ymeeszq[.]exe | Triage

Resubmissions

03-03-2023 16:07

230303-tk4fnaac63 3

03-03-2023 16:07

230303-tk11jaac62 3

Sharing

Copy URL

Twitter E-mail

General

Target

ymeeszq.exe
Size

124KB
MD5

2b9683d6a5ddd016e410b2238c4fc2c4
SHA1

3c18f448a5088bd4a1e7d3fe414b292fc17315aa
SHA256

32a74a5734bd6fa9fd597da62ea8c7695019847db2899ef818a94465ab031f2a
SHA512

f2d327c6709185b13a7f1765b773b7b2cfaec4796f9f062534935aa558798fbc96bf952eb3a976b3a949910e77b089177f414daa15546364126cc8568359c0d5
SSDEEP

3072:eQAwqZqA5e1eXTi66oPszU17YlJqnojdpWMna649kaq5:e2qZ75e1eXGXoPszU17YlJqnojXxu5

Score

1^/10

Malware Config

Signatures

Files

ymeeszq.exe
.exe windows x86

27fb5b9e0fffb467db793bfc582e5aa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ord17
CreateStatusWindowW

kernel32

CreateThread
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExW
OpenProcess
GetPriorityClass
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetFileType
SetHandleCount
LCMapStringW
WideCharToMultiByte
lstrcpyW
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
ReadFile
MultiByteToWideChar
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetProcAddress
Sleep
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
DeleteCriticalSection
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection
GetProcessHeap
GetModuleHandleW
SetEvent
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
CreateProcessW
GetProcessIoCounters
SetPriorityClass
SetProcessAffinityMask
GetCurrentProcessId
CloseHandle
VirtualProtect
GetModuleHandleA
GetProcessAffinityMask
lstrcatW
GetSystemInfo
CreateEventW
IsWow64Process
ResetEvent
EnterCriticalSection
GetLastError
lstrlenW
lstrcmpW
TerminateProcess
lstrcpynW
LCMapStringA
LeaveCriticalSection

mswsock

GetServiceW
s_perror
SetServiceW

pdh

PdhGetCounterTimeBase
PdhBrowseCountersW
PdhVbAddCounter
PdhEnumMachinesW
PdhVbCreateCounterPathList
PdhValidatePathA
PdhExpandCounterPathW

winspool.drv

EnumFormsA
ScheduleJob
GetPrintProcessorDirectoryW
ResetPrinterW

mpr

WNetEnumResourceW
WNetDisconnectDialog1W
WNetGetProviderNameW
WNetGetLastErrorW
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetGetResourceInformationA
WNetOpenEnumW
MultinetGetConnectionPerformanceW

rpcrt4

RpcRevertToSelf
RpcMgmtWaitServerListen
MesIncrementalHandleReset
RpcSmAllocate
UuidIsNil

comdlg32

PageSetupDlgW
PrintDlgExA
ChooseFontA

rtutils

TraceGetConsoleW
RouterAssert
TracePutsExW
RouterLogDeregisterA
LogErrorA
RouterLogEventStringA

user32

SetFocus
BeginPaint
GetClassLongW
EnumWindows
wsprintfW
CreateIconIndirect
GetMenu
LoadIconW
GetWindowPlacement
TrackPopupMenuEx
GetClientRect
CheckMenuRadioItem
InvalidateRect
LoadMenuW
CascadeWindows
BringWindowToTop
GetWindowLongW
AppendMenuW
TileWindows
ReleaseDC
EnableMenuItem
GetMenuState
SetRect
GetGuiResources
GetDlgItem
SetWindowLongW
EndDialog
GetSysColor
OpenIcon
IsHungAppWindow
LoadStringW
ShowWindow
CreatePopupMenu
SendMessageTimeoutW
LoadBitmapW
CreateDialogParamW
DrawMenuBar
GetMenuItemCount
IsWindow
RemoveMenu
SetMenuDefaultItem
InsertMenuW
MessageBoxW
GetSystemMetrics
IsWindowVisible
SendMessageW
MapWindowPoints
EnableWindow
DestroyMenu
SetWindowTextW
DestroyIcon
WinHelpW
CallWindowProcW
DefWindowProcW
CheckMenuItem
CopyRect
GetWindowThreadProcessId
GetWindow
MoveWindow
GetParent
DialogBoxParamW
DeleteMenu
LoadStringA
TrackPopupMenu
IsIconic
FillRect
SetForegroundWindow
EndPaint
SetTimer
GetCursorPos
GetWindowRect
LoadImageW
PostMessageW
DrawTextW
KillTimer
IsZoomed
SetWindowPos
GetSubMenu
GetDC

gdi32

CreateSolidBrush
CreatePen
SaveDC
ExtTextOutW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
ExcludeClipRect
SetBkColor
DeleteDC
SetTextColor
LineTo
BitBlt
MoveToEx
RestoreDC

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RevertToSelf
OpenProcessToken
GetUserNameW
RegCreateKeyExW
LookupPrivilegeValueW
ImpersonateLoggedOnUser

shell32

Shell_NotifyIconW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

27fb5b9e0fffb467db793bfc582e5aa8

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

mswsock

pdh

winspool.drv

mpr

rpcrt4

comdlg32

rtutils

user32

gdi32

advapi32

shell32

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 30KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 30KB