__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
1 signatures
General
-
Target
XTOOLD.EXE
-
Size
3.6MB
-
MD5
1e38c466d224ae0c4a9b042312dd689e
-
SHA1
6ffb7dc8dbff97226ec35fff8101a31215f1f60b
-
SHA256
3bee6c57553ed8fd32bd39f13f65b17e31cacdc8f7faf68f48a134b8332e345b
-
SHA512
e326df0508ef8678895f2ffe815a50be8c223ff10458325d0da09073f3408a0b8ada7f0508faf5defafd7a0092b04d334678a4d321c3cded2612001afa482668
-
SSDEEP
49152:PF2enrRyqKpwkSbYQHixomZoar+YE2+YgWOxTNMZ7Z6iYkavqpaPYrxbav:PsyT6bE7piKf
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XTOOLD.EXE
Files
-
XTOOLD.EXE.exe windows:5 windows x64 arch:x64
11f93b493bb82d9dcfc19794477f16c2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
SetFileAttributesW
GetFileType
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
CreateSemaphoreW
TerminateThread
QueryPerformanceFrequency
GetHandleInformation
SetHandleInformation
IsDebuggerPresent
FindNextFileW
FlushInstructionCache
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GetSystemTimeAsFileTime
FormatMessageW
SwitchToThread
GetExitCodeThread
WriteConsoleW
GetCurrentThread
GetFileAttributesExW
IsBadReadPtr
GlobalMemoryStatusEx
LoadLibraryExW
TerminateProcess
SetPriorityClass
LockResource
CancelIo
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetStartupInfoW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
SetConsoleCursorPosition
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
FindResourceExW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetProcessTimes
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
GetModuleFileNameA
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetConsoleScreenBufferInfo
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
GetThreadLocale
SetThreadLocale
dbghelp
ImageRvaToVa
ImageNtHeader
ole32
CoInitializeEx
CoUninitialize
version
GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
user32
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW
MessageBoxA
oleaut32
SafeArrayPutElement
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType
msvcrt
memcpy
memset
memmove
advapi32
RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW
winhttp
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption
Exports
Exports
Sections
.text Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 220KB - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 107KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 110B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 600B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 109B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 110KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ