ohrykv[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ohrykv.exe
Size

59KB
MD5

30037bcdc30f97360d9e6f9c4dff61c5
SHA1

2e878815a2371c07dba740ebcd601d8226425246
SHA256

f26cced6d37f35015a6d8f35867aeff84a1ae7b9873a7c6a1e2de5fa5c5ca3c8
SHA512

bd7bd14c596708f77d8f6223b2ffdf7894f86efa4b9c73e63a79bdebb014760adf42bac5b3a5f448b00bd81e233b5b130e97bf37b248f54121d58e12200b3e01
SSDEEP

768:TRh6F3ytu3whIIcV0jaattabYK15ZEvK9e8gTBNKwWUMt8j0a9EBDm:Ttu3whIc/6c5Mtq9EB

Score

1^/10

Malware Config

Signatures

Files

ohrykv.exe
.exe windows x86

9e6234adb3779546e5c5049677f2807e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LCMapStringEx
GetStringTypeW
CreateFileW
WriteConsoleW
lstrcpyW
DeleteCriticalSection
VirtualProtect
lstrlenW
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
SetStdHandle
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
Sleep
HeapFree
GetModuleHandleW
TerminateProcess
HeapAlloc
ReadFile
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
SetEndOfFile

winmm

midiOutGetDevCapsA
mixerClose
wid32Message
midiOutMessage
midiOutGetNumDevs
midiOutClose

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW

gdi32

SelectClipRgn
EnumObjects
RealizePalette
GetKerningPairsW
PolyBezierTo
GetClipBox
GetEnhMetaFileDescriptionA
SetWindowOrgEx
SetPixel
SetRelAbs

crypt32

CertAddSerializedElementToStore
CryptEncryptMessage
CryptEnumOIDFunction
CertCompareCertificateName
CryptDecodeObject
CertCreateCertificateContext

mapi32

ord171
ord175
ord180
ord81
ord132
ord172
ord23
ord128
ord154
ord13
ord206
ord46
ord178

wsnmp32

ord602
ord905
ord103
ord104
ord101
ord604

Exports

Exports

_CredPackAuthenticationBufferW@20
_CredUIParseUserNameW@20
_CredUIPromptForWindowsCredentialsW@36
_CredUIReadSSOCredW@8
_CredUIStoreSSOCredW@16
_CredUnPackAuthenticationBufferW@36

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6234adb3779546e5c5049677f2807e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

loadperf

gdi32

crypt32

mapi32

wsnmp32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 6KB