xmrig | rroJTl[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

rroJTl.zip
Size

201.6MB
MD5

0bd238f10218f7cfb855fec2acd3a2c1
SHA1

1509bb460ac4e1f3bcc9a3688dce3633beebf0d1
SHA256

6f78a9ec4dde9902a9eafe74d46d3807c1807323202ae51f54bf1c3874bbac77
SHA512

26c63d04eb9e505f4b52701a7e2923ad9d248bbd428c99e4e4270a9979952b0ff7b7ca3371c8cfe93244ec9c707d56e4e6f9ed6c3c8ef7c386bd2e377f006302
SSDEEP

6291456:f91XqV2KEJM5Gisbd6tk7yLdu155Gisbd6tk7yLdu1ksDQEjZ:f90HEJMMHqHI15MHqHI1ksDpjZ

Score

10^/10

themida miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
static1/unpack001/sss/WindowsTask/MicrosoftHost.exe	xmrig
static1/unpack001/sss/WindowsTask/MicrosoftHost.exe	family_xmrig

Xmrig family
xmrig

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/sss/Install/smss.exe	themida
static1/unpack001/sss/ReaItekHD/taskhost.exe	themida
static1/unpack001/sss/ReaItekHD/taskhostw.exe	themida
static1/unpack001/sss/WindowsTask/audiodg.exe	themida

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sss/Install/smss.exe
unpack001/sss/RDPWinst.exe
unpack001/sss/ReaItekHD/taskhost.exe
unpack001/sss/ReaItekHD/taskhostw.exe
unpack001/sss/Windows Tasks Service/winserv.exe
unpack001/sss/WindowsTask/AMD.exe
unpack001/sss/WindowsTask/AppModule.exe
unpack001/sss/WindowsTask/MicrosoftHost.exe
unpack001/sss/WindowsTask/audiodg.exe

Files

rroJTl.zip
.zip
sss/Install/Del3.bat
sss/Install/Delete.bat
sss/Install/del.bat
sss/Install/rdpwrap.ini
sss/Install/smss.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 761B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
sss/RDPWinst.exe
.exe windows:5 windows x86 arch:x86

a89655faa2b6840e801be1e1c779fc67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
EnumServicesStatusExW

user32

LoadStringW
MessageBoxA
CharNextW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharNextW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
TerminateProcess
Sleep
SizeofResource
SignalObjectAndWait
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
OpenProcess
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryExW
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetThreadLocale
GetNativeSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sss/ReaItekHD/taskhost.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 761B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
sss/ReaItekHD/taskhostw.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 761B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22.5MB - Virtual size: 22.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
sss/Windows Tasks Service/settings.dat
sss/Windows Tasks Service/winserv.exe
.exe windows:4 windows x86 arch:x86

ebe65d762f2c61fe8918999d24b4ff38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
ConvertSidToStringSidW
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
CryptImportKey
CryptReleaseContext
DeleteService
DeregisterEventSource
DuplicateToken
EnumServicesStatusW
FreeSid
GetTokenInformation
GetUserNameA
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
LookupAccountNameW
LookupAccountSidW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCache
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExA
RegSetValueExW
RegUnLoadKeyW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW
ReportEventW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetServiceStatus
SetTokenInformation
StartServiceCtrlDispatcherW
StartServiceW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
_TrackMouseEvent

comdlg32

GetSaveFileNameA
GetSaveFileNameW
PrintDlgW

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BeginPath
BitBlt
Chord
CloseEnhMetaFile
CombineRgn
CombineTransform
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EndPath
EnumFontFamiliesExW
EnumFontsW
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
ExtTextOutW
FillPath
FillRgn
FrameRgn
GdiFlush
GetBitmapBits
GetBkMode
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectW
GetPaletteEntries
GetPixel
GetROP2
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextAlign
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceA
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
PathToRegion
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectInRegion
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetGraphicsMode
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
SetWorldTransform
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
UnrealizeObject
WidenPath

kernel32

Beep
CloseHandle
CompareStringA
CompareStringW
ConnectNamedPipe
CopyFileA
CopyFileExW
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetConsoleCP
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetUserGeoID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
IsBadReadPtr
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalSize
LockResource
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenProcess
OpenSemaphoreW
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessShutdownParameters
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringW
lstrcmp
lstrcmpW
lstrcmpiW
lstrlen
lstrlenW

msvcrt

memcpy
memset

netapi32

NetApiBufferFree
NetWkstaGetInfo

ole32

CLSIDFromProgID
CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
IsAccelerator
IsEqualGUID
OleDraw
OleInitialize
OleRegEnumVerbs
OleSetMenuDescriptor
OleUninitialize
ProgIDFromCLSID
StringFromCLSID

oleaut32

CreateErrorInfo
GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SetErrorInfo
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

shell32

PathCleanupSpec
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteEx
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shfolder

SHGetFolderPathW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharToOemW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CloseDesktop
CopyIcon
CopyImage
CountClipboardFormats
CreateAcceleratorTableW
CreateCaret
CreateDialogParamW
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndMenu
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowA
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameA
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetGuiResources
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUpdateRect
GetUpdateRgn
GetUserObjectInformationW
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadKeyboardLayoutW
LoadMenuW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OemToCharA
OffsetRect
OpenClipboard
OpenDesktopW
OpenInputDesktop
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
ScrollWindowEx
SendInput
SendMessageA
SendMessageTimeoutA
SendMessageW
SendNotifyMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetThreadDesktop
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
keybd_event
mouse_event

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerLanguageNameW
VerQueryValueA
VerQueryValueW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetQueryOptionW
InternetReadFile

winmm

PlaySoundW
sndPlaySoundW
timeGetTime

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

wintrust

WinVerifyTrust

wsock32

WSACleanup
WSAGetLastError
WSAStartup
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
madTraceProcess

Sections

.tls
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sss/WindowsTask/AMD.exe
.exe windows:6 windows x64 arch:x64

acddb33ab77056c4ff8e21de230f72ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

GetUserProfileDirectoryA

psapi

GetModuleFileNameExW

winmm

timeBeginPeriod

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

ws2_32

socket
shutdown
WSAStartup
send
select
recv
listen
getsockopt
ioctlsocket
connect
WSAGetLastError
bind
accept
__WSAFDIsSet
ntohs
htons
htonl
getaddrinfo
WSASetLastError
closesocket
freeaddrinfo
setsockopt
WSACleanup

kernel32

GetTimeFormatW
GetDateFormatW
HeapAlloc
GetLastError
MultiByteToWideChar
SetThreadPriority
LocalFree
FormatMessageA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
SetConsoleCtrlHandler
GetStdHandle
SetConsoleTextAttribute
CreateDirectoryA
FreeLibrary
GetModuleFileNameA
LoadLibraryA
SetThreadExecutionState
GetConsoleMode
SetConsoleMode
SetFileAttributesA
CloseHandle
ExitProcess
ExpandEnvironmentStringsA
ReadFile
CreatePipe
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
SetLastError
CompareStringW
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
GetModuleHandleW
GetModuleHandleExW
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
LoadLibraryW
HeapFree
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
HeapSize
GetTimeZoneInformation
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage
RtlUnwind
GetACP
GetFileInformationByHandle
GetDriveTypeW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetSystemTime
CreateFileW
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
CreateThread

user32

GetProcessWindowStation
ExitWindowsEx
GetUserObjectInformationW
MessageBoxW

advapi32

CryptEnumProvidersW
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
DeregisterEventSource
RegisterEventSourceW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65.0MB - Virtual size: 65.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sss/WindowsTask/AppModule.exe
.exe windows:6 windows x64 arch:x64

acddb33ab77056c4ff8e21de230f72ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

GetUserProfileDirectoryA

psapi

GetModuleFileNameExW

winmm

timeBeginPeriod

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

ws2_32

socket
shutdown
WSAStartup
send
select
recv
listen
getsockopt
ioctlsocket
connect
WSAGetLastError
bind
accept
__WSAFDIsSet
ntohs
htons
htonl
getaddrinfo
WSASetLastError
closesocket
freeaddrinfo
setsockopt
WSACleanup

kernel32

GetTimeFormatW
GetDateFormatW
HeapAlloc
GetLastError
MultiByteToWideChar
SetThreadPriority
LocalFree
FormatMessageA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
SetConsoleCtrlHandler
GetStdHandle
SetConsoleTextAttribute
CreateDirectoryA
FreeLibrary
GetModuleFileNameA
LoadLibraryA
SetThreadExecutionState
GetConsoleMode
SetConsoleMode
SetFileAttributesA
CloseHandle
ExitProcess
ExpandEnvironmentStringsA
ReadFile
CreatePipe
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
SetLastError
CompareStringW
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
GetModuleHandleW
GetModuleHandleExW
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
LoadLibraryW
HeapFree
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
HeapSize
GetTimeZoneInformation
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage
RtlUnwind
GetACP
GetFileInformationByHandle
GetDriveTypeW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetSystemTime
CreateFileW
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
CreateThread

user32

GetProcessWindowStation
ExitWindowsEx
GetUserObjectInformationW
MessageBoxW

advapi32

CryptEnumProvidersW
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
DeregisterEventSource
RegisterEventSourceW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65.0MB - Virtual size: 65.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sss/WindowsTask/MicrosoftHost.exe
.exe windows:6 windows x64 arch:x64

2e3e4d2cfd6226981f42ae1c2abe7b12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
ntohs
htons
send
WSASetLastError
WSAGetLastError
select
WSARecvFrom
WSASocketW
WSASend
WSARecv
WSAIoctl
gethostname
WSADuplicateSocketW
shutdown
getpeername
FreeAddrInfoW
GetAddrInfoW
htonl
socket
setsockopt
listen
closesocket
bind
WSACleanup
WSAStartup
getsockopt
getsockname
ioctlsocket

iphlpapi

GetAdaptersAddresses

userenv

GetUserProfileDirectoryW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore

kernel32

SetConsoleMode
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
SizeofResource
LockResource
LoadResource
FindResourceW
ExpandEnvironmentStringsA
GetConsoleWindow
GetSystemFirmwareTable
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetSystemPowerStatus
GetCurrentThread
GetProcAddress
GetModuleHandleW
GetTickCount
CloseHandle
FreeConsole
VirtualProtect
VirtualFree
VirtualAlloc
GetLargePageMinimum
LocalAlloc
GetLastError
LocalFree
FlushInstructionCache
GetCurrentThreadId
AddVectoredExceptionHandler
DeviceIoControl
GetModuleFileNameW
CreateFileW
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
PostQueuedCompletionStatus
CreateFileA
DuplicateHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
QueueUserWorkItem
RegisterWaitForSingleObject
UnregisterWait
GetNumberOfConsoleInputEvents
ReadConsoleInputW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
CreateDirectoryW
FlushFileBuffers
GetDiskFreeSpaceW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFinalPathNameByHandleW
GetFullPathNameW
SetUnhandledExceptionFilter
RemoveDirectoryW
SetConsoleTitleA
SetFileTime
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReOpenFile
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeCriticalSection
SetConsoleCtrlHandler
GetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
CreateIoCompletionPort
ReadDirectoryChangesW
VerSetConditionMask
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTempPathW
GlobalMemoryStatusEx
VerifyVersionInfoA
FileTimeToSystemTime
RtlUnwind
SetHandleInformation
CancelIoEx
CancelIo
SwitchToThread
SetFileCompletionNotificationModes
LoadLibraryExW
FormatMessageA
SetErrorMode
GetQueuedCompletionStatus
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ReleaseSemaphore
ResumeThread
GetNativeSystemInfo
CreateSemaphoreA
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
CancelSynchronousIo
GetNamedPipeHandleStateA
TerminateProcess
GetExitCodeProcess
UnregisterWaitEx
LCMapStringW
DebugBreak
GetModuleHandleA
LoadLibraryExA
GetStartupInfoW
GetModuleFileNameA
GetVersionExA
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
GetComputerNameA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
GetStringTypeW
GetStdHandle
WriteConsoleW
SetFilePointerEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetStdHandle
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitProcess
GetFileAttributesExW
SetFileAttributesW
GetConsoleCP
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetTimeZoneInformation
HeapSize
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
ReadFile
K32GetProcessMemoryInfo
InitializeCriticalSectionEx
WaitForSingleObjectEx
GetExitCodeThread
SleepConditionVariableSRW
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo

user32

GetProcessWindowStation
GetUserObjectInformationW
ShowWindow
GetLastInputInfo
DispatchMessageA
GetMessageA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage
MessageBoxW

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

advapi32

SystemFunction036
GetUserNameW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigA
DeleteService
ControlService
StartServiceW
OpenServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sss/WindowsTask/WinRing0x64.sys
.sys windows:6 windows x64 arch:x64

d41fa95d4642dc981f10de36f4dc8cd7

Code Sign

01:00:00:00:00:01:15:37:24:21:a8
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24-09-2007 10:50

Not After

24-09-2008 10:50

Subject

CN=Noriyuki MIYAZAKI,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16-12-2003 13:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 12:00

Not After

27-01-2014 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05-02-2007 09:00

Not After

27-01-2014 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 09:00

Not After

27-01-2014 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da
Signer

Actual PE Digest

26:68:21:a3:91:74:d2:9f:6f:87:91:cf:9f:44:f1:a1:f3:43:9d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
KeBugCheckEx
IoCreateSymbolicLink
MmUnmapIoSpace
IofCompleteRequest
__C_specific_handler

hal

HalSetBusDataByOffset
HalGetBusDataByOffset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sss/WindowsTask/audiodg.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 761B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 347KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
sss/WindowsTask/new.xml
sss/WindowsTask/winlogon.bat

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 761B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 5.2MB - Virtual size: 5.2MB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 48KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

a89655faa2b6840e801be1e1c779fc67

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wininet

Sections

.text Size: 261KB - Virtual size: 260KB

.itext Size: 8KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 19KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 24KB - Virtual size: 23KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 761B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 16.1MB - Virtual size: 16.1MB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 47KB - Virtual size: 47KB

.themida Size: - Virtual size: 8.0MB

.boot Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 16B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 761B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 22.5MB - Virtual size: 22.5MB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 366KB - Virtual size: 366KB

.themida Size: - Virtual size: 7.8MB

.boot Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 16B - Virtual size: 4KB

ebe65d762f2c61fe8918999d24b4ff38

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 48KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 260KB

.itext
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 47KB - Virtual size: 47KB

.themida
Size: - Virtual size: 8.0MB

.boot
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 16B - Virtual size: 4KB

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 366KB - Virtual size: 366KB

.themida
Size: - Virtual size: 7.8MB

.boot
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 16B - Virtual size: 4KB

.tls
Size: 10.1MB - Virtual size: 10.1MB

.rsrc
Size: 90KB - Virtual size: 92KB

.idata
Size: 22KB - Virtual size: 24KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 65.0MB - Virtual size: 65.1MB

.pdata
Size: 136KB - Virtual size: 136KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 50KB - Virtual size: 50KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 65.0MB - Virtual size: 65.1MB

.pdata
Size: 136KB - Virtual size: 136KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 50KB - Virtual size: 50KB