General

Malware Config

Signatures

Files

• 7deeadf3e42c1da83422702edaedad9b9cec9d15a81cdb68077a04c7b33f06a7

  .rar
• RFQ.exe

  .exe windows x86

  7f2222d75bcebeb591b7d884c5b9299b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  __WSAFDIsSet

  recv

  send

  setsockopt

  ntohs

  recvfrom

  select

  WSAStartup

  htons

  accept

  listen

  bind

  closesocket

  connect

  WSACleanup

  ioctlsocket

  sendto

  WSAGetLastError

  inet_addr

  gethostbyname

  gethostname

  socket

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  winmm

  timeGetTime

  waveOutSetVolume

  mciSendStringW

  comctl32

  ImageList_Destroy

  ImageList_Remove

  ImageList_SetDragCursorImage

  ImageList_BeginDrag

  ImageList_DragEnter

  ImageList_DragLeave

  ImageList_EndDrag

  ImageList_DragMove

  ImageList_Create

  InitCommonControlsEx

  ImageList_ReplaceIcon

  mpr

  WNetUseConnectionW

  WNetCancelConnection2W

  WNetGetConnectionW

  WNetAddConnection2W

  wininet

  InternetReadFile

  InternetCloseHandle

  InternetOpenW

  InternetSetOptionW

  InternetCrackUrlW

  HttpQueryInfoW

  InternetQueryOptionW

  HttpOpenRequestW

  HttpSendRequestW

  FtpOpenFileW

  FtpGetFileSize

  InternetOpenUrlW

  InternetConnectW

  InternetQueryDataAvailable

  psapi

  GetProcessMemoryInfo

  iphlpapi

  IcmpCreateFile

  IcmpCloseHandle

  IcmpSendEcho

  userenv

  UnloadUserProfile

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  LoadUserProfileW

  uxtheme

  IsThemeActive

  kernel32

  HeapAlloc

  GetProcessHeap

  HeapFree

  Sleep

  GetCurrentThreadId

  MultiByteToWideChar

  MulDiv

  GetVersionExW

  GetSystemInfo

  FreeLibrary

  LoadLibraryA

  GetProcAddress

  SetErrorMode

  GetModuleFileNameW

  WideCharToMultiByte

  lstrcpyW

  lstrlenW

  GetModuleHandleW

  QueryPerformanceCounter

  VirtualFreeEx

  OpenProcess

  VirtualAllocEx

  WriteProcessMemory

  ReadProcessMemory

  CreateFileW

  SetFilePointerEx

  ReadFile

  WriteFile

  FlushFileBuffers

  TerminateProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  SetFileTime

  GetFileAttributesW

  FindFirstFileW

  FindClose

  GetLongPathNameW

  GetCurrentThread

  FindNextFileW

  MoveFileW

  CopyFileW

  CreateDirectoryW

  RemoveDirectoryW

  SetSystemPowerState

  QueryPerformanceFrequency

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  EnumResourceNamesW

  OutputDebugStringW

  GetTempPathW

  GetTempFileNameW

  DeviceIoControl

  GetLocalTime

  CompareStringW

  DeleteCriticalSection

  WaitForSingleObject

  LeaveCriticalSection

  GetStdHandle

  CreatePipe

  InterlockedExchange

  TerminateThread

  LoadLibraryExW

  FindResourceExW

  VirtualFree

  FormatMessageW

  GetExitCodeProcess

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileSectionW

  WritePrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  GetDriveTypeW

  GetDiskFreeSpaceExW

  GetDiskFreeSpaceW

  GetVolumeInformationW

  SetVolumeLabelW

  CreateHardLinkW

  SetFileAttributesW

  GetShortPathNameW

  CreateEventW

  SetEvent

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  GetFileSize

  GlobalFree

  GlobalMemoryStatusEx

  Beep

  GetSystemDirectoryW

  GetComputerNameW

  GetWindowsDirectoryW

  GetCurrentProcessId

  GetProcessIoCounters

  CreateProcessW

  SetPriorityClass

  LoadLibraryW

  VirtualAlloc

  CloseHandle

  GetLastError

  GetFullPathNameW

  SetCurrentDirectoryW

  IsDebuggerPresent

  GetCurrentDirectoryW

  lstrcmpiW

  RaiseException

  InitializeCriticalSectionAndSpinCount

  InterlockedDecrement

  InterlockedIncrement

  CreateThread

  DuplicateHandle

  EnterCriticalSection

  GetCurrentProcess

  ExitProcess

  GetModuleHandleExW

  ExitThread

  GetSystemTimeAsFileTime

  ResumeThread

  GetCommandLineW

  IsProcessorFeaturePresent

  HeapSize

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  SetLastError

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetStringTypeW

  SetStdHandle

  GetFileType

  GetConsoleCP

  GetConsoleMode

  RtlUnwind

  ReadConsoleW

  SetFilePointer

  GetTimeZoneInformation

  GetDateFormatW

  GetTimeFormatW

  LCMapStringW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  HeapReAlloc

  WriteConsoleW

  SetEndOfFile

  DeleteFileW

  SetEnvironmentVariableA

  user32

  SetWindowPos

  GetCursorInfo

  RegisterHotKey

  ClientToScreen

  GetKeyboardLayoutNameW

  IsCharAlphaW

  IsCharAlphaNumericW

  IsCharLowerW

  IsCharUpperW

  GetMenuStringW

  GetSubMenu

  GetCaretPos

  IsZoomed

  MonitorFromPoint

  GetMonitorInfoW

  SetWindowLongW

  SetLayeredWindowAttributes

  FlashWindow

  GetClassLongW

  TranslateAcceleratorW

  IsDialogMessageW

  GetSysColor

  InflateRect

  DrawFocusRect

  DrawTextW

  FrameRect

  DrawFrameControl

  FillRect

  PtInRect

  DestroyAcceleratorTable

  CreateAcceleratorTableW

  SetCursor

  GetWindowDC

  GetSystemMetrics

  DrawMenuBar

  GetActiveWindow

  CharNextW

  wsprintfW

  RedrawWindow

  DestroyMenu

  SetMenu

  GetWindowTextLengthW

  CreateMenu

  IsDlgButtonChecked

  DefDlgProcW

  CallWindowProcW

  ReleaseCapture

  SetCapture

  MonitorFromRect

  LoadImageW

  CreateIconFromResourceEx

  mouse_event

  ExitWindowsEx

  SetActiveWindow

  FindWindowExW

  EnumThreadWindows

  SetMenuDefaultItem

  InsertMenuItemW

  IsMenu

  TrackPopupMenuEx

  GetCursorPos

  CopyImage

  CheckMenuRadioItem

  GetMenuItemID

  GetMenuItemCount

  SetMenuItemInfoW

  GetMenuItemInfoW

  SetForegroundWindow

  IsIconic

  FindWindowW

  UnregisterHotKey

  keybd_event

  SendInput

  GetAsyncKeyState

  SetKeyboardState

  GetKeyboardState

  GetKeyState

  VkKeyScanW

  LoadStringW

  DialogBoxParamW

  MessageBeep

  EndDialog

  SendDlgItemMessageW

  GetDlgItem

  SetWindowTextW

  CopyRect

  ReleaseDC

  GetDC

  EndPaint

  BeginPaint

  GetClientRect

  GetMenu

  DestroyWindow

  EnumWindows

  GetDesktopWindow

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  EnableWindow

  InvalidateRect

  GetWindowLongW

  GetWindowThreadProcessId

  AttachThreadInput

  GetFocus

  ScreenToClient

  SendMessageTimeoutW

  EnumChildWindows

  CharUpperBuffW

  GetClassNameW

  GetParent

  GetDlgCtrlID

  SendMessageW

  MapVirtualKeyW

  PostMessageW

  GetWindowRect

  SetUserObjectSecurity

  CloseDesktop

  CloseWindowStation

  OpenDesktopW

  SetProcessWindowStation

  GetProcessWindowStation

  OpenWindowStationW

  GetUserObjectSecurity

  AdjustWindowRectEx

  SetRect

  SetClipboardData

  EmptyClipboard

  CountClipboardFormats

  CloseClipboard

  GetClipboardData

  IsClipboardFormatAvailable

  OpenClipboard

  BlockInput

  GetMessageW

  LockWindowUpdate

  DispatchMessageW

  TranslateMessage

  DeleteMenu

  PeekMessageW

  MessageBoxW

  DefWindowProcW

  MoveWindow

  SetFocus

  PostQuitMessage

  KillTimer

  CreatePopupMenu

  RegisterWindowMessageW

  SetTimer

  ShowWindow

  CreateWindowExW

  RegisterClassExW

  LoadIconW

  LoadCursorW

  GetSysColorBrush

  GetForegroundWindow

  MessageBoxA

  DestroyIcon

  SystemParametersInfoW

  CharLowerBuffW

  GetWindowTextW

  gdi32

  SetPixel

  DeleteObject

  GetTextExtentPoint32W

  ExtCreatePen

  StrokeAndFillPath

  StrokePath

  GetDeviceCaps

  CloseFigure

  LineTo

  AngleArc

  CreateCompatibleBitmap

  CreateCompatibleDC

  MoveToEx

  Ellipse

  PolyDraw

  BeginPath

  SelectObject

  StretchBlt

  GetDIBits

  DeleteDC

  GetPixel

  CreateDCW

  GetStockObject

  Rectangle

  SetViewportOrgEx

  GetObjectW

  SetBkMode

  RoundRect

  SetBkColor

  CreatePen

  CreateSolidBrush

  SetTextColor

  CreateFontW

  GetTextFaceW

  EndPath

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  advapi32

  GetAclInformation

  RegEnumValueW

  RegDeleteValueW

  RegDeleteKeyW

  RegEnumKeyExW

  RegSetValueExW

  RegCreateKeyExW

  GetUserNameW

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  RegConnectRegistryW

  InitializeSecurityDescriptor

  InitializeAcl

  AdjustTokenPrivileges

  OpenThreadToken

  OpenProcessToken

  LookupPrivilegeValueW

  DuplicateTokenEx

  CreateProcessAsUserW

  CreateProcessWithLogonW

  GetLengthSid

  CopySid

  InitiateSystemShutdownExW

  LogonUserW

  AllocateAndInitializeSid

  CheckTokenMembership

  FreeSid

  GetTokenInformation

  GetSecurityDescriptorDacl

  SetSecurityDescriptorDacl

  AddAce

  GetAce

  shell32

  DragQueryPoint

  ShellExecuteExW

  DragQueryFileW

  SHEmptyRecycleBinW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHCreateShellItem

  SHGetDesktopFolder

  SHGetSpecialFolderLocation

  SHGetFolderPathW

  SHFileOperationW

  ExtractIconExW

  Shell_NotifyIconW

  ShellExecuteW

  DragFinish

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CLSIDFromString

  ProgIDFromCLSID

  CLSIDFromProgID

  OleSetMenuDescriptor

  MkParseDisplayName

  OleSetContainedObject

  CoCreateInstance

  IIDFromString

  StringFromGUID2

  CreateStreamOnHGlobal

  CoInitialize

  CoUninitialize

  GetRunningObjectTable

  CoGetInstanceFromFile

  CoGetObject

  CoInitializeSecurity

  CoCreateInstanceEx

  CoSetProxyBlanket

  oleaut32

  RegisterTypeLi

  LoadTypeLibEx

  VariantCopyInd

  SysReAllocString

  SysFreeString

  SafeArrayDestroyDescriptor

  SafeArrayDestroyData

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayAllocData

  UnRegisterTypeLi

  SafeArrayCreateVector

  SysAllocString

  SysStringLen

  VariantTimeToSystemTime

  VarR8FromDec

  SafeArrayGetVartype

  OleLoadPicture

  QueryPathOfRegTypeLi

  VariantCopy

  VariantClear

  CreateDispTypeInfo

  CreateStdDispatch

  DispCallFunc

  VariantChangeType

  SafeArrayAllocDescriptorEx

  VariantInit

  Sections

  .text

  Size: 557KB - Virtual size: 557KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 179KB - Virtual size: 179KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 24KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 645KB - Virtual size: 644KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 41KB - Virtual size: 41KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ