General

Malware Config

Signatures

Files

• KHbrQL.exe.vir

  .exe windows x86

  ac9f9903da25e30d9ef7a4c4a0bac686

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  Process32First

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetClientRect

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  GetDeviceCaps

  advapi32

  AllocateAndInitializeSid

  msvcp140

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

  wininet

  InternetCheckConnectionA

  normaliz

  IdnToAscii

  ws2_32

  listen

  crypt32

  CertFreeCertificateContext

  wldap32

  ord301

  d3d9

  Direct3DCreate9

  d3dx9_43

  D3DXCreateTextureFromFileInMemory

  imm32

  ImmReleaseContext

  vcruntime140

  strstr

  api-ms-win-crt-heap-l1-1-0

  realloc

  api-ms-win-crt-runtime-l1-1-0

  __sys_errlist

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf

  api-ms-win-crt-filesystem-l1-1-0

  remove

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-string-l1-1-0

  tolower

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-convert-l1-1-0

  wcstombs

  api-ms-win-crt-time-l1-1-0

  _gmtime64

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  libcrypto-3

  BIO_new_mem_buf

  libssl-3

  SSL_pending

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  ���J`��9����o ��2�Z��иa����7��wzJ��vօ=cP���e����ت�.�`����[���L4�{���Y����~) �<�x]�^Y��N��GP���`
  �w�C_�� v�]�~���!ֳ�(<��5u)�����ȸF���.0�za/e?��:�l���?��T�!��h_0fD���th��٬�������vS�?s{�ui�1`�ʊA}���?JѴ�*��jG47J
  ��ة��e"�p$E�?�n%� K�ѡi��h;Pc��h� C|��@d ������ ��� ��:@~�S8����4|��^�����H N�@��I�A�9XIy۸��<�N[��[|���F�hb/��z�8�Gk�}�>`l��c����{��`:�zRo �рz�.��'ۖ��� ���t/t��G��������Jk�#��!GK�#~�/}�cFH�}�r�,��A�1��� b�Hi~yv\�?��&@6�_U��ryg �(F&��qٸ�1�Ca�s$g�%4nD��ie�9�eP�����KS=��ɔ'zaP�f ��^VEX$����Ĭ_l���Uv������i�{�yP���@4��n�
  U��`�x;Od�NB�f�k������\S����P��ĊL�D��������|�)� r�\9pD�?.�[�݇]�6Z���&K�v��K�oQX5Q��r��I�z�iC�
  U��8� ��a��*ԁBxM�($|�q�ƾ:n&����]����z�(�9!c�����s۝e��2�yIE�#���i��5�O=�T31@庽h���iݻ�����3T����m"K1��ϔ��[����x�'a\'�RA=����9��YV�ݖ��׽�h�ݾ��+�>��+d�D�e�Tdc8�1�E ����[�|���\2���u�����M6B�0�0y��w�#⿙>j���s�Ag�/��/p�4��K��N.�Z���J�H��_�2՘�&��s�\�����H<���Ƭz�rJ.�P4Z�;��Yw���"��m��b)�?�MV��D,+73]�I��ޣL��9�C��F��e$7�������1cw���K��Yx��K�R-��O� ����4��HN�ϛ���eH�L���^1�)o��y�%�Y���$����������4�L�ڵ�e�7�7���Ζ�&��5l�?n�ym��|��!m��G�D0r�� ���L�����d���*%3�Xp^
  dㅶ��K��}��Wr��W۾1~ܖ�i{Vh ����{�A��cл�?[-�d�݈)+��� h p���J�>��A��!������{+��
  ��4U��8�%i�_�Rr���I
  T3��Q&�dW}�.]��l�eL/U�$��_Ҧ�&�y#{-[C*�W������v�����J�p�b���Uh�zB/.�@�|4"�Oc��R(謝�
  M#�r�"��r�Ĕ_��(��0��;� �����lλfI��!����M���A�-�S��v-c�X���m�ӊ�1nylW���~Nx��b��91:Yb�RRE7[���~���b�6aD+EIϰ�2�A(�kk �-��z�W��l-�A  �g�CۑX`1?9�``�$G��DSְe�;�ꅊ:q�����s�� 5�Qe� �+L��I֖0Rt�{� #��%
  E�
  �fC��e��$���t/޳6�l��ND�1߇|un���0d��F�L
  @ ���L����6�p�dR��?�enZ�؂�?�^q�������ok�;�v�T�O̦u���ꄤA�El�-�Dv�_5��-�d�0�]��0�����J4�4۸�� ��c9��є"������]A�H E�^[I�H�`���MY��I�i�Z�ޝ�1P���%F��&#�"�1?��V�R�����B��Q韏�7&W������"WM����hs�V�~�>�Z�y."��77o 1X���"𲤖���vd[@Z����� �X�D�cNi��w����d�KX�X�?�I3%�E�� ����&��N!�U�O��������? S�L]WVڵt{Jb��釳�����tb�;S�g���Jb�Cy6u���"�1)z��zMT�;��F��i�R�Ɨ�h�tg
  >�G�__��w��C��_������ͅ�WC�>>{5y�H�k#������7צ����xT S�
  �pl��?D��;ĒP*����u�)4����
  |P�#Ԋ�(GK��;�*
  �=p��9}�CO�D0ϻ���<ײ���rHs8��]h����A�[��p�E��VuW
  :/�sa��n<�_�� 7,P �X�b�$�;]h�|ޖ�a�b�&�s��+!��[��� ��w����yV��"����@ p� bR��U�]���ȾF̏�jH���?t�~βKĦ�������馁���%9"Z�$��f�=�Ȟ����;�ʕ�����+S����;|(�|9��4"�`j�p�@�(�ue� �V���v��U.�L��H������ƛ���e��Ӧ��;�I��+H��8�f��z�� .]�kfU�B7%Gض0�:s!Esn�*��RgQ��"�E��? U��qb����R"F� d���kZ��Ed��A?k��e
  ']��
  ����� ^Q;%�$� � �e�_��o#6��FA\B�CX����"젷�[%}��2�h�O�@^?an�c��Ee��Z�6s�>=.�I�޳2B�"مs�"5��=�8����ge��1h{�+䜅߉A(�Ж���1cLgb\�GM��M���-~�2�-���9���Re�H�������fXA���_4.��i+�ejd�x�wN��"���n�ܚ��Y���|��9�t(Х6656��ږ�Z&ᕳ�ڪu�`2DS��KE�k���dP{'C�����Ƀ@�i It�P���Aq{��t&7C�k\I�o�!"����i��J�u� <��'&��WL�TPӋ`[�11r4;d~�*�߯�^zTm�@&�9�j�����Lj�
  ��p�>Ց���E�����@h\ /��R���% �m���F� v��׆���Bf.�����L|�p�^��:^� ���SN)�e�J�� jy��

  Sections

  .text

  Size: - Virtual size: 673KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 222KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 311KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .themida

  Size: 6.1MB - Virtual size: 6.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ