AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_Z13widechar_mainiPPw
_Z5_mainv
main
Static task
static1
1 signatures
General
-
Target
queens-brothel-windows-demo.zip
-
Size
173.0MB
-
MD5
53685e7e92e53ddab7143e665727582a
-
SHA1
f90c19954b2daacda39d4295881989df1f8f6133
-
SHA256
4db6139406bac02192fb36d60842bc77228b16f2bf0c8eec29e723d7577cfa66
-
SHA512
a401fdc6e360416eb35b98919114eab7c61f6d22f52f13be152c5147a66e83481b7628f3c11b346a9629042fc08a45b9b48f4c34f6b803af70f8f3d3e293a58f
-
SSDEEP
3145728:fVPDI/xN0VW1MZEXw/sIwCMO4igqy6VwcEoRrsBM594zj1Nme6Z4jNstCl:fdfVW1Mz/yli7y6yNQwS94PLNDl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/windows.exe
Files
-
queens-brothel-windows-demo.zip.zip .ps1 polyglot
-
windows.exe.exe windows:4 windows x86 arch:x86
e29bf334a585362fb2dc447ff736af24
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
avrt
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
bcrypt
BCryptGenRandom
dinput8
DirectInput8Create
dwmapi
DwmEnableBlurBehindWindow
DwmFlush
DwmIsCompositionEnabled
gdi32
BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers
imm32
ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
iphlpapi
GetAdaptersAddresses
GetBestInterfaceEx
kernel32
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CreateDirectoryW
CreateEventA
CreateMutexA
CreatePipe
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadContext
GetThreadPriority
GetTickCount64
GetTickCount
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
msvcrt
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fileno
_fstat64
_get_osfhandle
_getpid
_initterm
_iob
_lock
_lseeki64
_onexit
_scprintf
_setjmp3
_snprintf
fwprintf
_strdup
_strnicmp
_ultoa
_unlock
_vscprintf
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfsopen
_wgetenv
_wrename
_wrmdir
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen_s
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
isxdigit
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
gmtime
perror
printf
putc
putwc
qsort
rand
realloc
remove
setlocale
setvbuf
signal
sinh
srand
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tanh
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
time
wcscoll
wcscpy_s
wcsftime
wcslen
wcsxfrm
_wstat
_vsnprintf_s
longjmp
_write
_strdup
_read
_memicmp
_fileno
_fdopen
_close
ole32
CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear
opengl32
wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
shell32
CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteW
shlwapi
PathFileExistsW
user32
ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
EnumDisplaySettingsW
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageExtraInfo
GetMonitorInfoW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetWindowLongA
GetWindowRect
IsClipboardFormatAvailable
IsIconic
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyA
MapVirtualKeyExA
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackMouseEvent
TranslateMessage
winmm
midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod
ws2_32
WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton
wsock32
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
Exports
Exports
Sections
.text Size: 29.8MB - Virtual size: 29.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pck Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 54KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 209B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 352KB - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 803KB - Virtual size: 803KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
windows.pck