cqxodxzsyh[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cqxodxzsyh.exe
Size

120KB
MD5

a85e4b508a6ee4acc8606b701251f748
SHA1

e76e388889dfd60f1c78780bfb48d6ecf9e88723
SHA256

c66c59d28085f25ac0c5d3a5688079fc68ef1c4184b48ef42ef77aa428019825
SHA512

3c106cf91710610cfa018d80312005385c26bb91786dd3b13bb7cb8a11326d9eedf79aa889fdda4425d1a154430674d156c64a083017560ecaf2eb769d25a6a8
SSDEEP

1536:V4GyOx0qu+1IGdwSEjPW7zr9iyQ641xIon1qbg5B85smnRlMz/sL+y4inSDb7GpC:KZSk+8SEDWPrEPrlfgl0st47D/G+aF

Score

1^/10

Malware Config

Signatures

Files

cqxodxzsyh.exe
.exe windows x86

6611dc162030f0f44b54122ee9c79bbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

lstrcpynW
CompareStringW
GetThreadLocale
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExW
GetSystemDirectoryW
WriteFile
CreateThread
ReadFile
CreateFileW
lstrcatW
GetCommandLineW
LoadLibraryW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEndOfFile
HeapSize
LCMapStringW
WriteConsoleW
CloseHandle
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
InterlockedExchange
SetConsoleCtrlHandler
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
lstrcpyW
lstrlenW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
Sleep
GetModuleHandleW
FatalAppExitA
GetStringTypeW
SetFilePointer
RtlUnwind

rtutils

TraceGetConsoleW
RouterLogEventStringA
TracePrintfA
RouterLogRegisterA

odbc32

ord147
ord232
ord29
ord245
ord106

mpr

MultinetGetConnectionPerformanceA
WNetUseConnectionW
WNetGetConnectionA
WNetCancelConnectionA
WNetGetResourceInformationW
WNetCancelConnectionW

mscms

InstallColorProfileW
GetStandardColorSpaceProfileW
RegisterCMMA
OpenColorProfileA
CloseColorProfile

wininet

CreateUrlCacheContainerW
GopherGetAttributeA
InternetHangUp
FtpGetFileW
InternetGetCertByURL
FindNextUrlCacheEntryExW
UnlockUrlCacheEntryStream
FreeUrlCacheSpaceW

user32

LoadStringW

advapi32

RegQueryValueExW
CreateServiceW
RegOpenKeyW
OpenSCManagerW
RegCloseKey
OpenServiceW
DeleteService
CloseServiceHandle

ole32

CoUninitialize
CLSIDFromString
CoInitializeEx

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6611dc162030f0f44b54122ee9c79bbb

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

rtutils

odbc32

mpr

mscms

wininet

user32

advapi32

ole32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB