xhtgu[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

xhtgu.exe
Size

79KB
MD5

959577b52fa565e1a4f9f3da94ff78f8
SHA1

6eef7d1f9e03805f72d75a788b4fce37aad0d0e0
SHA256

b12e0f7dddc83cc90b3268a7896860a2edffa581db5bb143197ba8c7cc0ea229
SHA512

94ef2a4eed890b38f0d0d36328519e029681237106978c402927963e3ef2b56ae1f1ab40dc12f573098305da438a114daecd51f0986de07a3276065b5259fc5f
SSDEEP

768:xLHv8XSjCz1G9KiO/gvaspzNdysIHsqq9El2MdMhALcFH6yx3bYRAEwNKNWlPKwB:tkXSQIlpzNInMqNlOlFapkDLAOBwE

Score

N/A

Malware Config

Signatures

Files

xhtgu.exe
.exe windows x86

8bfb5aa142133d4f7bebe2af7d295ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
CreateToolbarEx
CreateStatusWindowW

kernel32

VirtualAlloc
lstrcatW
CloseHandle
GetWindowsDirectoryW
LocalFree
lstrcpyW
GetCurrentDirectoryW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetLastError
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
LCMapStringEx
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryW
OutputDebugStringW
ReadFile
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
Sleep
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleFileNameW
GetStdHandle
GetProcAddress
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
SetLastError
WriteConsoleW
IsProcessorFeaturePresent
GetCommandLineW
FormatMessageW
GetConsoleWindow
WideCharToMultiByte
GlobalAlloc
WriteFile
EnumLanguageGroupLocalesW
GetProcessHeap
GlobalLock
HeapFree
CreateProcessW
GetFileSize
LoadLibraryExW

mpr

MultinetGetConnectionPerformanceA
WNetGetNetworkInformationW
WNetCancelConnection2W
WNetEnumResourceA
WNetOpenEnumA
WNetGetResourceParentA

gdi32

SetBkMode
GdiStartPageEMF
ScaleWindowExtEx
CombineTransform
SetViewportExtEx
StartPage

shell32

ShellExecuteEx
SHBrowseForFolderA
SHLoadInProc
ExtractIconA
ShellAboutW

oleaut32

DispGetIDsOfNames
VariantChangeType
VarI1FromStr
SysAllocString
SysStringLen
LoadTypeLi
VariantInit
SysFreeString
VarCyFromStr

pdh

PdhCloseQuery
PdhGetRawCounterArrayW
PdhEnumMachinesA
PdhBrowseCountersA
PdhMakeCounterPathA
PdhExpandCounterPathA
PdhGetDefaultPerfCounterW
PdhGetRawCounterValue

msi

ord11
ord83
ord167
ord150
ord113
ord165
ord39
ord19

mswsock

SetServiceW
rexec
WSARecvEx
sethostname

user32

OpenClipboard
MessageBoxW
RegisterClassW
IsWindowVisible
GetDlgItem
UpdateWindow
SetClipboardData
SetWindowTextW
DefWindowProcW
CreateWindowExW
MoveWindow
DispatchMessageW
EnableMenuItem
GetWindowTextW
GetMenu
GetWindowTextLengthW
LoadAcceleratorsW
TranslateMessage
wsprintfW
SetFocus
IsDlgButtonChecked
ShowWindow
LoadStringW
CheckDlgButton
CheckMenuItem
EndDialog
GetClientRect
LoadCursorW
DialogBoxParamW
PostQuitMessage
GetMessageW
TranslateAcceleratorW
CloseClipboard
DestroyWindow
SendMessageW
EmptyClipboard

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegGetValueW
RegQueryValueW
RegCreateKeyW
RegOpenKeyW

ole32

CLSIDFromString
OleUninitialize
OleInitialize

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bfb5aa142133d4f7bebe2af7d295ceb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

mpr

gdi32

shell32

oleaut32

pdh

msi

mswsock

user32

comdlg32

advapi32

ole32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB