General

Malware Config

Signatures

Files

• 5d214ba9162c66fdaedcaefec9312c2cb5b276f121aa7e86a5e4dd247361d127

  .exe windows:5 windows x86 arch:x86

  da615ad92cf6c6d9159a7eb2aceeb372

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb

  Imports

  psapi

  GetModuleFileNameExA

  ws2_32

  ntohl

  htons

  WSAStartup

  WSAGetLastError

  __WSAFDIsSet

  select

  shutdown

  connect

  recv

  send

  socket

  ioctlsocket

  setsockopt

  closesocket

  gethostbyname

  htonl

  WSACleanup

  kernel32

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  EnterCriticalSection

  LeaveCriticalSection

  DuplicateHandle

  SetErrorMode

  TerminateProcess

  RaiseException

  GetFileTime

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetTempPathW

  CopyFileW

  GetFileAttributesW

  GetFileSizeEx

  GetTempPathA

  TerminateThread

  FreeResource

  GetUserDefaultUILanguage

  DecodePointer

  ProcessIdToSessionId

  OpenMutexW

  CreateMutexW

  GetLogicalDrives

  GetDriveTypeW

  DeviceIoControl

  FindFirstFileW

  RemoveDirectoryW

  MoveFileExW

  FindNextFileW

  FindClose

  GetExitCodeProcess

  IsDBCSLeadByte

  GetFullPathNameW

  SetEndOfFile

  SetFilePointerEx

  CreateFileA

  SwitchToThread

  CreateDirectoryA

  GetPrivateProfileIntA

  GetPrivateProfileStringA

  GetVersionExW

  LoadLibraryA

  GetSystemDefaultLangID

  OpenProcess

  SleepEx

  CreateMutexA

  AreFileApisANSI

  TryEnterCriticalSection

  HeapCreate

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  GetFullPathNameA

  UnlockFileEx

  HeapValidate

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesA

  FlushViewOfFile

  WaitForSingleObjectEx

  GetVersionExA

  DeleteFileA

  HeapCompact

  UnlockFile

  CreateFileMappingA

  LocalFree

  LockFileEx

  SystemTimeToFileTime

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  QueryPerformanceCounter

  FlushFileBuffers

  GetStdHandle

  GetFileType

  GetModuleHandleA

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  GetACP

  lstrlenW

  GlobalLock

  GlobalUnlock

  ExitProcess

  VerSetConditionMask

  CreateDirectoryW

  LocalFileTimeToFileTime

  GlobalAlloc

  lstrcpyW

  lstrcmpiW

  IsValidCodePage

  SetStdHandle

  GetTimeZoneInformation

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetConsoleCP

  ReadConsoleW

  SetEnvironmentVariableA

  SetConsoleMode

  ReadConsoleInputA

  GetConsoleMode

  SetConsoleCtrlHandler

  GetModuleHandleExW

  ExitThread

  FileTimeToSystemTime

  SystemTimeToTzSpecificLocalTime

  RtlUnwind

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  ReleaseSemaphore

  VirtualProtect

  VirtualFree

  VirtualAlloc

  LoadLibraryExW

  FreeLibraryAndExitThread

  GetThreadTimes

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  SetThreadPriority

  CreateThread

  SignalObjectAndWait

  CreateTimerQueue

  InitializeSListHead

  GetStartupInfoW

  UnhandledExceptionFilter

  ResetEvent

  IsDebuggerPresent

  LCMapStringW

  CompareStringW

  GetCPInfo

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  SetLastError

  QueryPerformanceFrequency

  FindFirstFileExW

  GetNativeSystemInfo

  GetExitCodeThread

  GetCurrentThread

  GetStringTypeW

  EncodePointer

  InitializeCriticalSection

  GetCurrentProcessId

  GetModuleFileNameA

  GetSystemDirectoryW

  GetEnvironmentVariableW

  GetLocaleInfoW

  GetPrivateProfileSectionW

  GetPrivateProfileIntW

  VerifyVersionInfoW

  SetUnhandledExceptionFilter

  GetPrivateProfileStringW

  GetCommandLineW

  GetSystemInfo

  GetDiskFreeSpaceExW

  GlobalMemoryStatusEx

  OutputDebugStringW

  IsProcessorFeaturePresent

  PeekNamedPipe

  CreateProcessA

  CreatePipe

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  LoadLibraryW

  FreeLibrary

  InterlockedExchangeAdd

  GetTickCount

  GetFileAttributesExW

  GetLocalTime

  GetModuleFileNameW

  InterlockedDecrement

  InterlockedIncrement

  MoveFileW

  DeleteFileW

  SetFilePointer

  SetEvent

  WaitForSingleObject

  CreateEventW

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  WideCharToMultiByte

  Sleep

  InterlockedExchange

  InterlockedCompareExchange

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  GetCurrentThreadId

  GlobalFree

  MultiByteToWideChar

  GetCurrentProcess

  GetFileSize

  WriteFile

  ReadFile

  GetLastError

  GetModuleHandleW

  GetProcAddress

  CreateFileW

  CloseHandle

  GetOEMCP

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  WriteConsoleW

  MulDiv

  user32

  GetWindowTextW

  InvalidateRgn

  wsprintfW

  EnumDisplayDevicesW

  GetDC

  MonitorFromWindow

  GetMonitorInfoW

  ReleaseDC

  DestroyWindow

  DefWindowProcW

  GetSystemMetrics

  MessageBoxW

  GetWindowTextLengthW

  SetWindowTextW

  IsWindowEnabled

  DestroyMenu

  TrackPopupMenu

  InvalidateRect

  IsWindow

  GetProcessWindowStation

  GetUserObjectInformationW

  MessageBoxA

  IsRectEmpty

  IntersectRect

  PtInRect

  SetCursor

  LoadCursorW

  CreateAcceleratorTableW

  OffsetRect

  InflateRect

  UnionRect

  SendMessageW

  GetWindowRect

  ScreenToClient

  GetKeyState

  GetClientRect

  SetWindowPos

  GetWindowLongW

  SetWindowLongW

  IsIconic

  GetActiveWindow

  GetWindow

  SetFocus

  BeginPaint

  EndPaint

  GetUpdateRect

  IsWindowVisible

  MapWindowPoints

  CreateWindowExW

  GetCursorPos

  ReleaseCapture

  GetSysColor

  GetMessageW

  EnableMenuItem

  AppendMenuW

  CreatePopupMenu

  GetCaretBlinkTime

  TranslateMessage

  DispatchMessageW

  IsZoomed

  PostMessageW

  GetFocus

  SetTimer

  KillTimer

  SetCapture

  GetParent

  LoadImageW

  SetWindowRgn

  ShowWindow

  EnableWindow

  PostQuitMessage

  RegisterClassW

  GetClassInfoExW

  RegisterClassExW

  GetGUIThreadInfo

  SetForegroundWindow

  MapVirtualKeyExW

  GetKeyNameTextW

  CharNextW

  CallWindowProcW

  SetPropW

  ClientToScreen

  SetCaretPos

  GetCaretPos

  HideCaret

  ShowCaret

  GetPropW

  EqualRect

  FillRect

  CreateCaret

  GetWindowRgn

  UpdateLayeredWindow

  MoveWindow

  CharPrevW

  DrawTextW

  SetRect

  GetKeyboardLayout

  gdi32

  SelectClipRgn

  CreateRoundRectRgn

  PlayEnhMetaFile

  GetEnhMetaFileHeader

  CreateDIBitmap

  AddFontMemResourceEx

  GetTextMetricsW

  CloseEnhMetaFile

  CreateEnhMetaFileW

  SetWindowOrgEx

  Rectangle

  RestoreDC

  BitBlt

  SaveDC

  SelectObject

  CreateCompatibleDC

  CombineRgn

  RemoveFontMemResourceEx

  CreatePen

  GetClipBox

  GetStockObject

  GetObjectW

  GetObjectA

  DeleteObject

  CreateCompatibleBitmap

  GetDeviceCaps

  CreateDIBSection

  StretchBlt

  CreateRectRgn

  SetStretchBltMode

  CreateSolidBrush

  CreatePenIndirect

  MoveToEx

  LineTo

  RoundRect

  PtInRegion

  CreatePatternBrush

  CreateRectRgnIndirect

  CreateFontIndirectW

  ExtSelectClipRgn

  GetBitmapBits

  SetBitmapBits

  SetBkMode

  SetTextColor

  SetBkColor

  GetCharABCWidthsW

  GetTextExtentPoint32W

  TextOutW

  DeleteDC

  GdiFlush

  advapi32

  RegQueryValueExA

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  ReportEventA

  RegisterEventSourceA

  DeregisterEventSource

  CryptReleaseContext

  CryptGenRandom

  CryptAcquireContextW

  RegOpenKeyExA

  shell32

  SHCreateDirectoryExW

  ord165

  ShellExecuteExW

  SHChangeNotify

  SHGetPathFromIDListW

  DragQueryFileW

  SHGetSpecialFolderPathW

  SHGetFolderPathA

  CommandLineToArgvW

  ShellExecuteExA

  SHBrowseForFolderW

  ole32

  ReleaseStgMedium

  CreateStreamOnHGlobal

  RegisterDragDrop

  DoDragDrop

  OleDuplicateData

  CoInitialize

  CoCreateInstance

  CoUninitialize

  CoInitializeEx

  CoTaskMemFree

  CoCreateGuid

  CLSIDFromString

  CLSIDFromProgID

  OleLockRunning

  comctl32

  ord17

  _TrackMouseEvent

  gdiplus

  GdipDrawString

  GdipMeasureString

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetStringFormatFlags

  GdipDrawImageRectI

  GdipDeleteStringFormat

  GdipStringFormatGetGenericTypographic

  GdipCloneStringFormat

  GdipSetInterpolationMode

  GdipSetSmoothingMode

  GdipSetTextRenderingHint

  GdipDeleteFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipDrawRectangleI

  GdipTranslateWorldTransform

  GdipDeletePen

  GdipCreatePen1

  GdipFillRectangleI

  GdipDeleteBrush

  GdipCreateSolidFill

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipDisposeImage

  GdipCloneImage

  GdipAlloc

  GdipFree

  GdipLoadImageFromStream

  GdiplusShutdown

  GdiplusStartup

  GdipSetPenMode

  GdipRotateWorldTransform

  GdipSetStringFormatTrimming

  imm32

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionWindow

  winhttp

  WinHttpWriteData

  WinHttpSetOption

  WinHttpSendRequest

  WinHttpGetProxyForUrl

  WinHttpReceiveResponse

  WinHttpAddRequestHeaders

  WinHttpOpenRequest

  WinHttpConnect

  WinHttpCrackUrl

  WinHttpQueryHeaders

  WinHttpQueryDataAvailable

  WinHttpReadData

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpSetTimeouts

  WinHttpCloseHandle

  WinHttpOpen

  shlwapi

  PathFileExistsW

  PathRemoveFileSpecW

  PathAddBackslashW

  PathRemoveFileSpecA

  PathIsDirectoryW

  d3d9

  Direct3DCreate9

  urlmon

  URLDownloadToFileA

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  netapi32

  Netbios

  Sections

  .text

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 532KB - Virtual size: 531KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 64KB - Virtual size: 82KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .QMGuid

  Size: 512B - Virtual size: 20B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 192KB - Virtual size: 192KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 118KB - Virtual size: 117KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ