vt-upload-i9ydy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vt-upload-i9ydy.exe
Size

259KB
MD5

b30e8dc3f6759f369969d056e3e5036d
SHA1

0ad1ee02f1b75980c12c523e5883261220d8fced
SHA256

811aac3c419782890d5d83a1446d0e045dfc9a6aebdfed0e151fabcc051fe557
SHA512

3dbd9e9686ec3ea7ea6e8153ffa711fce813546a41ccf06e648ebb49cab378daab616edb26a12c8956b58e0489a4b9c949ae99d5638997e101e0198d0504c013
SSDEEP

6144:rfzOFbdiOizOEuDjLXBT4xl1XskhA+s9TBHzKYvGaan:LzeRGEXLRT4xphA+s9TtdHan

Score

N/A

Malware Config

Signatures

Files

vt-upload-i9ydy.exe
.dll windows x64

d177463b4677a0cf01c9a9340a668b6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumProcessModules

shlwapi

StrChrA
PathCombineW
StrRChrW
StrTrimW
wnsprintfW
StrRChrA

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationFile
RtlEqualUnicodeString
NtQueryObject
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtGetContextThread
ZwQueryInformationProcess
NtSetContextThread

ws2_32

ioctlsocket
connect
select
shutdown
recv
bind
socket
closesocket
send
listen
accept
WSACleanup
WSAStartup

kernel32

LocalFree
WriteProcessMemory
SuspendThread
ResumeThread
lstrcpyW
CreateThread
lstrcpyA
SwitchToThread
SetEvent
HeapDestroy
HeapCreate
GetCurrentThreadId
FindFirstFileW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileW
CreateEventA
GetVersion
GetCurrentProcessId
lstrcmpA
GetTickCount
InitializeCriticalSection
VirtualProtect
LocalAlloc
lstrcmpW
MultiByteToWideChar
lstrcmpiA
lstrcmpiW
FreeLibrary
CreateDirectoryW
GetProcessHeap
WriteFile
LoadLibraryW
CreateFileW
GetTempPathW
GetProcAddress
DeleteFileW
CreateFileA
SetFilePointer
VirtualFree
OpenProcess
ReadFile
VirtualAlloc
VirtualAllocEx
GetModuleFileNameA
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
CreateMutexA
CloseHandle
DeleteCriticalSection
ReleaseMutex
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
ExitProcess
GetModuleHandleExW
GetStringTypeW
GetLocaleInfoW
VerLanguageNameW
LCMapStringW
GetStdHandle
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetVersionExA
GetProcessId
Process32FirstW
SetEndOfFile
MulDiv
GetSystemTime
SystemTimeToFileTime
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetSystemWindowsDirectoryA
lstrcpynW
OpenEventA
GetLongPathNameW
GetEnvironmentVariableW
OpenThread
lstrcatW
GetModuleHandleA
VirtualProtectEx
SetLastError
GetLastError
lstrlenW
lstrcatA
ReadProcessMemory
Sleep
HeapFree
GetCurrentProcess
HeapAlloc
lstrlenA
GetThreadContext
RemoveDirectoryW
Process32NextW
CreateToolhelp32Snapshot
DuplicateHandle
GetFileInformationByHandle
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetSystemTimeAsFileTime
GetProcessTimes
IsBadStringPtrA

user32

ClientToScreen
GetSubMenu
GetParent
CallNextHookEx
GetWindowInfo
MenuItemFromPoint
GetClientRect
SendMessageA
GetClassLongPtrA
GetMenu
GetMenuItemRect
TrackPopupMenuEx
GetAncestor
GetMenuState
SetKeyboardState
RedrawWindow
EndPaint
SendMessageTimeoutA
SetLayeredWindowAttributes
WindowFromDC
SetWindowLongPtrA
GetMenuItemCount
IsWindow
PostMessageA
HiliteMenuItem
PrintWindow
CallWindowProcA
EndMenu
FindWindowA
ActivateKeyboardLayout
GetWindowThreadProcessId
GetThreadDesktop
FindWindowExA
wsprintfW
GetMenuItemID
FillRect
SetClassLongPtrA
TrackPopupMenu
GetWindowLongPtrA
ScreenToClient
GetSystemMenu
UnhookWindowsHookEx
GetClassNameA
SetWindowsHookExA
DefWindowProcA
ReleaseDC
GetDC
GetWindow
SetThreadDesktop
GetDesktopWindow
RegisterWindowMessageA
CloseDesktop
CreateDesktopA
PostThreadMessageA
GetWindowRect
EnumDesktopWindows
GetUserObjectInformationA
wsprintfA
IsWindowVisible
ShowWindow
GetWindowTextA
GetScrollBarInfo
DrawEdge
IsIconic
MapWindowPoints
EnumChildWindows
SetWindowPos
BringWindowToTop
GetGUIThreadInfo
PtInRect
SetFocus
WindowFromPoint
AttachThreadInput
SetForegroundWindow
GetLastActivePopup
SetActiveWindow
RealChildWindowFromPoint
IntersectRect
IsRectEmpty
GetSystemMetrics
GetMenuItemInfoA
GetDoubleClickTime
GetMenuDefaultItem
DispatchMessageA
EndDialog
CreateDialogIndirectParamW
TranslateMessage
GetMessageA
DestroyWindow
SetWinEventHook
UnhookWinEvent
ChildWindowFromPointEx
ToUnicodeEx
VkKeyScanA
GetKeyboardLayoutList
MapVirtualKeyExA
MapVirtualKeyA
GetKeyboardLayout
ToAscii
VkKeyScanExA
VkKeyScanExW
RegisterClassA
GetClipboardOwner
SetClipboardViewer
SetClipboardData
OpenClipboard
ChangeClipboardChain
EmptyClipboard
CreateWindowExA
GetClipboardData
SendNotifyMessageA
CloseClipboard
MoveWindow
GetSysColor
BeginPaint
KillTimer
DrawTextW
CharUpperBuffW
SetTimer

gdi32

GetClipRgn
BitBlt
GetViewportOrgEx
SetViewportOrgEx
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SetWindowOrgEx
SetTextColor
CreateFontA
SetBkColor
SetBkMode
GetClipBox
ExtTextOutA
CreateDIBSection
GetDIBits
SetDIBColorTable
CreateBitmap
CombineRgn
CreatePatternBrush
GetStockObject
GdiFlush
GetRegionData
DeleteDC
GetDeviceCaps
GetSystemPaletteEntries
CreateCompatibleBitmap

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize

Exports

Exports

VncSrvWndProc
VncStartServer
VncStopServer

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d177463b4677a0cf01c9a9340a668b6b

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

ntdll

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 22KB - Virtual size: 33KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 22KB - Virtual size: 33KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 5KB - Virtual size: 4KB