9ff0000[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ff0000.exe
Size

4.2MB
MD5

7628d420c182132cf235ef29c10d6226
SHA1

b32574135bb5246b45701b62597c662539cd24b5
SHA256

ae06da5924fe6623ae19c2015f250127135b4c326fc7d67c3aa05db78bcd2ff7
SHA512

e27df99caaf48811546d5fdef3b15b2546a8cc8630834aa7d9abc4a7e4d4f690fcdca366fce2cb2a5a38dbaf1d616df424583319e313f2b38e1fce35b3cfe79f
SSDEEP

98304:Mc+043voz8RHIDHjvQ5pGuE2uci39F6FIR3Sa01l+tuWfKzIX0Zamkb/k3Of/7/f:Mc+3f+TQ5pGukcHPIg6/7/uRoXcxqhs+

Score

1^/10

Malware Config

Signatures

Files

9ff0000.exe
.exe windows x86

8cdff76bf0f35493944e82fe9a7ae6af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp_win

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?width@ios_base@std@@QAE_J_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_init_in_situ
_Mtx_unlock
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm
_set_error_mode

api-ms-win-crt-string-l1-1-0

wcscspn
memset
wcsncmp
strncmp

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-private-l1-1-0

_o_abort
_o_ceil
_o_exit
_o_floor
_o_free
_o_iswspace
_o_lroundf
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__current_exception
__current_exception_context
_except_handler4_common
memmove
_o__wtoi
_o__wcsnicmp
_o__wcsicmp
_o__localtime32
_o__itow_s
_o__itoa_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime32
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime32
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__CIpow
_o__CIfmod
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcschr
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

aepic

PicRetrieveFileInfo
PicFreeFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
QueryInformationJobObject
AssignProcessToJobObject

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW
HashData

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
DeactivateActCtx
CreateActCtxW
ActivateActCtx

ntdll

ZwQueryValueKey
ZwOpenKey
ZwClose
RtlReAllocateHeap
RtlAppendUnicodeToString
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
ZwCreateFile
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitUnicodeString
ZwQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
NtSetInformationProcess
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
strchr
RtlAppendUnicodeStringToString
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
NtOpenProcessToken
WinSqmAddToStreamEx
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlRunOnceExecuteOnce
wcsspn
WinSqmIsOptedIn
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlNtStatusToDosErrorNoTeb
NtSetThreadExecutionState
VerSetConditionMask
RtlQueryResourcePolicy
WinSqmSetDWORD
RtlInitString

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LoadResource
FindResourceExW
SizeofResource
LoadStringW
GetModuleHandleA
LoadLibraryExW
FindStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateMutexW
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
AcquireSRWLockShared
TryAcquireSRWLockExclusive
SetEvent
EnterCriticalSection
ResetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockExclusive
TryEnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
SleepEx
OpenSemaphoreW
OpenEventW
ReleaseSRWLockShared
CreateEventExW
OpenMutexW
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
FindNextFileW
GetLongPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
CompareFileTime
WriteFile
DeleteFileW
CreateFileW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventEnabled
EventWrite
EventActivityIdControl
EventUnregister

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegOpenCurrentUser
RegEnumValueW
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
TlsAlloc
QueueUserAPC
GetCurrentProcess
GetProcessId
TerminateProcess
TlsGetValue
TlsFree
GetStartupInfoW
TlsSetValue
ExitProcess
CreateProcessW
ResumeThread
ProcessIdToSessionId
SetProcessShutdownParameters
OpenThreadToken
OpenProcessToken
SetThreadPriority
GetThreadPriority
SetThreadPriorityBoost
GetPriorityClass
SetPriorityClass
GetCurrentThread
GetCurrentThreadId
CreateThread
OpenThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetUserDefaultLocaleName
GetLocaleInfoEx
GetCalendarInfoW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocStringByteLen
VarUI4FromStr
VariantClear
SysStringLen
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayDestroy
VariantInit
SafeArrayAccessData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoGetStdMarshalEx
CoUninitialize
CoGetCallContext
CoInitializeEx
CoGetMalloc
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoFreeUnusedLibraries
CoGetObjectContext
PropVariantClear
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoTaskMemRealloc
CoSetProxyBlanket
CoRevokeClassObject
IIDFromString
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoCancelCall
CoDisableCallCancellation
CoEnableCallCancellation
CoRegisterClassObject
CoCreateInstance
CLSIDFromString
StringFromGUID2
StringFromIID
CoCreateGuid

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntW
StrCmpIW
StrChrIW
StrCmpNICW
StrStrIW
StrCmpNIW
QISearch
StrCmpICW
StrCmpICA
StrChrW
StrCmpW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_GetSite
IUnknown_Set
IUnknown_SetSite

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree
GlobalAlloc
GlobalFree

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetSystemTime
GetWindowsDirectoryW
GetLocalTime
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCurrentDirectoryW
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathFindExtensionW
PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW
PathParseIconLocationW
PathIsFileSpecW
PathCommonPrefixW
PathFindFileNameW
PathRemoveBlanksW
PathQuoteSpacesW
SHExpandEnvironmentStringsW
PathCombineW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsSubstringWithSpecifiedLength
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHDeleteValueW
SHQueryInfoKeyW
SHEnumKeyExW
SHDeleteKeyW
SHGetValueW
SHRegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHGetThreadRef
SHCreateThreadRef
SetProcessReference
SHCreateThread

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

GetAce
InitializeAcl
EqualSid
AddAce
DeleteAce
GetTokenInformation
GetAclInformation
CopySid
CreateWellKnownSid
CheckTokenMembership
MakeAbsoluteSD
DuplicateToken
IsValidSid
GetLengthSid
SetKernelObjectSecurity

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec
PathCchCombine
PathAllocCombine
PathCchAddExtension

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
VirtualProtect
VirtualFree
UnmapViewOfFile
MapViewOfFile
VirtualAlloc

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
IStream_Reset
SHCreateStreamOnFileEx
IStream_Read
IStream_Write
SHCreateStreamOnFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
GetDynamicTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus
GetComputerNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
PowerDeterminePlatformRoleEx
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord479
ord478
SHIsChildOrSelf
ord197
AssocQueryStringW
ord165
StrRetToBufW
IUnknown_GetWindow
ord509
StrRetToStrW
SHCreateWorkerWindowW
ord635
ord292
SHPinDllOfCLSID
ShellMessageBoxW
ord544
ord279
PathRemoveArgsW
ord481

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
QueryDisplayConfig
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW

api-ms-win-ntuser-rectangle-l1-1-0

SetRectEmpty
SetRect
UnionRect
CopyRect
PtInRect
IsRectEmpty
SubtractRect
IntersectRect
InflateRect
EqualRect
OffsetRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent
NotifyWinEvent

api-ms-win-shell-namespace-l1-1-0

ILIsEqual
SHGetNameFromIDList
ILFindLastID
ILClone
ILRemoveLastID
SHBindToParent
SHGetIDListFromObject
SHParseDisplayName
ILFree
ILGetSize
ILCloneFirst
SHBindToObject
SHBindToFolderIDListParent
ILCombine
SHCreateItemFromIDList
SHCreateItemFromParsingName
ILIsParent

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetCurrentInputMessageSource
GetPointerDevices
EnableMouseInPointer
GetPointerType
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

SHGetKnownFolderIDList
SetThreadFlags
GetThreadFlags
SHGetFolderPathEx

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHHandleUpdateImage
SHChangeNotification_Unlock
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotification_Lock

propsys

PropVariantToBoolean
PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
PSGetPropertyFromPropertyStorage
PropVariantToStringAlloc
PSCreateMemoryPropertyStore
InitVariantFromResource
InitVariantFromGUIDAsString

coremessaging

CreateDispatcherQueueController

urlmon

URLOpenBlockingStreamW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
ParseApplicationUserModelId

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

GetObjectW
DeleteObject
OffsetRgn
CreateCompatibleDC
SelectObject
GetClipBox
GetCurrentObject
DeleteDC
SelectClipRgn
GetClipRgn
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateFontIndirectW
SetTextColor
CreateRectRgnIndirect
Rectangle
SetStretchBltMode
GetDeviceCaps
GetStockObject
CreateRectRgn
ExcludeClipRect
SetRectRgn
StretchBlt
CombineRgn
GetTextExtentPoint32W
ExtTextOutW
SetTextAlign
GetTextMetricsW

kernel32

GetModuleHandleExA
SetProcessDEPPolicy
IsBadWritePtr

wininet

InternetCrackUrlW

shcore

ord109
ord174
ord121
ord123
ord190
ord162
ord126
ord191
ord183
ord192
ord1
SHUnicodeToAnsi
ord187
ord186
ord141
ord142
ord200
ord184

shell32

ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
ord906
ord895
ShellExecuteW
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
SHEvaluateSystemCommandTemplate
ord181
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord733
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord134
ord22
ord850
ord95
ord885
ord723
ord680
ord172
ord866

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

GetThemeFont
ord86
DrawThemeBackground
DrawThemeParentBackground
IsCompositionActive
CloseThemeData
GetThemeBackgroundExtent
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
IsAppThemed
DrawThemeTextEx
BufferedPaintSetAlpha
ord126
BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
BufferedPaintUnInit
GetThemePartSize
IsThemeActive
GetBufferedPaintBits
GetWindowTheme
SetWindowTheme
GetThemeMetric
GetThemeColor
GetThemeInt
ord138

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
ord113
ord138
ord141
ord114
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmRegisterThumbnail
ord139

user32

GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
ReleaseCapture
GetCapture
SetCapture
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
GetKeyState
ExitWindowsEx
EndDialog
SendDlgItemMessageW
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
IsIconic
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
CalculatePopupWindowPosition
SetCursor
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
TrackMouseEvent
PostThreadMessageW
UnregisterClassA
ChangeWindowMessageFilterEx
CheckMenuItem
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
TranslateAcceleratorW
ord2611
TrackPopupMenuEx
DeleteMenu
FillRect
DrawTextW
LoadMenuW
ord2005
CopyIcon
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
MonitorFromPoint
ReplyMessage
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
LoadCursorW
SetLayeredWindowAttributes
GhostWindowFromHungWindow
GetIconInfoExW
GetIconInfo
GetClassWord
GetClassLongW
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
InsertMenuW
BringWindowToTop
ord2573
EndTask
MonitorFromRect
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
DrawTextExW
GetGuiResources
IsProcessDPIAware
IsHungAppWindow
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
UpdateLayeredWindow
ord2521
UnregisterClassW
ord2522
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
ord2574
GetDoubleClickTime
GetSystemMetricsForDpi
DrawIconEx
DestroyIcon
CopyImage
GetSysColor
GetSubMenu
SwitchToThisWindow

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerSetRequest
PowerCreateRequest

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
StopTraceW

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall2

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtEnumerateWorkItemsForPackageName
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem

netapi32

NetGetAadJoinInformation
NetFreeAadJoinInformation

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

SetErrorInfo
GetErrorInfo

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cdff76bf0f35493944e82fe9a7ae6af

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-private-l1-1-0

aepic

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-url-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-1

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-shcore-path-l1-1-0

.text
Size: 2.8MB - Virtual size: 2.8MB

.imrsiv
Size: - Virtual size: 4B