General

Malware Config

Signatures

Files

• 230303-s3j93ahf3s_pw_infected.zip

  .zip

  Password: infected

• qbittorrent.exe

  .exe windows x64

  Password: infected

  7dc3762bf412e12afcfe9e5f5372513a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  powrprof

  SetSuspendState

  wsock32

  WSAGetLastError

  htons

  htonl

  WSACleanup

  bind

  accept

  __WSAFDIsSet

  getpeername

  ord1141

  ord1142

  WSAStartup

  socket

  WSASetLastError

  ntohs

  setsockopt

  inet_ntoa

  getsockopt

  connect

  WSAAsyncSelect

  gethostname

  closesocket

  select

  listen

  ntohl

  getsockname

  ws2_32

  WSAAccept

  WSAHtonl

  getaddrinfo

  WSANtohl

  freeaddrinfo

  WSAStringToAddressW

  WSAAddressToStringW

  WSARecvFrom

  WSANtohs

  WSASocketW

  WSASend

  WSAConnect

  getnameinfo

  WSAIoctl

  WSARecv

  WSASendTo

  iphlpapi

  NotifyUnicastIpAddressChange

  ConvertInterfaceLuidToGuid

  ConvertInterfaceIndexToLuid

  ConvertInterfaceNameToLuidW

  CancelMibChangeNotify2

  GetAdaptersAddresses

  ConvertInterfaceLuidToNameW

  ConvertInterfaceLuidToIndex

  crypt32

  CertGetCertificateContextProperty

  CertFindCertificateInStore

  CertEnumCertificatesInStore

  CertFreeCertificateContext

  CertOpenSystemStoreA

  CertCloseStore

  CertOpenStore

  CertAddCertificateContextToStore

  CertFreeCertificateChain

  CertGetCertificateChain

  CertOpenSystemStoreW

  CertCreateCertificateContext

  CertDuplicateCertificateContext

  kernel32

  FindNextFileW

  WriteFile

  DeviceIoControl

  SetEndOfFile

  FindClose

  LoadLibraryA

  GetOverlappedResult

  SetFilePointerEx

  CreateEventA

  CreateWaitableTimerA

  GetACP

  CancelIoEx

  CancelIo

  GetModuleHandleA

  GetSystemTimeAsFileTime

  GlobalMemoryStatusEx

  SystemTimeToFileTime

  GetSystemTime

  GetModuleHandleExW

  DeleteFiber

  SwitchToFiber

  CreateFiber

  GetStdHandle

  GetEnvironmentVariableW

  GetFileType

  RtlVirtualUnwind

  QueryPerformanceCounter

  ConvertFiberToThread

  ConvertThreadToFiber

  FreeLibrary

  SetConsoleMode

  ReadConsoleA

  GetConsoleMode

  ReadConsoleW

  DisconnectNamedPipe

  WaitNamedPipeW

  CreateNamedPipeW

  ConnectNamedPipe

  ResetEvent

  GlobalFree

  SetHandleInformation

  AreFileApisANSI

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  GetFullPathNameW

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  SetFilePointer

  GetFullPathNameA

  UnlockFileEx

  GetTempPathW

  GetFileAttributesW

  UnmapViewOfFile

  HeapValidate

  HeapSize

  GetTempPathA

  GetDiskFreeSpaceA

  GetFileAttributesA

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  WaitForSingleObjectEx

  DeleteFileA

  HeapReAlloc

  GetSystemInfo

  HeapAlloc

  HeapCompact

  HeapDestroy

  UnlockFile

  LockFileEx

  GetFileSize

  GetProcessHeap

  CreateFileMappingW

  MapViewOfFile

  GetTickCount

  FlushFileBuffers

  CompareStringEx

  GetNativeSystemInfo

  FindFirstFileW

  IsProcessorFeaturePresent

  TerminateProcess

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  DuplicateHandle

  GetExitCodeProcess

  GetProcessId

  GetLocalTime

  CreateThread

  SwitchToThread

  GetThreadPriority

  ResumeThread

  QueryPerformanceFrequency

  GetTickCount64

  GetUserDefaultLCID

  GetCurrencyFormatW

  GetDateFormatW

  GetTimeFormatW

  GetUserPreferredUILanguages

  RegisterWaitForSingleObject

  UnregisterWaitEx

  ReadFileEx

  PeekNamedPipe

  WriteFileEx

  GetModuleFileNameW

  GetStartupInfoW

  OpenFileMappingW

  VirtualQuery

  TzSpecificLocalTimeToSystemTime

  GetVolumePathNamesForVolumeNameW

  GetFileInformationByHandleEx

  SetFileTime

  SetErrorMode

  GetLogicalDrives

  GetCurrentDirectoryW

  MoveFileW

  MoveFileExW

  FileTimeToSystemTime

  FindFirstFileExW

  FindFirstChangeNotificationW

  FindCloseChangeNotification

  FindNextChangeNotification

  GetVolumeNameForVolumeMountPointW

  GetDiskFreeSpaceExW

  CompareStringW

  LCMapStringW

  CreateSemaphoreW

  ReleaseSemaphore

  GetTimeZoneInformation

  GetUserGeoID

  GetGeoInfoW

  VirtualFree

  VirtualAlloc

  WriteConsoleW

  ReadFile

  CopyFileW

  DeleteFileW

  GetFileInformationByHandle

  CreateFileW

  CreateHardLinkW

  RemoveDirectoryW

  CreateDirectoryW

  GetFileAttributesExW

  CreateIoCompletionPort

  SleepEx

  QueueUserAPC

  TerminateThread

  SetEvent

  CreateEventW

  GetQueuedCompletionStatus

  InitializeCriticalSectionAndSpinCount

  SetLastError

  VerifyVersionInfoA

  TlsSetValue

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  SetEnvironmentVariableW

  GetOEMCP

  TryAcquireSRWLockExclusive

  GetLocaleInfoEx

  SetFileAttributesW

  IsValidCodePage

  EnumSystemLocalesW

  IsValidLocale

  SetWaitableTimer

  TlsGetValue

  PostQueuedCompletionStatus

  DeleteCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  ExitProcess

  GetUserDefaultLangID

  lstrcmpW

  GlobalSize

  CreateProcessW

  ExpandEnvironmentStringsW

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetLocaleInfoW

  CheckRemoteDebuggerPresent

  OpenProcess

  WTSGetActiveConsoleSessionId

  GetModuleHandleW

  GetCurrentThreadId

  GetLongPathNameW

  GetVolumeInformationW

  GetConsoleWindow

  LocalAlloc

  SetThreadExecutionState

  VerifyVersionInfoW

  VerSetConditionMask

  GetSystemDirectoryW

  GetVolumePathNameW

  GetDriveTypeW

  MultiByteToWideChar

  RtlCaptureStackBackTrace

  WaitForMultipleObjects

  Sleep

  OpenMutexW

  CreateMutexW

  WaitForSingleObject

  ReleaseMutex

  GetCurrentProcessId

  WideCharToMultiByte

  FormatMessageW

  FormatMessageA

  LocalFree

  LoadLibraryW

  GetProcAddress

  TlsFree

  TlsAlloc

  SetThreadPriority

  GetCurrentThread

  GetCurrentProcess

  GetLastError

  CloseHandle

  SetStdHandle

  GetCommandLineA

  SystemTimeToTzSpecificLocalTime

  FreeLibraryAndExitThread

  RtlPcToFileHeader

  RaiseException

  InitializeConditionVariable

  WakeConditionVariable

  WakeAllConditionVariable

  SleepConditionVariableSRW

  InitOnceBeginInitialize

  InitOnceComplete

  FreeLibraryWhenCallbackReturns

  CreateThreadpoolWork

  SubmitThreadpoolWork

  CloseThreadpoolWork

  GetExitCodeThread

  FlsAlloc

  FlsGetValue

  FlsSetValue

  FlsFree

  InitializeCriticalSectionEx

  GetFileSizeEx

  EncodePointer

  DecodePointer

  LCMapStringEx

  GetStringTypeW

  GetCPInfo

  RtlCaptureContext

  RtlLookupFunctionEntry

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  InitializeSListHead

  RtlUnwindEx

  RtlUnwind

  LoadLibraryExW

  SetConsoleCtrlHandler

  GetConsoleOutputCP

  ExitThread

  GetCommandLineW

  user32

  GetCursor

  GetCursorInfo

  CreateCursor

  LoadCursorW

  SetCursorPos

  GetClipboardFormatNameW

  TrackMouseEvent

  RegisterClipboardFormatW

  GetMenuItemInfoW

  ModifyMenuW

  CreatePopupMenu

  TrackPopupMenu

  SetMenu

  GetAsyncKeyState

  GetMessageExtraInfo

  GetTouchInputInfo

  CloseTouchInputHandle

  GetWindowTextW

  EnumWindows

  RealGetWindowClassW

  ChangeWindowMessageFilterEx

  GetProcessWindowStation

  GetUserObjectInformationW

  PostThreadMessageW

  KillTimer

  GetQueueStatus

  SetTimer

  RegisterClassW

  MsgWaitForMultipleObjectsEx

  TranslateMessage

  DispatchMessageW

  UnregisterDeviceNotification

  RegisterDeviceNotificationW

  EnumDisplayDevicesW

  DestroyMenu

  DrawMenuBar

  InsertMenuW

  RemoveMenu

  AppendMenuW

  CreateMenu

  LoadIconW

  GetKeyState

  MapVirtualKeyW

  GetKeyboardState

  SetMenuItemInfoW

  PeekMessageW

  ToUnicode

  TrackPopupMenuEx

  IsZoomed

  ToAscii

  MonitorFromWindow

  EnumDisplayMonitors

  GetMonitorInfoW

  HideCaret

  SetCaretPos

  CreateCaret

  GetKeyboardLayout

  IsWindowEnabled

  DestroyCaret

  ShowCaret

  FindWindowA

  SetClipboardViewer

  IsHungAppWindow

  ChangeClipboardChain

  GetFocus

  UnregisterClassW

  ChildWindowFromPointEx

  RegisterClassExW

  WindowFromPoint

  GetClassInfoW

  GetKeyboardLayoutList

  UnregisterPowerSettingNotification

  RegisterPowerSettingNotification

  GetSysColorBrush

  LoadImageW

  GetCursorPos

  GetWindowLongW

  GetWindowThreadProcessId

  DefWindowProcW

  AdjustWindowRectEx

  IsTouchWindow

  PostMessageW

  MonitorFromPoint

  GetWindow

  GetWindowRect

  GetMenu

  DestroyWindow

  IsWindowVisible

  SetWindowPos

  SetWindowLongPtrW

  SetWindowRgn

  CreateWindowExW

  ScreenToClient

  SendMessageW

  SetWindowTextW

  GetWindowLongPtrW

  GetWindowPlacement

  DestroyCursor

  ShowWindow

  GetCapture

  RegisterTouchWindow

  ClientToScreen

  IsChild

  SetWindowPlacement

  AttachThreadInput

  GetForegroundWindow

  MoveWindow

  UnregisterTouchWindow

  SetLayeredWindowAttributes

  SetFocus

  GetUpdateRect

  SetParent

  SetCapture

  SetCursor

  FlashWindowEx

  SetWindowLongW

  GetClientRect

  GetParent

  ReleaseCapture

  SetForegroundWindow

  InvalidateRect

  GetAncestor

  IsIconic

  BeginPaint

  EndPaint

  MessageBeep

  IsWindow

  GetDoubleClickTime

  GetCaretBlinkTime

  GetDesktopWindow

  UpdateLayeredWindowIndirect

  GetSystemMetrics

  GetSysColor

  EnableMenuItem

  GetSystemMenu

  SystemParametersInfoW

  DrawIconEx

  GetIconInfo

  CreateIconIndirect

  ReleaseDC

  GetDC

  MessageBoxW

  RegisterWindowMessageW

  DestroyIcon

  AllowSetForegroundWindow

  ShutdownBlockReasonDestroy

  ShutdownBlockReasonCreate

  CharNextExA

  UpdateLayeredWindow

  gdi32

  CreateDIBSection

  CreateBitmap

  GetDIBits

  GetRegionData

  DeleteObject

  ExtTextOutW

  SetTextAlign

  SetBkMode

  SetTextColor

  GetCharABCWidthsW

  GetCharABCWidthsI

  GetCharABCWidthsFloatW

  GetGlyphOutlineW

  SetWorldTransform

  SetGraphicsMode

  GetTextExtentPoint32W

  GetOutlineTextMetricsW

  GetTextFaceW

  GetStockObject

  RemoveFontResourceExW

  AddFontResourceExW

  GetTextMetricsW

  RemoveFontMemResourceEx

  AddFontMemResourceEx

  EnumFontFamiliesExW

  GetFontData

  CreateFontIndirectW

  GdiFlush

  GetBitmapBits

  CreateCompatibleBitmap

  CreateDCW

  GetDeviceCaps

  SetLayout

  OffsetRgn

  SelectClipRgn

  BitBlt

  SelectObject

  DeleteDC

  CreateCompatibleDC

  CreateRectRgn

  CombineRgn

  GetObjectW

  shell32

  SHGetKnownFolderPath

  Shell_NotifyIconGetRect

  Shell_NotifyIconW

  SHCreateItemFromIDList

  SHGetPathFromIDListW

  SHGetKnownFolderIDList

  SHBrowseForFolderW

  SHGetMalloc

  SHGetStockIconInfo

  ord727

  SHCreateItemFromParsingName

  SHGetFileInfoW

  ShellExecuteW

  SHOpenFolderAndSelectItems

  ord190

  ord155

  SHChangeNotify

  CommandLineToArgvW

  ole32

  DoDragDrop

  OleFlushClipboard

  CoGetMalloc

  CoGetApartmentType

  OleIsCurrentClipboard

  OleSetClipboard

  OleInitialize

  OleUninitialize

  RevokeDragDrop

  CoLockObjectExternal

  RegisterDragDrop

  CoInitialize

  CoTaskMemFree

  StringFromGUID2

  CoCreateGuid

  CoCreateInstance

  CoInitializeEx

  ReleaseStgMedium

  CoUninitialize

  OleGetClipboard

  CoGetObjectContext

  oleaut32

  SafeArrayCreateVector

  SafeArrayPutElement

  SysFreeString

  SysAllocString

  advapi32

  RegOpenKeyExW

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegCloseKey

  InitiateSystemShutdownW

  RegFlushKey

  RegSetValueExW

  RegDeleteValueW

  RegDeleteKeyW

  RegEnumValueW

  RegCreateKeyExW

  GetEffectiveRightsFromAclW

  AccessCheck

  MapGenericMask

  LookupAccountSidW

  GetNamedSecurityInfoW

  DuplicateToken

  BuildTrusteeWithSidW

  CopySid

  SystemFunction036

  GetSidSubAuthorityCount

  GetSidSubAuthority

  RegNotifyChangeKeyValue

  SetSecurityDescriptorDacl

  SetSecurityDescriptorGroup

  SetSecurityDescriptorOwner

  FreeSid

  AddAccessAllowedAce

  InitializeAcl

  GetLengthSid

  AllocateAndInitializeSid

  GetTokenInformation

  InitializeSecurityDescriptor

  CryptDestroyKey

  CryptGetUserKey

  CryptAcquireContextW

  CryptEnumProvidersW

  CryptDecrypt

  CryptExportKey

  CryptCreateHash

  CryptSetHashParam

  CryptDestroyHash

  CryptSignHashW

  CryptGetProvParam

  CryptReleaseContext

  DeregisterEventSource

  RegisterEventSourceW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenProcessToken

  ReportEventW

  RegQueryValueExW

  mpr

  WNetGetUniversalNameW

  userenv

  GetUserProfileDirectoryW

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  netapi32

  NetApiBufferFree

  NetShareEnum

  winmm

  timeKillEvent

  timeSetEvent

  PlaySoundW

  imm32

  ImmGetVirtualKey

  ImmNotifyIME

  ImmAssociateContextEx

  ImmSetCandidateWindow

  ImmGetOpenStatus

  ImmAssociateContext

  ImmGetCompositionStringW

  ImmSetCompositionWindow

  ImmReleaseContext

  ImmGetContext

  ImmGetDefaultIMEWnd

  uxtheme

  SetWindowTheme

  IsThemeBackgroundPartiallyTransparent

  GetCurrentThemeName

  IsThemeActive

  CloseThemeData

  GetThemeBackgroundRegion

  IsAppThemed

  ord47

  GetThemeMargins

  GetThemeInt

  OpenThemeData

  GetThemeColor

  GetThemePartSize

  GetThemeEnumValue

  GetThemeTransitionDuration

  GetThemePropertyOrigin

  GetThemeBool

  dwmapi

  DwmIsCompositionEnabled

  DwmGetWindowAttribute

  DwmEnableBlurBehindWindow

  DwmSetWindowAttribute

  wtsapi32

  WTSFreeMemory

  WTSQuerySessionInformationW

  dbgeng

  DebugCreate

  bcrypt

  BCryptGenRandom

  Sections

  .text

  Size: 15.6MB - Virtual size: 15.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11.0MB - Virtual size: 11.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 594KB - Virtual size: 701KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 589KB - Virtual size: 589KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .qtmetad

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .qtmimed

  Size: 315KB - Virtual size: 315KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 149KB - Virtual size: 149KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ