giywdq[.]exe_ | Triage

Sharing

Copy URL Twitter E-mail

General

Target

giywdq.exe_
Size

51KB
MD5

c4ca3fe9267fa3b159b93fef31fe0c39
SHA1

029bac30591b77fe5416afd103c490bb110b1bf3
SHA256

cfd89b651052ef7ee4105e62cf23d1a927ac741a820ce2645328e26c61f6b3f5
SHA512

118425d1091cbf1f38e1879d011c96aeca71141db890957f0d9ce88b75085f3d0aa6b02ac6cafea8af48f34412d44c8231ab3ecd091a8b789a55229d926a4cbe
SSDEEP

768:I/vwmWseh5kTzqdlP8zJRZ5sGX5zUJ/4nVnYu6VlPhmEDyPnyndhdqkMRO:IHe5kCdlP89Vs05zUEVnEPapO

Score

1^/10

Malware Config

Signatures

Files

giywdq.exe_
.exe windows x86

dadaacb71eaa0c110342c493e4b835d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shlwapi

StrSpnA
PathSkipRootA
PathRemoveBlanksW
PathQuoteSpacesA
GetMenuPosFromID
UrlApplySchemeW
StrToIntA
UrlEscapeA
StrCpyNW
StrChrW

kernel32

CloseHandle
lstrcpyW
VirtualAlloc
MultiByteToWideChar
CreateFileW
IsProcessorFeaturePresent
SetStdHandle
CreateFileA
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
ReadFile
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
WriteFile
SetFilePointer
DeleteCriticalSection
GetStartupInfoW
SetHandleCount
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLastError
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetConsoleWindow
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
GetCommandLineW
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
HeapSize
SetEndOfFile
LCMapStringW
GetStringTypeW
GetCurrentThreadId

crypt32

CryptMsgUpdate
CryptFormatObject
CryptGetOIDFunctionAddress
CertAddEnhancedKeyUsageIdentifier
CertGetCRLContextProperty
CertCompareIntegerBlob

shell32

DragAcceptFiles
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolder

odbc32

ord150
PostODBCError
ord55
ord254
ord276
ord240
ord119
ord170

rtutils

TracePrintfExA
RouterLogRegisterW
TraceDeregisterExA
RouterLogEventStringW
TraceDumpExW
TraceRegisterExW
LogErrorW
TracePrintfA

msi

ord85
ord82
ord24
ord151

mswsock

s_perror
SetServiceW
TransmitFile
EnumProtocolsW
MigrateWinsockConfiguration
GetServiceA
AcceptEx
NPLoadNameSpaces
GetAddressByNameW
GetAddressByNameA

user32

ShowWindow
GetDlgItem
LoadIconW
MonitorFromRect
IsDialogMessageW
LoadAcceleratorsW
GetMonitorInfoW
SetWindowTextW
UpdateWindow
SendMessageW
GetSystemMetrics
RegisterClassExW
TranslateMessage
LoadCursorW
GetParent
LoadImageW
RegisterWindowMessageW
GetMessageW
TranslateAcceleratorW
GetWindowTextLengthW
DispatchMessageW
SetFocus

comdlg32

GetSaveFileNameW

advapi32

IsTextUnicode

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dadaacb71eaa0c110342c493e4b835d8

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

crypt32

shell32

odbc32

rtutils

msi

mswsock

user32

comdlg32

advapi32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 16KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 16KB