General

Malware Config

Signatures

Files

• b3691f89063b74acaed4841c7c4318695967dbc7e323cc931a3d2d7054d20d9c

  .exe windows:6 windows x64 arch:x64

  c132aaefe72535a17932a81485aab72c

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetCurrentProcessId

  GetFileAttributesW

  LocalFree

  SetWaitableTimer

  TlsSetValue

  CreateWaitableTimerW

  WaitForMultipleObjects

  InitializeCriticalSectionAndSpinCount

  GetQueuedCompletionStatus

  GetModuleHandleA

  TerminateThread

  QueueUserAPC

  VerSetConditionMask

  WideCharToMultiByte

  SetEvent

  WaitForSingleObjectEx

  TlsGetValue

  CreateIoCompletionPort

  GetSystemTimeAsFileTime

  FindFirstFileW

  FindNextFileW

  SetFileTime

  LocalFileTimeToFileTime

  CreateFileA

  FileTimeToLocalFileTime

  DosDateTimeToFileTime

  GetFileTime

  FileTimeToDosDateTime

  RtlLookupFunctionEntry

  DeleteFileA

  OutputDebugStringW

  FindClose

  FindNextFileA

  OutputDebugStringA

  FindFirstFileA

  LoadLibraryExW

  lstrcmpiW

  LoadResource

  FreeLibrary

  GetModuleHandleW

  FindResourceW

  SleepEx

  MultiByteToWideChar

  GetModuleFileNameW

  SizeofResource

  GetExitCodeProcess

  ResetEvent

  CreateEventW

  CopyFileW

  GetProcAddress

  LoadLibraryW

  WritePrivateProfileStringW

  GetFileSizeEx

  FormatMessageA

  PeekNamedPipe

  WaitForSingleObject

  TlsFree

  CreateProcessW

  ExitProcess

  DeleteCriticalSection

  RaiseException

  CloseHandle

  Process32FirstW

  DeleteFileW

  TlsAlloc

  Process32NextW

  GetLastError

  Sleep

  GetPrivateProfileStringW

  CreateToolhelp32Snapshot

  PostQueuedCompletionStatus

  ResumeThread

  CreateMutexA

  InitializeCriticalSectionEx

  LeaveCriticalSection

  CreateJobObjectW

  AssignProcessToJobObject

  lstrlenW

  EnterCriticalSection

  SetLastError

  SetInformationJobObject

  VerifyVersionInfoW

  ReadFile

  GetFileType

  GetStdHandle

  ExpandEnvironmentStringsA

  VerifyVersionInfoA

  LoadLibraryA

  GetSystemDirectoryA

  GetTickCount64

  InitializeSListHead

  GetCurrentThreadId

  QueryPerformanceCounter

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlCaptureContext

  user32

  GetRawInputDeviceList

  PostQuitMessage

  RegisterPowerSettingNotification

  ChangeWindowMessageFilterEx

  TranslateMessage

  TranslateAcceleratorW

  RegisterSuspendResumeNotification

  DispatchMessageW

  GetRawInputDeviceInfoW

  RegisterDeviceNotificationW

  RegisterClassExW

  CreateWindowExW

  DestroyWindow

  DefWindowProcW

  GetMessageW

  PostThreadMessageW

  FindWindowW

  PostMessageW

  CharNextW

  KillTimer

  UnregisterDeviceNotification

  SetTimer

  LoadStringW

  LoadAcceleratorsW

  advapi32

  GetAce

  EqualSid

  AllocateAndInitializeSid

  SetNamedSecurityInfoW

  GetNamedSecurityInfoW

  DeleteAce

  FreeSid

  BuildTrusteeWithSidW

  CloseServiceHandle

  OpenSCManagerW

  RegDeleteKeyW

  NotifyServiceStatusChangeW

  RegCreateKeyExW

  OpenServiceW

  RegEnumValueW

  RegNotifyChangeKeyValue

  RegDeleteValueW

  RegEnumKeyExW

  RegOpenKeyExW

  RegCloseKey

  RegQueryInfoKeyW

  RegQueryValueExA

  RegSetValueExW

  RegSetValueExA

  RegQueryInfoKeyA

  RegOpenKeyExA

  RegQueryValueExW

  CryptAcquireContextA

  CryptReleaseContext

  CryptGetHashParam

  CryptGenRandom

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptDestroyKey

  CryptImportKey

  CryptEncrypt

  shell32

  ord165

  SHGetKnownFolderPath

  SHCreateItemFromParsingName

  ShellExecuteW

  SHCreateDirectoryExW

  SHGetSpecialFolderPathW

  ShellExecuteExW

  ole32

  CoTaskMemRealloc

  CoUninitialize

  CoCreateInstance

  CoTaskMemFree

  CoInitializeEx

  CoInitialize

  PropVariantClear

  CLSIDFromProgID

  CoTaskMemAlloc

  oleaut32

  SysAllocStringLen

  SysFreeString

  VariantClear

  SysAllocString

  VarUI4FromStr

  SysStringLen

  libcrypto-1_1-x64

  BIO_read

  ERR_get_error

  BIO_ctrl_pending

  BIO_ctrl

  ERR_clear_error

  BIO_free

  BIO_write

  BIO_new_bio_pair

  CONF_modules_unload

  ERR_reason_error_string

  libssl-1_1-x64

  SSL_CTX_use_certificate_chain_file

  SSL_CTX_get_ex_data

  SSL_CTX_get_default_passwd_cb_userdata

  SSL_shutdown

  SSL_CTX_set_ex_data

  TLS_server_method

  SSL_get_error

  SSL_read

  SSL_get_shutdown

  SSL_connect

  SSL_CTX_set_default_passwd_cb

  SSL_free

  SSL_CTX_set_options

  SSL_new

  SSL_CTX_free

  SSL_CTX_ctrl

  SSL_get_ex_data

  SSL_set_ex_data

  SSL_CTX_use_PrivateKey_file

  SSL_CTX_new

  SSL_write

  SSL_CTX_set_default_passwd_cb_userdata

  SSL_ctrl

  SSL_set_bio

  SSL_accept

  zlibwapi

  ord62

  ord82

  ord63

  ord72

  ord77

  ord83

  ord84

  ord110

  ord68

  ord88

  ord79

  ord64

  ord66

  ord89

  shlwapi

  PathIsDirectoryW

  msvcp140

  ?toupper@?$ctype@D@std@@QEBADD@Z

  ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z

  ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z

  ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z

  ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z

  ??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  _Query_perf_counter

  ?_Random_device@std@@YAIXZ

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?classic@locale@std@@SAAEBV12@XZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  _Query_perf_frequency

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ?uncaught_exception@std@@YA_NXZ

  ?_Winerror_map@std@@YAHH@Z

  ?_Winerror_message@std@@YAKKPEADK@Z

  _Stat

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z

  ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

  ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

  ?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?_Xlength_error@std@@YAXPEBD@Z

  _Cnd_signal

  _Mtx_current_owns

  _Cnd_init_in_situ

  ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z

  ?_Throw_Cpp_error@std@@YAXH@Z

  ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

  ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

  ?_Xbad_alloc@std@@YAXXZ

  ?_Xinvalid_argument@std@@YAXPEBD@Z

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?_Throw_C_error@std@@YAXH@Z

  ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Syserror_map@std@@YAPEBDH@Z

  _Cnd_timedwait

  _Mtx_destroy_in_situ

  _Mtx_lock

  _Mtx_init_in_situ

  _Cnd_do_broadcast_at_thread_exit

  _Cnd_destroy

  _Cnd_wait

  _Mtx_init

  _Thrd_start

  _Thrd_detach

  _Xtime_get_ticks

  _Mtx_destroy

  _Cnd_init

  _Mtx_unlock

  _Cnd_broadcast

  _Cnd_destroy_in_situ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

  ??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ

  ??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z

  ?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z

  ?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

  ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

  ?_Incref@facet@locale@std@@UEAAXXZ

  ??Bid@locale@std@@QEAA_KXZ

  ??1_Lockit@std@@QEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?_Xbad_function_call@std@@YAXXZ

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

  ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ws2_32

  getsockopt

  htonl

  htons

  freeaddrinfo

  ioctlsocket

  setsockopt

  WSAGetLastError

  WSARecv

  WSAStartup

  socket

  recv

  send

  recvfrom

  sendto

  gethostname

  WSAAddressToStringW

  connect

  ntohs

  getsockname

  getpeername

  getaddrinfo

  WSASocketW

  WSASetLastError

  listen

  shutdown

  ntohl

  select

  WSASend

  __WSAFDIsSet

  accept

  bind

  WSAIoctl

  closesocket

  WSACleanup

  mswsock

  AcceptEx

  GetAcceptExSockaddrs

  setupapi

  SetupDiGetDeviceRegistryPropertyW

  CM_Get_DevNode_Status

  CM_Get_Device_IDW

  SetupDiEnumDeviceInfo

  SetupDiGetClassDevsW

  SetupDiDestroyDeviceInfoList

  powrprof

  CallNtPowerInformation

  bthprops.cpl

  BluetoothFindNextRadio

  BluetoothFindFirstRadio

  BluetoothGetRadioInfo

  BluetoothFindRadioClose

  propsys

  PropVariantToString

  PSGetNameFromPropertyKey

  vcruntime140

  __std_terminate

  __CxxFrameHandler3

  __RTDynamicCast

  memchr

  strstr

  memmove

  memcpy

  memset

  _CxxThrowException

  __std_type_info_compare

  __C_specific_handler

  strrchr

  wcsstr

  strchr

  __std_exception_destroy

  memcmp

  __std_exception_copy

  _purecall

  api-ms-win-crt-string-l1-1-0

  strncpy

  _strdup

  wcsncmp

  strcspn

  strpbrk

  strcat_s

  strncpy_s

  isupper

  strcmp

  wcscpy_s

  strspn

  toupper

  _stricmp

  strtok_s

  strcpy_s

  wcscat_s

  tolower

  isalpha

  isalnum

  strncmp

  isspace

  towupper

  wcsncpy_s

  api-ms-win-crt-runtime-l1-1-0

  _configure_wide_argv

  _set_app_type

  _beginthreadex

  _initialize_wide_environment

  _get_wide_winmain_command_line

  _seh_filter_exe

  _c_exit

  _initterm

  _errno

  _cexit

  _register_thread_local_exe_atexit_callback

  _crt_atexit

  exit

  _invalid_parameter_noinfo_noreturn

  _register_onexit_function

  _initterm_e

  _initialize_onexit_table

  _exit

  _invalid_parameter_noinfo

  terminate

  _getpid

  __sys_nerr

  strerror

  api-ms-win-crt-stdio-l1-1-0

  fread

  fopen_s

  __stdio_common_vsnprintf_s

  _wfopen_s

  __stdio_common_vsscanf

  fclose

  fputc

  ftell

  _close

  _write

  __stdio_common_vswprintf_s

  _read

  __stdio_common_vswprintf

  _get_stream_buffer_pointers

  _fseeki64

  fsetpos

  ungetc

  setvbuf

  fgetpos

  __stdio_common_vsprintf_s

  fwrite

  _set_fmode

  fgetc

  __stdio_common_vfwprintf

  __stdio_common_vsprintf

  fflush

  __p__commode

  __acrt_iob_func

  fgets

  fopen

  fputs

  _lseeki64

  __stdio_common_vfprintf

  feof

  fseek

  _open

  api-ms-win-crt-convert-l1-1-0

  _wtoi

  strtol

  strtod

  atoi

  strtoll

  strtoull

  wcstol

  strtoul

  api-ms-win-crt-heap-l1-1-0

  realloc

  _set_new_mode

  free

  calloc

  malloc

  _recalloc

  _callnewh

  api-ms-win-crt-math-l1-1-0

  _dtest

  __setusermatherr

  _dsign

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  localeconv

  api-ms-win-crt-filesystem-l1-1-0

  _wrmdir

  _findclose

  _wfindfirst64i32

  _access

  _wchdir

  _wfindnext64i32

  _waccess

  _lock_file

  _unlock_file

  _chdir

  _mkdir

  _fstat64

  _stat64

  _wremove

  api-ms-win-crt-time-l1-1-0

  strftime

  _mktime64

  _localtime64_s

  _time64

  _gmtime64

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-environment-l1-1-0

  getenv

  wldap32

  ord30

  ord200

  ord301

  ord33

  ord32

  ord79

  ord35

  ord27

  ord26

  ord22

  ord41

  ord50

  ord45

  ord60

  ord211

  ord46

  ord217

  ord143

  crypt32

  CryptStringToBinaryA

  CertCloseStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertAddCertificateContextToStore

  CertGetNameStringA

  CryptQueryObject

  CertCreateCertificateChainEngine

  CertFreeCertificateChainEngine

  CertGetCertificateChain

  CertFreeCertificateChain

  CertOpenStore

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 415KB - Virtual size: 415KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 51KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 49KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 572KB - Virtual size: 576KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE