General

Malware Config

Signatures

Files

• 99b1aac2a9cebff847437755928d71f6c36db15b55d01f94756023f8ce72092c

  .exe windows:6 windows x86 arch:x86

  e12d00126c39d00fef4bd76bcb8fcf5f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\a\_work\1\s\artifacts\obj\coreclr\windows.x86.Release\Corehost.Static\singlefilehost.pdb

  Imports

  kernel32

  RaiseException

  FreeLibrary

  SetErrorMode

  RaiseFailFastException

  GetExitCodeProcess

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  AddVectoredExceptionHandler

  MultiByteToWideChar

  GetTickCount

  FlushInstructionCache

  QueryPerformanceFrequency

  QueryPerformanceCounter

  InterlockedPushEntrySList

  InterlockedFlushSList

  InitializeSListHead

  GetTickCount64

  DuplicateHandle

  QueueUserAPC

  WaitForSingleObjectEx

  SetThreadPriority

  GetThreadPriority

  GetCurrentThreadId

  TlsAlloc

  GetCurrentThread

  GetCurrentProcessId

  CreateThread

  GetModuleHandleW

  WaitForMultipleObjectsEx

  SignalObjectAndWait

  SetThreadStackGuarantee

  VirtualQuery

  WriteFile

  GetStdHandle

  GetConsoleOutputCP

  MapViewOfFileEx

  UnmapViewOfFile

  GetStringTypeExW

  InterlockedPopEntrySList

  ExitProcess

  Sleep

  CreateMemoryResourceNotification

  VirtualAlloc

  VirtualFree

  VirtualProtect

  SleepEx

  SwitchToThread

  SuspendThread

  ResumeThread

  CloseThreadpoolTimer

  CreateThreadpoolTimer

  SetThreadpoolTimer

  ReadFile

  GetFileSize

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  CreateEventW

  SetEvent

  ResetEvent

  GetThreadContext

  SetThreadContext

  GetEnabledXStateFeatures

  InitializeContext

  CopyContext

  SetXStateFeaturesMask

  WerRegisterRuntimeExceptionModule

  GetSystemDefaultLCID

  GetUserDefaultLCID

  OutputDebugStringA

  RtlUnwind

  HeapAlloc

  HeapFree

  GetProcessHeap

  HeapCreate

  HeapDestroy

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FormatMessageW

  CreateSemaphoreExW

  ReleaseSemaphore

  GetACP

  LCMapStringEx

  LocalFree

  VerSetConditionMask

  VerifyVersionInfoW

  IsWow64Process

  QueryThreadCycleTime

  SetThreadGroupAffinity

  GetProcessAffinityMask

  QueryInformationJobObject

  CloseHandle

  GetModuleFileNameW

  CreateProcessW

  GetCPInfo

  GetTempPathW

  LoadLibraryExW

  CreateFileW

  GetFileAttributesExW

  GetFullPathNameW

  LoadLibraryExA

  OpenEventW

  ReleaseMutex

  ExitThread

  CreateMutexW

  HeapReAlloc

  CreateNamedPipeA

  WaitForMultipleObjects

  DisconnectNamedPipe

  CreateFileA

  CancelIoEx

  GetOverlappedResult

  ConnectNamedPipe

  FlushFileBuffers

  SetFilePointer

  CreateFileMappingW

  MapViewOfFile

  GetActiveProcessorGroupCount

  GetCurrentProcessorNumberEx

  GetSystemTime

  SetConsoleCtrlHandler

  GetLocaleInfoEx

  GetUserDefaultLocaleName

  LoadLibraryW

  CreateDirectoryW

  RemoveDirectoryW

  CreateActCtxW

  ActivateActCtx

  FindResourceW

  GetWindowsDirectoryW

  GetFileSizeEx

  FindFirstFileExW

  FindNextFileW

  FindClose

  LoadLibraryA

  GetCurrentDirectoryW

  EncodePointer

  DecodePointer

  CreateFileMappingA

  TlsSetValue

  TlsGetValue

  GetSystemInfo

  GetCurrentProcess

  ReadProcessMemory

  OutputDebugStringW

  IsDebuggerPresent

  LeaveCriticalSection

  EnterCriticalSection

  WideCharToMultiByte

  DeleteCriticalSection

  InitializeCriticalSection

  GetCommandLineW

  GetProcAddress

  GetModuleHandleExW

  SetThreadErrorMode

  FlushProcessWriteBuffers

  SetLastError

  DebugBreak

  WaitForSingleObject

  GetNumaHighestNodeNumber

  SetThreadAffinityMask

  SetThreadIdealProcessorEx

  GetThreadIdealProcessorEx

  VirtualAllocExNuma

  GetNumaProcessorNodeEx

  VirtualUnlock

  GetWriteWatch

  GetLargePageMinimum

  ResetWriteWatch

  IsProcessInJob

  K32GetProcessMemoryInfo

  GetLogicalProcessorInformation

  GlobalMemoryStatusEx

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  SleepConditionVariableSRW

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  TlsFree

  TryAcquireSRWLockExclusive

  GetExitCodeThread

  GetStringTypeW

  InitializeCriticalSectionEx

  GetLastError

  GetSystemTimeAsFileTime

  advapi32

  RegQueryValueExW

  AdjustTokenPrivileges

  RegGetValueW

  SetKernelObjectSecurity

  GetSidSubAuthorityCount

  GetSidSubAuthority

  GetTokenInformation

  OpenProcessToken

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  RegOpenKeyExW

  RegCloseKey

  EventRegister

  SetThreadToken

  RevertToSelf

  OpenThreadToken

  EventWriteTransfer

  EventWrite

  LookupPrivilegeValueW

  ole32

  CoCreateFreeThreadedMarshaler

  CreateStreamOnHGlobal

  CoRevokeInitializeSpy

  CoGetContextToken

  CoGetObjectContext

  CoUnmarshalInterface

  CoMarshalInterface

  CoGetMarshalSizeMax

  CLSIDFromProgID

  CoReleaseMarshalData

  CoTaskMemFree

  CoTaskMemAlloc

  CoCreateGuid

  CoInitializeEx

  CoRegisterInitializeSpy

  CoWaitForMultipleHandles

  CoUninitialize

  CoGetClassObject

  oleaut32

  SafeArrayPutElement

  LoadRegTypeLi

  CreateErrorInfo

  SafeArraySetRecordInfo

  GetRecordInfoFromTypeInfo

  SafeArrayGetElemsize

  SysStringByteLen

  SafeArrayAllocDescriptorEx

  SysAllocStringByteLen

  VarCyFromDec

  SafeArrayCreateVector

  SysFreeString

  VariantInit

  GetErrorInfo

  SetErrorInfo

  SysStringLen

  SysAllocString

  VariantClear

  SysAllocStringLen

  SafeArrayGetDim

  SafeArrayGetLBound

  SafeArrayAllocData

  SafeArrayDestroy

  QueryPathOfRegTypeLi

  VariantChangeTypeEx

  LoadTypeLibEx

  VariantChangeType

  SafeArrayGetVartype

  user32

  LoadStringW

  MessageBoxW

  shell32

  ShellExecuteW

  api-ms-win-crt-string-l1-1-0

  strncat_s

  wcsncat_s

  _stricmp

  wcsnlen

  wcscat_s

  towupper

  iswascii

  _strdup

  strnlen

  wcstok_s

  isdigit

  isalpha

  towlower

  iswupper

  strncpy

  isspace

  strtok_s

  strcmp

  _strnicmp

  isupper

  iswspace

  toupper

  _wcsdup

  tolower

  wcsncmp

  islower

  strncmp

  strcspn

  strncpy_s

  __strncnt

  _wcsnicmp

  strlen

  wcscpy_s

  wcsncpy_s

  _wcsicmp

  strcpy_s

  strcat_s

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vfwprintf

  fflush

  fputws

  fputwc

  __acrt_iob_func

  __stdio_common_vswprintf

  _set_fmode

  _get_stream_buffer_pointers

  _fseeki64

  fread

  fsetpos

  ungetc

  fgetpos

  __stdio_common_vsscanf

  fgetc

  fputc

  _wfsopen

  fclose

  fgets

  _wfopen

  __p__commode

  setvbuf

  _setmode

  _dup

  _fileno

  ftell

  fseek

  __stdio_common_vsnprintf_s

  __stdio_common_vfprintf

  fputs

  __stdio_common_vsnwprintf_s

  fwrite

  _flushall

  fopen

  __stdio_common_vsprintf_s

  api-ms-win-crt-runtime-l1-1-0

  _invalid_parameter_noinfo_noreturn

  abort

  exit

  _beginthreadex

  terminate

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  _seh_filter_exe

  _set_app_type

  _wcserror_s

  _configure_wide_argv

  _initialize_wide_environment

  _get_initial_wide_environment

  _initterm

  _initterm_e

  _exit

  _errno

  __p___argc

  __p___wargv

  _c_exit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo

  _controlfp_s

  api-ms-win-crt-convert-l1-1-0

  _wcstoui64

  _itow_s

  _ltow_s

  wcstoul

  strtoul

  strtoull

  _wtoi

  atol

  atoi

  api-ms-win-crt-heap-l1-1-0

  realloc

  free

  _set_new_mode

  malloc

  calloc

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-math-l1-1-0

  asinh

  asinhf

  atanhf

  cbrtf

  acoshf

  log2f

  __libm_sse2_asin

  __libm_sse2_atan

  __libm_sse2_atan2

  __libm_sse2_log10

  __libm_sse2_pow

  acosh

  atanh

  log2

  __libm_sse2_sin

  __libm_sse2_tan

  _libm_sse2_acos_precise

  _libm_sse2_asin_precise

  _libm_sse2_atan_precise

  _fdopen

  _libm_sse2_cos_precise

  _libm_sse2_exp_precise

  trunc

  truncf

  ilogb

  ilogbf

  _finite

  _libm_sse2_log10_precise

  _libm_sse2_log_precise

  _libm_sse2_pow_precise

  _libm_sse2_sin_precise

  __libm_sse2_acos

  frexp

  _CItanh

  _CIsinh

  _libm_sse2_sqrt_precise

  _libm_sse2_tan_precise

  ceil

  _CIfmod

  floor

  fma

  fmaf

  __libm_sse2_cos

  _CIcosh

  cbrt

  _CIatan2

  __libm_sse2_exp

  _ldclass

  _dclass

  modf

  _isnan

  __setusermatherr

  __libm_sse2_log

  _copysign

  api-ms-win-crt-time-l1-1-0

  _gmtime64_s

  _time64

  wcsftime

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-locale-l1-1-0

  ___mb_cur_max_func

  ___lc_codepage_func

  ___lc_locale_name_func

  __pctype_func

  setlocale

  localeconv

  _configthreadlocale

  _unlock_locales

  _lock_locales

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  _wremove

  _wrename

  _lock_file

  Exports

  Exports

  CLRJitAttachState

  DotNetRuntimeInfo

  MetaDataGetDispenser

  g_CLREngineMetrics

  g_dacTable

  Sections

  .text

  Size: 5.2MB - Virtual size: 5.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .CLR_UEF

  Size: 512B - Virtual size: 68B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 78KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .didat

  Size: 512B - Virtual size: 28B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 68KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 256KB - Virtual size: 255KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ