pqyxgi[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pqyxgi.rar
Size

562KB
MD5

3d0fffa0fe157c3bffb917e6a8d9da2e
SHA1

3e7f43dda78e1d8136bbbb1bf28667d4632c661e
SHA256

03bb64d1d0d91623bd8d83e769e97d39cf8175584dce06bc07936a8050ee4e41
SHA512

aede69afc0203edb7162e0fe48bdbc5ff6ab43945a478b5b0ccbb49aa81014778b1f14ceda25e21fd98bc224da24e962cc1124523a626f7488b3817dfeaeb926
SSDEEP

12288:ybHAqgIuNsQBUZGlXA21Sp3vykrYIotUfd+G+3kZ:aBCNrUo/CakrY4dZ+UZ

Score

N/A

Malware Config

Signatures

Files

pqyxgi.rar
.dll regsvr32 windows x86

adeae1388ccab7d5ea2c08a636428844

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateProcessW
LoadLibraryW
Sleep
GetModuleFileNameW
GetTempPathW
OpenMutexW
VirtualProtectEx
VirtualProtect
GetFileTime
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapSize
WriteFile
GetStdHandle
GetModuleHandleExW
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
HeapAlloc
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitialize

oledlg

OleUIChangeIconW
OleUIAddVerbMenuW

pdh

PdhParseCounterPathW
PdhSetCounterScaleFactor
PdhGetDefaultPerfCounterW
PdhVerifySQLDBW
PdhBrowseCountersHW
PdhEnumObjectItemsW
PdhBrowseCountersW
PdhComputeCounterStatistics
PdhCollectQueryDataEx
PdhSelectDataSourceW
PdhGetDefaultPerfObjectHW
PdhGetDefaultPerfObjectW
PdhGetFormattedCounterArrayW
PdhEnumObjectsW
PdhExpandWildCardPathW
PdhReadRawLogRecord
PdhGetCounterTimeBase
PdhBindInputDataSourceW
PdhEnumLogSetNamesW
PdhUpdateLogFileCatalog
PdhEnumObjectsHW
PdhGetCounterInfoW
PdhExpandCounterPathW
PdhMakeCounterPathW
PdhCloseQuery
PdhGetRawCounterArrayW
PdhGetDataSourceTimeRangeH
PdhUpdateLogW
PdhSetDefaultRealTimeDataSource
PdhOpenLogW
PdhValidatePathW
PdhGetRawCounterValue
PdhEnumObjectItemsHW
PdhGetDefaultPerfCounterHW
PdhAddCounterW
PdhCreateSQLTablesW
PdhSetLogSetRunID
PdhOpenQueryW
PdhExpandWildCardPathHW
PdhGetFormattedCounterValue
PdhParseInstanceNameW
PdhSetQueryTimeRange
PdhRemoveCounter
PdhGetDataSourceTimeRangeW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhGetLogSetGUID
PdhFormatFromRawValue
PdhEnumMachinesW
PdhLookupPerfIndexByNameW
PdhLookupPerfNameByIndexW
PdhGetDllVersion
PdhGetLogFileSize
PdhOpenQueryH
PdhConnectMachineW
PdhEnumMachinesHW

Exports

Exports

Completebegan
DllRegisterServer
Moleculenext
Searchneighbor
Southoccur

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adeae1388ccab7d5ea2c08a636428844

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oledlg

pdh

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 11KB - Virtual size: 72KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 11KB - Virtual size: 72KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB