	0x1400d9b10
_dclass	0x1400d9b18
__setusermatherr	0x1400d9b20
roundf	0x1400d9b28
_dsign	0x1400d9b30
pow	0x1400d9b38
sqrtf	0x1400d9b40

Function	Address	Souspicious	Anti Debug
rand	0x1400d9dc8
srand	0x1400d9dd0
qsort	0x1400d9dd8

Function	Address	Souspicious	Anti Debug
__std_exception_destroy	0x1400d97e8
__std_exception_copy	0x1400d97f0
__std_terminate	0x1400d97f8
strstr	0x1400d9800
_CxxThrowException	0x1400d9808
memchr	0x1400d9810
memcmp	0x1400d9818
memcpy	0x1400d9820
memmove	0x1400d9828
memset	0x1400d9830
strchr	0x1400d9838
strrchr	0x1400d9840
__C_specific_handler	0x1400d9848
__current_exception	0x1400d9850
__current_exception_context	0x1400d9858

Function	Address	Souspicious	Anti Debug
_getch	0x1400d9a00

Function	Address	Souspicious	Anti Debug
GetWindowThreadProcessId	0x1400d9668
EnumWindows	0x1400d9670
SetWindowLongA	0x1400d9678
GetClipboardData	0x1400d9680
EmptyClipboard	0x1400d9688
CloseClipboard	0x1400d9690
OpenClipboard	0x1400d9698
GetCursorPos	0x1400d96a0
SetCursorPos	0x1400d96a8
ReleaseCapture	0x1400d96b0
FindWindowW	0x1400d96b8
FindWindowA	0x1400d96c0
GetKeyState	0x1400d96c8
RegisterClassExA	0x1400d96d0
GetDesktopWindow	0x1400d96d8
GetAsyncKeyState	0x1400d96e0
LoadIconW	0x1400d96e8
TranslateMessage	0x1400d96f0
SetLayeredWindowAttributes	0x1400d96f8
CreateWindowExA	0x1400d9700
DefWindowProcA	0x1400d9708
MoveWindow	0x1400d9710
SetWindowDisplayAffinity	0x1400d9718
PeekMessageW	0x1400d9720
DispatchMessageW	0x1400d9728
ShowWindow	0x1400d9730
SetWindowPos	0x1400d9738
DestroyWindow	0x1400d9740
GetWindowRect	0x1400d9748
GetWindow	0x1400d9750
GetWindowLongW	0x1400d9758
SetClipboardData	0x1400d9760
GetSystemMetrics	0x1400d9768
GetClientRect	0x1400d9770
SetCursor	0x1400d9778
SetCapture	0x1400d9780
LoadCursorW	0x1400d9788
GetForegroundWindow	0x1400d9790
TrackMouseEvent	0x1400d9798
ClientToScreen	0x1400d97a0
GetCapture	0x1400d97a8
ScreenToClient	0x1400d97b0
mouse_event	0x1400d97b8
SendInput	0x1400d97c0
SetWindowLongW	0x1400d97c8

Function	Address	Souspicious	Anti Debug
ImmSetCandidateWindow	0x1400d9110
ImmSetCompositionWindow	0x1400d9118
ImmGetContext	0x1400d9120
ImmReleaseContext	0x1400d9128

Function	Address	Souspicious	Anti Debug
strcmp	0x1400d9d58
tolower	0x1400d9d60
strcspn	0x1400d9d68
strncmp	0x1400d9d70
strspn	0x1400d9d78
isupper	0x1400d9d80
strncpy	0x1400d9d88
_wcsicmp	0x1400d9d90
_strdup	0x1400d9d98
strpbrk	0x1400d9da0

Function	Address	Souspicious	Anti Debug
__CxxFrameHandler4	0x1400d9868

Function	Address	Souspicious	Anti Debug
_beginthreadex	0x1400d9b50
_getpid	0x1400d9b58
_invalid_parameter_noinfo_noreturn	0x1400d9b60
system	0x1400d9b68
terminate	0x1400d9b70
abort	0x1400d9b78
_configure_narrow_argv	0x1400d9b80
_initialize_onexit_table	0x1400d9b88
_register_onexit_function	0x1400d9b90
exit	0x1400d9b98
_register_thread_local_exe_atexit_callback	0x1400d9ba0
_resetstkoflw	0x1400d9ba8
_c_exit	0x1400d9bb0
_invalid_parameter_noinfo	0x1400d9bb8
__p___argv	0x1400d9bc0
__sys_nerr	0x1400d9bc8
strerror	0x1400d9bd0
__p___argc	0x1400d9bd8
_exit	0x1400d9be0
_errno	0x1400d9be8
_initterm_e	0x1400d9bf0
_initterm	0x1400d9bf8
_get_initial_narrow_environment	0x1400d9c00
_set_app_type	0x1400d9c08
_crt_atexit	0x1400d9c10
_seh_filter_exe	0x1400d9c18
_cexit	0x1400d9c20
_initialize_narrow_environment	0x1400d9c28

Function	Address	Souspicious	Anti Debug
atoi	0x1400d9a10
strtod	0x1400d9a18
atof	0x1400d9a20
strtol	0x1400d9a28
strtoul	0x1400d9a30
strtoull	0x1400d9a38
strtoll	0x1400d9a40

Function	Address	Souspicious	Anti Debug
ShellExecuteW	0x1400d9658

Function	Address	Souspicious	Anti Debug
UuidCreate	0x1400d9638
UuidToStringA	0x1400d9640
RpcStringFreeA	0x1400d9648

Function	Address	Souspicious	Anti Debug
_set_fmode	0x1400d9c38
fread_s	0x1400d9c40
__stdio_common_vsscanf	0x1400d9c48
_wfopen	0x1400d9c50
__p__commode	0x1400d9c58
_read	0x1400d9c60
_write	0x1400d9c68
__stdio_common_vfprintf	0x1400d9c70
fseek	0x1400d9c78
__acrt_iob_func	0x1400d9c80
ftell	0x1400d9c88
_get_stream_buffer_pointers	0x1400d9c90
_fseeki64	0x1400d9c98
fread	0x1400d9ca0
fgets	0x1400d9ca8
fsetpos	0x1400d9cb0
ungetc	0x1400d9cb8
setvbuf	0x1400d9cc0
fgetpos	0x1400d9cc8
_pclose	0x1400d9cd0
__stdio_common_vsprintf	0x1400d9cd8
_popen	0x1400d9ce0
fwrite	0x1400d9ce8
_close	0x1400d9cf0
fopen	0x1400d9cf8
fputs	0x1400d9d00
fgetc	0x1400d9d08
feof	0x1400d9d10
_open	0x1400d9d18
fclose	0x1400d9d20
__stdio_common_vsprintf_s	0x1400d9d28
fflush	0x1400d9d30
fopen_s	0x1400d9d38
_lseeki64	0x1400d9d40
fputc	0x1400d9d48

Function	Address	Souspicious	Anti Debug
Direct3DCreate9Ex	0x1400d9de8

Function	Address	Souspicious	Anti Debug
UnloadUserProfile	0x1400d97d8

Function	Address	Souspicious	Anti Debug
_gmtime64	0x1400d9db0
_time64	0x1400d9db8

Function	Address	Souspicious	Anti Debug
None	0x1400d9878
None	0x1400d9880
None	0x1400d9888
None	0x1400d9890
None	0x1400d9898
None	0x1400d98a0
None	0x1400d98a8
None	0x1400d98b0
None	0x1400d98b8
None	0x1400d98c0
None	0x1400d98c8
None	0x1400d98d0
None	0x1400d98d8
None	0x1400d98e0
None	0x1400d98e8
None	0x1400d98f0
None	0x1400d98f8
None	0x1400d9900

Function	Address	Souspicious	Anti Debug
malloc	0x1400d9a90
free	0x1400d9a98
_set_new_mode	0x1400d9aa0
_callnewh	0x1400d9aa8
calloc	0x1400d9ab0
realloc	0x1400d9ab8

Function	Address	Souspicious	Anti Debug
CryptGetHashParam	0x1400d9000
CryptEncrypt	0x1400d9008
CryptImportKey	0x1400d9010
CryptDestroyKey	0x1400d9018
CryptDestroyHash	0x1400d9020
CryptHashData	0x1400d9028
CryptCreateHash	0x1400d9030
CryptGenRandom	0x1400d9038
CryptReleaseContext	0x1400d9040
CryptAcquireContextA	0x1400d9048
ConvertSidToStringSidA	0x1400d9050
IsValidSid	0x1400d9058
GetTokenInformation	0x1400d9060
GetLengthSid	0x1400d9068
CopySid	0x1400d9070
OpenProcessToken	0x1400d9078

Function	Address	Souspicious	Anti Debug
closesocket	0x1400d9910
recv	0x1400d9918
send	0x1400d9920
WSAGetLastError	0x1400d9928
bind	0x1400d9930
connect	0x1400d9938
getpeername	0x1400d9940
getsockname	0x1400d9948
getsockopt	0x1400d9950
htons	0x1400d9958
ntohs	0x1400d9960
setsockopt	0x1400d9968
socket	0x1400d9970
WSASetLastError	0x1400d9978
WSAIoctl	0x1400d9980
WSAStartup	0x1400d9988
WSACleanup	0x1400d9990
accept	0x1400d9998
ntohl	0x1400d99a0
gethostname	0x1400d99a8
sendto	0x1400d99b0
recvfrom	0x1400d99b8
freeaddrinfo	0x1400d99c0
getaddrinfo	0x1400d99c8
select	0x1400d99d0
__WSAFDIsSet	0x1400d99d8
ioctlsocket	0x1400d99e0
listen	0x1400d99e8
htonl	0x1400d99f0

Function	Address	Souspicious	Anti Debug
IdnToAscii	0x1400d9628

Name	Latest seen	MD5
tdpremium_cracked_1.exe?ex=670e6426&is=670d12a6&hm=9c53cc5408224b60897157362a03d438bf1a14daaa34f6ba1db17b10cdfdab56&	2024-10-14 16:33:01	5d6229f175579637daeb2291a3da3b31