a2855c095f4cf81db7ac1e6e6d38f0c50394d6d80753b42153bd157a8568a896

Sharing

Copy URL Twitter E-mail

General

Target

a2855c095f4cf81db7ac1e6e6d38f0c50394d6d80753b42153bd157a8568a896
Size

11.0MB
MD5

dbbbe3acc722f1815d030b5ef06810e0
SHA1

62b78033e7356f0106f540e6e886b985c330b97d
SHA256

a2855c095f4cf81db7ac1e6e6d38f0c50394d6d80753b42153bd157a8568a896
SHA512

d9127692fcdd85a1a3289c2622b27c4b9de2e273ec9c8c00d208834746913654433632ddd5f9f951b2e69e0c374f327c33913a65fa685f4e57799d150adacaa1
SSDEEP

196608:s8EX2wLEK/dVF21j/1INstyK1butDrkUWuZqosl5JiyRCC6A1NH6H/578jtzTGdI:snto1hINk1butnpWuZqoW5VR+CUHBKzB

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MINER.exe
unpack001/XTCASHnetwork.exe
unpack001/XTCASHservice.exe
unpack001/XTCASHwalletapi.exe
unpack001/cmdwallet.exe

Files

a2855c095f4cf81db7ac1e6e6d38f0c50394d6d80753b42153bd157a8568a896
.zip
MINER.exe
.exe windows x64

70dc2f9e45b3a475faf99cf8d979348a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASetLastError
closesocket
getnameinfo
send
recv
getpeername
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
socket
setsockopt
select
getsockopt
ioctlsocket
connect
__WSAFDIsSet

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
SwitchToFiber
DeleteFiber
ConvertFiberToThread
CreateFiberEx
ConvertThreadToFiberEx
LocalFree
FormatMessageA
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
PostQueuedCompletionStatus
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
RtlVirtualUnwind
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WaitForSingleObject
SetConsoleTextAttribute
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
GetQueuedCompletionStatusEx
CreateIoCompletionPort
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetCurrentProcess
GetLastError
CloseHandle
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
SetEndOfFile
FormatMessageW
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThread
GetNativeSystemInfo
TryEnterCriticalSection
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueueUserWorkItem
IsProcessorFeaturePresent
CreateEventW
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
ExitProcess
GetTimeZoneInformation
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
SetConsoleCtrlHandler
ExitThread

advapi32

CryptDecrypt
AdjustTokenPrivileges
LookupPrivilegeValueA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
OpenProcessToken
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

Exports

Exports

argon2_ctx
argon2_ctx_mem
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_memory_size
argon2_select_impl
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx
clear_internal_memory

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 881KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XTCASHnetwork.exe
.exe windows x64

30b2d98aa1ae3e54222bfe1ce3ad9b98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

closesocket
WSACleanup
getpeername
htonl
ntohl
htons
select
recv
connect
getnameinfo
send
getsockname
freeaddrinfo
getaddrinfo
sendto
inet_addr
WSAIoctl
socket
setsockopt
listen
bind
WSASend
WSARecv
WSAGetOverlappedResult
WSAGetLastError
shutdown
WSAStartup

iphlpapi

GetIpAddrTable
GetBestRoute

shlwapi

PathIsRelativeA

kernel32

GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
HeapSize
ReadConsoleW
GetFileSizeEx
FreeEnvironmentStringsW
GetConsoleOutputCP
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
HeapFree
HeapAlloc
SetEnvironmentVariableW
GetConsoleMode
GetProcessHeap
GetCommandLineW
GetCommandLineA
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
SwitchToFiber
DeleteFiber
ConvertFiberToThread
CreateFiberEx
ConvertThreadToFiberEx
CancelIoEx
LocalFree
FormatMessageA
CreateFileA
FindClose
WriteConsoleW
FindNextFileA
SetFileInformationByHandle
GetCurrentProcessorNumber
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
GetCurrentThread
GetThreadId
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
GetFileAttributesExA
RemoveDirectoryA
SetFilePointerEx
SetFileTime
DeviceIoControl
GetSystemInfo
GetSystemTimeAsFileTime
MapViewOfFileEx
GetModuleHandleA
GetProcAddress
CreateFileMappingA
MoveFileExA
CreateHardLinkA
GetComputerNameA
GetFileInformationByHandleEx
TlsAlloc
TlsGetValue
TlsSetValue
FlushFileBuffers
WriteFile
GetFileInformationByHandle
ReadFile
FlushViewOfFile
UnmapViewOfFile
GetStdHandle
GetVersionExA
SetConsoleCtrlHandler
SetConsoleTextAttribute
GetCurrentProcess
VirtualAlloc
VirtualFree
GetTimeZoneInformation
ExitThread
GetModuleHandleExW
ExitProcess
SetEndOfFile
FindFirstFileExA
WideCharToMultiByte
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
TryEnterCriticalSection
FormatMessageW
RtlUnwind
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
AreFileApisANSI
SetLastError
GetModuleHandleW
MultiByteToWideChar
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
CreateEventW
TlsFree
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
TerminateProcess
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualProtect

user32

GetSystemMetrics

shell32

SHGetSpecialFolderPathA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

Exports

Exports

argon2_ctx
argon2_ctx_mem
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_memory_size
argon2_select_impl
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx
clear_internal_memory

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XTCASHservice.exe
.exe windows x64

6c1231fb5f4656a0cb51c41ae8ed2f77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

kernel32

GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
RtlVirtualUnwind
ConvertFiberToThread
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateFiberEx
ConvertThreadToFiberEx
CancelIoEx
CreateFileA
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointer
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
MoveFileExA
GetCurrentProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
SetConsoleCtrlHandler
SetConsoleTextAttribute
GetModuleHandleA
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetACP
IsValidCodePage
SetStdHandle
HeapReAlloc
SetFilePointerEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
ExitThread
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitProcess
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetLastError
FormatMessageA
LocalFree
GetModuleFileNameA
Sleep
GetLastError
FormatMessageW
FindNextFileW
MultiByteToWideChar
FindFirstFileW
FindClose
DeleteFiber
SwitchToFiber
TlsGetValue
TlsFree
TlsSetValue
GetOEMCP
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
AreFileApisANSI
MoveFileExW
QueueUserWorkItem
IsProcessorFeaturePresent
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
CreateEventW
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
RtlUnwind

ws2_32

ntohl
WSASend
WSARecv
shutdown
getpeername
WSAIoctl
WSAGetOverlappedResult
htons
htonl
socket
setsockopt
listen
closesocket
freeaddrinfo
getaddrinfo
WSAGetLastError
WSASetLastError
send
recv
WSACleanup
WSAStartup
bind

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Exports

Exports

argon2_ctx
argon2_ctx_mem
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_memory_size
argon2_select_impl
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx
clear_internal_memory

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XTCASHwalletapi.exe
.exe windows x64

3ecfaa9f6f7379c2c17e4dad90571796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASend
WSARecv
WSAIoctl
WSAGetOverlappedResult
htons
htonl
ntohl
connect
getsockopt
ioctlsocket
WSAGetLastError
WSASetLastError
bind
closesocket
accept
getpeername
__WSAFDIsSet
getsockname
getnameinfo
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
recv
ntohs
listen

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateFiberEx
ConvertThreadToFiberEx
EnterCriticalSection
FlushFileBuffers
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetFilePointer
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
MoveFileExA
CancelIoEx
LocalFree
FormatMessageA
SetConsoleCtrlHandler
GetModuleHandleA
GetCurrentProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
ExitThread
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitProcess
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetLastError
GetLastError
DeleteCriticalSection
SetEndOfFile
LeaveCriticalSection
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
RtlUnwind
SetFilePointerEx
SetStdHandle
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
CreateFileA
VirtualProtect
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
QueueUserWorkItem
IsProcessorFeaturePresent
GetCPInfo
CreateEventW
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait

advapi32

CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
DeregisterEventSource

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Exports

Exports

argon2_ctx
argon2_ctx_mem
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_memory_size
argon2_select_impl
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx
clear_internal_memory

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdwallet.exe
.exe windows x64

2ebe52efa91a5d1982855b73744385b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
SwitchToFiber
DeleteFiber
ConvertFiberToThread
CreateFiberEx
ConvertThreadToFiberEx
CreateFileA
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointer
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
MoveFileExA
CancelIoEx
LocalFree
FormatMessageA
GetCurrentProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
SetConsoleCtrlHandler
GetModuleHandleA
GetProcAddress
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetFileType
WriteFile
GetModuleHandleW
RtlVirtualUnwind
GetCurrentProcessId
FreeLibrary
LoadLibraryA
LoadLibraryW
ReadConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
SetStdHandle
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitThread
GetTimeZoneInformation
ExitProcess
GetConsoleOutputCP
ReadFile
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
LoadLibraryExW
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
ReadConsoleA
SetErrorMode
SetConsoleTitleW
GetConsoleTitleW
ScrollConsoleScreenBufferA
WriteConsoleInputA
SetConsoleTextAttribute
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleCursorInfo
GetConsoleCursorInfo
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
WriteConsoleW
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetLastError
CloseHandle
GetEnvironmentVariableW
GetStdHandle
EnterCriticalSection
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
QueueUserWorkItem
IsProcessorFeaturePresent
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
AreFileApisANSI
MoveFileExW
CreateEventW
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
RtlUnwind

ws2_32

WSASetLastError
recv
send
freeaddrinfo
getaddrinfo
ntohl
WSARecv
shutdown
WSAIoctl
WSAGetOverlappedResult
WSAGetLastError
socket
setsockopt
htons
htonl
closesocket
bind
WSACleanup
WSAStartup
WSASend

advapi32

CryptSetHashParam
AdjustTokenPrivileges
LookupPrivilegeValueA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptGetUserKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
OpenProcessToken

crypt32

CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Exports

Exports

argon2_ctx
argon2_ctx_mem
argon2_encodedlen
argon2_error_message
argon2_hash
argon2_memory_size
argon2_select_impl
argon2_type2string
argon2_verify
argon2_verify_ctx
argon2d_ctx
argon2d_hash_encoded
argon2d_hash_raw
argon2d_verify
argon2d_verify_ctx
argon2i_ctx
argon2i_hash_encoded
argon2i_hash_raw
argon2i_verify
argon2i_verify_ctx
argon2id_ctx
argon2id_hash_encoded
argon2id_hash_raw
argon2id_verify
argon2id_verify_ctx
clear_internal_memory

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70dc2f9e45b3a475faf99cf8d979348a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

crypt32

user32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 881KB - Virtual size: 881KB

.data Size: 49KB - Virtual size: 584KB

.pdata Size: 103KB - Virtual size: 102KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 30KB - Virtual size: 30KB

30b2d98aa1ae3e54222bfe1ce3ad9b98

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

shlwapi

kernel32

user32

shell32

advapi32

bcrypt

rpcrt4

Exports

Exports

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 100KB - Virtual size: 640KB

.pdata Size: 167KB - Virtual size: 166KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 18KB - Virtual size: 17KB

6c1231fb5f4656a0cb51c41ae8ed2f77

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

crypt32

user32

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 111KB - Virtual size: 652KB

.pdata Size: 151KB - Virtual size: 151KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 36KB - Virtual size: 36KB

3ecfaa9f6f7379c2c17e4dad90571796

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

crypt32

user32

Exports

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 881KB - Virtual size: 881KB

.data
Size: 49KB - Virtual size: 584KB

.pdata
Size: 103KB - Virtual size: 102KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 100KB - Virtual size: 640KB

.pdata
Size: 167KB - Virtual size: 166KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 111KB - Virtual size: 652KB

.pdata
Size: 151KB - Virtual size: 151KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 119KB - Virtual size: 665KB

.pdata
Size: 169KB - Virtual size: 168KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 39KB - Virtual size: 38KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 118KB - Virtual size: 665KB

.pdata
Size: 151KB - Virtual size: 150KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 36KB - Virtual size: 35KB