fa6ec3cadecf07e644c452a1077adc12

Sharing

Copy URL

Twitter E-mail

General

Target

fa6ec3cadecf07e644c452a1077adc12
Size

5.9MB
MD5

fa6ec3cadecf07e644c452a1077adc12
SHA1

55e0240653c41064b3476bc4ed914a0fc01979ec
SHA256

ef609b6eadc6131860845ee926b1046e885f2c0c3ccde6be58f9b94177153173
SHA512

3517ce186ee0f83fdfdddc42b39e655b76e60bb700fcfa353ae6552442d000c8207ec592b91fd92ed75ae71ab1b711d67574553eaf2d3ad179bd2cbef06f2285
SSDEEP

49152:oAiH2ey/7sS63MNclj4Lyije9QdAoFbzi8pbrGj0+m6a0L7FF2FjV+fmKtgEF3p+:sn3sK7J2hgvHoqN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa6ec3cadecf07e644c452a1077adc12

Files

fa6ec3cadecf07e644c452a1077adc12
.exe windows:10 windows x64 arch:x64

50e5ed905d846a627cf962e268f47480

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

_Cnd_wait
_Cnd_signal
_Cnd_destroy
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Mtx_destroy
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_XGetLastError@std@@YAXXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?widen@?$ctype@D@std@@QEBADD@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?exceptions@ios_base@std@@QEAAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Xtime_get_ticks
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Cnd_timedwait
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
_Mtx_current_owns
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Cnd_init
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
_Query_perf_counter
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Query_perf_frequency
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@_W@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Wcscoll
_Wcsxfrm
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1facet@locale@std@@MEAA@XZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0facet@locale@std@@IEAA@_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Mtx_init
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?swap@?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAXAEAV12@@Z
_Thrd_join
_Thrd_start
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Random_device@std@@YAIXZ
?_Xbad_alloc@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?toupper@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?swap@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXAEAV12@@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
_c_exit

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
wcsnlen
wcscmp
strnlen
memset

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__strnicmp
_o__ui64toa_s
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
_o__wgetenv_s
_o__wmakepath_s
_o__wsplitpath_s
_o__wtoi64
_o_bsearch
_o_calloc
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_isdigit
_o_isspace
_o_iswspace
_o_isxdigit
_o_malloc
_o_pow
memmove
_o_qsort
_o_rand
_o_realloc
_o_setvbuf
_o_strftime
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_ungetc
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__itoa_s
_o__isctype_l
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__i64tow_s
_o__i64toa_s
_o__gmtime64_s
_o__get_stream_buffer_pointers
_o__get_initial_wide_environment
_o__fseeki64
_o__free_locale
_o__free_base
_o__exit
_o__errno
_o__crt_atexit
_o__create_locale
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__malloc_base
_o__atodbl
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
_o__lock_file
__RTDynamicCast
memchr
memcmp
memcpy
wcschr
wcsrchr
strchr
__RTtypeid
__std_type_info_compare
__std_type_info_hash

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseMutex
CreateMutexExW
SetEvent
EnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
CreateSemaphoreExW
AcquireSRWLockExclusive
LeaveCriticalSection
OpenSemaphoreW
CreateEventExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
CreateProcessAsUserW
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister
EventProviderEnabled
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeByAddressSingle
WaitOnAddress

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolWait
TrySubmitThreadpoolCallback

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegQueryValueExW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-oobe-notification-l1-1-0

RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoGetObjectContext
CoTaskMemAlloc

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification

tellib

TelLib_SetTimerValue
TelLib_SetNetworkState
TelLib_SetGeneralQuietMode
TelLib_SetBatteryState
TelLib_SetConnectedStandby
TelLib_SetProxyInfo
TelLib_SetDiskQuota
TelLib_SetDailyUploadQuota
TelLib_ForceUpload
TelLib_Cleanup
TelLib_SetUploadUrls
TelLib_SetAgentConnectivityCallback
TelLib_SetUploadFailedCallback
TelLib_SetDiskActivityCallback
TelLib_SetNetworkActivityCallback
TelLib_SetBandwidthExceededChangedCallback
TelLib_Initialize
TelLib_EventWrite

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

wldp

WldpQueryWindowsLockdownMode

msi

ord244
ord45
ord270

winipcfile

ord3

kernel32

WaitForThreadpoolTimerCallbacks
SetProcessMitigationPolicy
GetProcessMitigationPolicy
CloseThreadpoolTimer
GetDriveTypeW
WakeConditionVariable
AssignProcessToJobObject
CreateJobObjectW
GetExitCodeProcess
GetFileInformationByHandleEx
FindFirstFileW
RemoveDirectoryW
DeleteFileW
MoveFileExW
CopyFileW
GetEnvironmentVariableW
SetInformationJobObject
GetCurrentThread
SetThreadpoolTimer
CreateThreadpoolTimer
CancelIo
InitializeCriticalSection
DuplicateHandle
UnregisterWaitEx
GetOverlappedResultEx
FindNextVolumeW
GetComputerNameExW
InitializeConditionVariable
CompareFileTime
ReleaseSRWLockShared
AcquireSRWLockShared
LocalFree
CreateThread
FindClose
FindFirstFileExW
FindNextFileW
Sleep
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
MultiByteToWideChar
GetPackageFullName
OpenProcess
GetProcessTimes
SystemTimeToFileTime
WaitForMultipleObjects
SleepConditionVariableCS
ReadProcessMemory
IsThreadpoolTimerSet
GetTickCount64
SwitchToThread
FileTimeToSystemTime
SetThreadPriority
QueryThreadCycleTime
GetSystemTime
QueryPerformanceFrequency
GetDateFormatW
GetTimeZoneInformation
GetWindowsDirectoryW
ExpandEnvironmentStringsW
ResetEvent
RaiseException
GetTickCount
CreateDirectoryW
ReadFile
WriteFile
GetTempPathW
CreateFileW
CompareStringW
WTSGetActiveConsoleSessionId
LoadLibraryW
FreeLibrary
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
SetFilePointer
GetFirmwareType
GetSystemInfo
QueryProcessCycleTime
GetSystemPreferredUILanguages
GetUserPreferredUILanguages
GetComputerNameW
GetProductInfo
GetEnabledXStateFeatures
InstallELAMCertificateInfo
GetFileSize
DeleteProcThreadAttributeList
GetTempFileNameW
GetFileSizeEx
GetFileAttributesW
GetModuleFileNameW
GetVersionExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryFullProcessImageNameW
QueryDosDeviceW
GetVolumeInformationW
FindFirstVolumeW
DeviceIoControl
FindVolumeClose
GetSystemDirectoryW
SetFilePointerEx
GetFileTime
CreatePipe
GetProcessId
SetHandleInformation
K32GetProcessMemoryInfo
K32EnumProcessModules
GetVolumePathNamesForVolumeNameW

urlmon

FindMimeFromData

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnumerateTraceGuidsEx
EnableTraceEx2
ControlTraceW
StopTraceW

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

rpcrt4

RpcBindingFree
NdrClientCall3
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCompare
UuidHash
UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
RpcExceptionFilter

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhGetProperty
TdhGetPropertySize

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
CreateRestrictedToken
IsWellKnownSid
GetSidSubAuthority
AdjustTokenPrivileges
RevertToSelf
DestroyPrivateObjectSecurity
FreeSid
IsValidSid
EqualSid
GetLengthSid

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW
PathFindExtensionW

ntdll

NtQueryWnfStateData
RtlIpv4AddressToStringExW
RtlCreateUnicodeString
NtDeleteValueKey
RtlFreeUnicodeString
NtSetInformationProcess
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv6AddressToStringExW
NtDeleteKey
RtlSubscribeWnfStateChangeNotification
NtOpenFile
RtlQueryImageMitigationPolicy
NtQuerySystemInformation
ZwQueryEaFile
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW

crypt32

CryptImportPublicKeyInfo
CertOpenStore
CertFreeCertificateChain
CertAddCertificateContextToStore
CryptBinaryToStringA
CertGetCertificateChain
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateContext
CertCreateCertificateContext
CertFindExtension
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertGetNameStringW
CryptDecodeObjectEx

oleaut32

VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer

cabinet

ord33
ord30
ord35

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

api-ms-win-security-audit-l1-1-0

AuditSetSystemPolicy

iphlpapi

GetUnicastIpAddressTable
GetIpNetTable2
GetAdaptersAddresses
FreeMibTable

ws2_32

WSAStartup
WSACleanup
InetNtopW

api-ms-win-core-path-l1-1-0

PathCchCombine

userenv

ExpandEnvironmentStringsForUserW
GetProfilesDirectoryW
GetAllUsersProfileDirectoryW

api-ms-win-security-logon-l1-1-1

LogonUserW

samcli

NetUserEnum

netutils

NetApiBufferFree

dnsapi

DnsFree
DnsQuery_W
DnsGetCacheDataTable

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
QueryServiceConfig2W
ChangeServiceConfigW
ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptAcquireContextW
CryptVerifySignatureW
CryptDestroyHash
CryptCreateHash
CryptHashData

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

wkscli

NetGetJoinInformation

sspicli

GetUserNameExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

devobj

DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjDestroyDeviceInfoList

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wevtapi

EvtRender
EvtClose
EvtCreateRenderContext
EvtSubscribe

mssecuser

SecRequestOplock
SecWriteFileSensitivityEA
SecWriteFileHashEA
SecGetProcessInfo
SecIsKernelIntegrityEnabled
SecDeleteSessionFilter
SecCreateSessionFilter
SecClearRegistryOperations
SecSetConfiguration
SecSetRegistryOperations
SecGetFileHashes
SecUnregisterConsumer
SecRegisterConsumer
SecSetFileMonitorOperations

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-crt-math-l1-1-0

ceilf

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e5ed905d846a627cf962e268f47480

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-oobe-notification-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-com-l1-1-0

user32

tellib

api-ms-win-security-isolatedcontainer-l1-1-1

wldp

msi

winipcfile

kernel32

urlmon

api-ms-win-crt-time-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

rpcrt4

api-ms-win-eventing-tdh-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

crypt32

oleaut32

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

cabinet

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-version-private-l1-1-0

api-ms-win-security-audit-l1-1-0

iphlpapi

ws2_32

api-ms-win-core-path-l1-1-0

userenv

api-ms-win-security-logon-l1-1-1

samcli

netutils

dnsapi

bcrypt

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-power-setting-l1-1-0

wkscli

sspicli

api-ms-win-core-apiquery-l1-1-0

.text
Size: 3.7MB - Virtual size: 3.7MB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 173KB - Virtual size: 294KB

.pdata
Size: 148KB - Virtual size: 148KB

.didat
Size: 512B - Virtual size: 376B

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 412KB - Virtual size: 752KB