xworm | danger[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

danger.rar
Size

3.2MB
MD5

d63de20d0f8898d0bc46162cbea6044e
SHA1

ae2b4418724df39febc159d9043a1750fee080e7
SHA256

546915e509d4f1c3a8b0f9d415ba3ade1b5095e1f69eef877e64f36203b4da67
SHA512

3cdcd8fcfb0aec0256a0cbc011973fb80cb8644b11229577978200f76a5d9062b2ae4fdb6306272eb9d7c394c08823fa9cee83541885111ffecede4902c80ed6
SSDEEP

98304:ZxgSMKYYiazHxKAU4XwHaYuoyAx6owNSU:ZqIrQAqHUFowNSU

Score

10^/10

hacked xworm njrat

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

TcK6iKFmjhETcMYi

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/RqgnZ1zk

aes.plain

Extracted

Family

xworm

tr1.localto.net:39186

Attributes

Install_directory
%ProgramData%
install_file
Microsoft Storge.exe

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

hakim32.ddns.net:2000

dead-reviewer.gl.at.ply.gg:60161

Mutex

90319c19387bbc36810cf2f727f01c05

Attributes

reg_key
90319c19387bbc36810cf2f727f01c05
splitter
|'|'|

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
static1/unpack001/Synapse X.exe	family_xworm
static1/unpack001/XClient.exe	family_xworm

Njrat family
njrat
Xworm family
xworm

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2door.exe
unpack001/Synapse X.exe
unpack001/XClient.exe
unpack001/fuck you doork.exe
unpack001/smokeloader.exe
unpack001/start.bat
unpack001/stealc.exe

Files

danger.rar
.rar
2door.exe
.exe windows:5 windows x86 arch:x86

09fb12eeb0c873db1d31b5ee7b6dc9f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
HeapCompact
GetEnvironmentStringsW
SetHandleInformation
WaitForSingleObject
GetConsoleAliasesLengthA
GetSystemTimeAsFileTime
GetConsoleTitleA
CancelDeviceWakeupRequest
EnumResourceTypesA
GlobalAlloc
GetFirmwareEnvironmentVariableA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SizeofResource
GetProcessHandleCount
GetFileAttributesA
SetConsoleCursorPosition
GetFileAttributesW
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
VirtualAlloc
CopyFileA
GetAtomNameA
LoadLibraryA
LockResource
WaitForMultipleObjects
GetDefaultCommConfigA
EnumDateFormatsA
FillConsoleOutputAttribute
GlobalAddAtomW
CheckRemoteDebuggerPresent
EnumCalendarInfoExA
LocalFree
LCMapStringW
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
Sleep
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
SetFilePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
CloseHandle
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
LoadLibraryW
ReadFile
SetStdHandle
FlushFileBuffers
RaiseException
WriteConsoleW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

SetCaretPos

ole32

CoGetMalloc

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Synapse X.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fuck you doork.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
raccon.exe
.exe windows:4 windows x86 arch:x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-01-2009 01:58

Not After

20-03-2010 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15
Signer

Actual PE Digest

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
smokeloader.exe
.exe windows:5 windows x86 arch:x86

a4ae589821c5dc6d5b727f8ebbd62dc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
WriteConsoleInputW
lstrlenA
GetConsoleAliasA
WaitNamedPipeA
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
OpenSemaphoreA
SetTapeParameters
MoveFileWithProgressA
GetModuleHandleW
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
ReadConsoleW
GetCompressedFileSizeW
GetConsoleAliasExesW
GetUserDefaultLangID
SetCommState
CreateActCtxW
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
ReadConsoleInputA
CopyFileW
_hread
GetSystemPowerStatus
GetExitCodeProcess
EnumSystemCodePagesA
GetFileAttributesW
TerminateProcess
IsDBCSLeadByte
GetTimeZoneInformation
FindNextVolumeMountPointW
ReplaceFileA
GetTempPathW
EnumSystemLocalesA
GetConsoleOutputCP
VerifyVersionInfoW
GetStartupInfoA
GetLastError
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
RemoveDirectoryA
GetPrivateProfileStringA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
IsWow64Process
SetConsoleCtrlHandler
CreateEventW
WriteProfileSectionW
VirtualLock
GlobalGetAtomNameW
GetCurrentConsoleFont
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
QueryPerformanceFrequency
GetShortPathNameW
FindFirstVolumeA
GetWindowsDirectoryW
MoveFileWithProgressW
ResetWriteWatch
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MoveFileA
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileW

user32

CharUpperA

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
start.bat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stealc.exe
.exe windows:5 windows x86 arch:x86

892cf399352d143dfa090ba225b3a97b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
WriteConsoleInputW
lstrlenA
GetStringTypeA
GetConsoleAliasA
WaitNamedPipeA
GetEnvironmentStringsW
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
CreateActCtxW
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
GetExitCodeProcess
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
EnumSystemLocalesA
GetConsoleOutputCP
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
VirtualLock
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

09fb12eeb0c873db1d31b5ee7b6dc9f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 25KB

.rsrc Size: 32KB - Virtual size: 32KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 61KB - Virtual size: 61KB

.rsrc Size: 127KB - Virtual size: 127KB

.reloc Size: 512B - Virtual size: 12B

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 2KB

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:64:0f:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15Signer

Headers

File Characteristics

Sections

CODE Size: 343KB - Virtual size: 342KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 25KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 2KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:64:0f:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15
Signer

CODE
Size: 343KB - Virtual size: 342KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 177KB - Virtual size: 177KB

.text
Size: 174KB - Virtual size: 174KB

.data
Size: 9KB - Virtual size: 3.5MB

.rsrc
Size: 63KB - Virtual size: 62KB

.text
Size: 92KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 177KB - Virtual size: 176KB

.data
Size: 9KB - Virtual size: 3.5MB

.rsrc
Size: 68KB - Virtual size: 68KB