2aa1cb0c7e8ae5954319b76db8b414c8d39cb14f9ce145839396d40efeceeb13

Sharing

Copy URL Twitter E-mail

General

Target

2aa1cb0c7e8ae5954319b76db8b414c8d39cb14f9ce145839396d40efeceeb13
Size

4.4MB
MD5

160027be56a683f688be6fa558ad1f4a
SHA1

e7f18964884e5afd39cabb622070ba332d54b606
SHA256

2aa1cb0c7e8ae5954319b76db8b414c8d39cb14f9ce145839396d40efeceeb13
SHA512

9e66d4330efecb62a21c18f64596e62539119e62bc540be98c12d0aff5e6ef0fd6ae78a41b8e7189cac0d1fed415922aaf5be399e2ada64285e4357f76d94bb1
SSDEEP

49152:EFWtIB+kE8RGwk7YN0GiAnbCnmeJp1O1sduVs7A8biTyLDi/p7VtzVbPYpzElw8G:ZiRWP01VtzRw8a0cDyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa1cb0c7e8ae5954319b76db8b414c8d39cb14f9ce145839396d40efeceeb13

Files

2aa1cb0c7e8ae5954319b76db8b414c8d39cb14f9ce145839396d40efeceeb13
.exe windows:10 windows x64 arch:x64

fe6f775dd0c72ffd106f56930c60a452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_set_error_mode

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
wcscmp
wcscspn
memset

api-ms-win-crt-private-l1-1-0

_o_iswalnum
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
_o_free
_o_floor
_o_exit
_o_ceil
_o_bsearch
memmove
_o__wtoi
_o__wcsnicmp
_o__wcsicmp
_o__localtime64
_o__ui64tow_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__itow_s
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime64
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

twinapi

ord9

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
QueryInformationJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-url-l1-1-0

UrlUnescapeW
PathIsURLW
HashData

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

ntdll

RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlRunOnceExecuteOnce
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlAppendUnicodeStringToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlIsStateSeparationEnabled
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlReleaseSRWLockExclusive
RtlAppendUnicodeToString
RtlAllocateHeap
RtlReAllocateHeap
RtlGetVersion
wcsspn
wcsrchr
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
wcschr
strchr
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlFreeHeap
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
ZwQuerySystemInformation
NtSetThreadExecutionState
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
VerSetConditionMask
RtlQueryResourcePolicy
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx
RtlDosPathNameToNtPathName_U_WithStatus
RtlIsMultiUsersInSessionSku
RtlIsMultiSessionSku
RtlInitString
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeString
RtlFormatCurrentUserKeyPath

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleExW
LockResource
GetModuleFileNameW
LoadResource
FindStringOrdinal
LoadStringW
GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseMutex
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObject
CreateMutexW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
DeleteCriticalSection
SleepEx
ReleaseSemaphore
OpenMutexW
WaitForMultipleObjectsEx
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
OpenEventW
SetEvent
CreateMutexExW
CreateEventW
ReleaseSRWLockExclusive
TryEnterCriticalSection
CreateEventExW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
DeleteFileW
GetLongPathNameW
FindClose
WriteFile
FindNextFileW
FindFirstFileW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventEnabled
EventWrite
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenCurrentUser
RegDeleteTreeW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
SetThreadPriorityBoost
GetThreadPriority
SetThreadPriority
GetExitCodeProcess
GetCurrentThreadId
ExitProcess
GetProcessId
GetStartupInfoW
CreateThread
ProcessIdToSessionId
SetPriorityClass
GetPriorityClass
GetCurrentProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess
SetProcessShutdownParameters
OpenThread
QueueUserAPC
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetCalendarInfoW
GetUserDefaultLangID
GetLocaleInfoW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VariantClear
SafeArrayUnaccessData
VarUI4FromStr
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroy
SysAllocStringByteLen
VariantInit

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS
SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoInitializeEx
CoTaskMemRealloc
CoInitializeSecurity
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
CoFreeUnusedLibraries
PropVariantClear
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
StringFromIID
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
IIDFromString
CoGetStdMarshalEx
CoUninitialize
CoGetCallContext
CoGetMalloc
CoReleaseMarshalData
CoRegisterClassObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW
StrCmpICW
StrToIntW
StrCmpNICW
StrCmpNIW
StrCmpICA
StrChrIW
StrRChrW
StrStrIW
StrCmpW
QISearch
StrChrW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_Set
IUnknown_QueryService
IUnknown_GetSite

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalReAlloc
GlobalFree
LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetWindowsDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetTickCount

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
SearchPathW
GetCommandLineW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBlanksW
PathCommonPrefixW
PathFindFileNameW
PathGetArgsW
PathFileExistsW
PathGetDriveNumberW
PathCombineW
PathQuoteSpacesW
PathRemoveFileSpecW
SHExpandEnvironmentStringsW
PathFindExtensionW
PathParseIconLocationW
PathIsFileSpecW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsSubstringWithSpecifiedLength
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHCreateThread
SetProcessReference
SHGetThreadRef

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHEnumKeyExW
SHRegGetValueW
SHGetValueW
SHSetValueW
SHQueryInfoKeyW
SHDeleteValueW

api-ms-win-security-base-l1-1-0

SetKernelObjectSecurity
CopySid
MakeAbsoluteSD
GetTokenInformation
DuplicateToken
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetLengthSid
GetAclInformation
GetAce
DeleteAce
InitializeAcl
AddAce
IsValidSid

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine
PathCchAddExtension
PathCchAppend

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
MapViewOfFile
VirtualProtect
VirtualFree
UnmapViewOfFile
VirtualAlloc

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
SHCreateStreamOnFileW
IStream_Write
SHCreateStreamOnFileEx
IStream_Reset
IStream_Read

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode
GetProductInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx
CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ShellMessageBoxW
ord279
ord165
ord481
ord479
ord478
SHIsChildOrSelf
StrRetToStrW
AssocQueryStringW
SHPinDllOfCLSID
ord509
SHCreateWorkerWindowW
ord635
IUnknown_GetWindow
StrRetToBufW
PathRemoveArgsW
ord292
ord197
ord544

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
EnumDisplayMonitors
EnumDisplayDevicesW
GetMonitorInfoW
GetSystemMetrics

api-ms-win-ntuser-rectangle-l1-1-0

InflateRect
EqualRect
SetRect
CopyRect
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
PtInRect
SubtractRect
SetRectEmpty

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
UnhookWinEvent
SetWinEventHook

api-ms-win-shell-namespace-l1-1-0

SHBindToObject
ILIsEqual
SHGetNameFromIDList
SHCreateItemFromParsingName
SHGetIDListFromObject
ILRemoveLastID
SHBindToParent
SHCreateItemFromIDList
SHBindToFolderIDListParent
ILFindLastID
ILFree
ILCloneFirst
SHParseDisplayName
ILClone
ILGetSize
ILCombine
ILIsParent

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerInfo
EnableMouseInPointer
GetCurrentInputMessageSource
GetPointerDevices

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SHGetFolderPathEx
SHGetKnownFolderIDList
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
InitVariantFromGUIDAsString
InitVariantFromResource
PropVariantToBoolean
PSCreateMemoryPropertyStore
PSGetPropertyFromPropertyStorage
PropVariantToStringAlloc

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
GetStagedPackagePathByFullName
ParseApplicationUserModelId

gdi32

ExtTextOutW
GetTextExtentPoint32W
CreateRectRgnIndirect
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt
GetTextMetricsW
SetTextAlign
SetTextColor
CreateFontIndirectW
GetClipBox
SelectObject
CreateCompatibleDC
DeleteDC
GetGlyphOutlineW
GetOutlineTextMetricsW
GetClipRgn
SelectClipRgn
GetCurrentObject
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
CombineRgn
DeleteObject
GetObjectW
GetStockObject

kernel32

IsBadWritePtr
RegisterApplicationRestart

wininet

InternetCrackUrlW

shcore

ord162
SHUnicodeToAnsi
ord1
ord192
ord183
ord213
ord126
ord109
ord174
ord121
ord190
ord123
ord186
ord187
ord142
ord200
ord184

shell32

ord134
ord60
ord22
ord850
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord95
SHFileOperationW
ord885
ord723
ord680
ord172
ord100
ord85
ord190
ord89
ord200
ord245
ShellExecuteExW
ord899
ord188
ord201
ord206
SHCreateItemInKnownFolder
ord67
DragQueryFileW
SHChangeNotifyRegisterThread
ord733
ord753
ord644
ord645
SHGetPathFromIDListW
ord4
DuplicateIcon
ord711
ord2
SHGetStockIconInfo
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord137
ord132
ExtractIconExW
ord244
ord181
ord866
ord764
SHEvaluateSystemCommandTemplate
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
SHGetPropertyStoreForWindow
ord193
ord906
ord895
ShellExecuteW
SHGetLocalizedName
SHUpdateRecycleBinIcon

shlwapi

PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate
ord164

uxtheme

GetThemeFont
ord86
DrawThemeBackground
DrawThemeTextEx
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
GetThemeBackgroundExtent
BeginBufferedPaint
IsCompositionActive
BufferedPaintUnInit
GetWindowTheme
SetWindowTheme
GetThemeBool
GetThemeMetric
GetThemeColor
GetThemeInt
GetBufferedPaintBits
IsThemeActive
GetThemePartSize
ord126
BufferedPaintSetAlpha
EndBufferedPaint
ord138
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
IsAppThemed

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmRegisterThumbnail
ord113
ord139
DwmEnableBlurBehindWindow
ord141
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord114
ord138

user32

FillRect
UnregisterClassA
PostThreadMessageW
IsCharAlphaNumericW
CharLowerW
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetDpiForSystem
SetMenuInfo
GetMenuInfo
ord2522
UnregisterClassW
ord2521
UpdateLayeredWindow
GetClassLongPtrW
GetWindowProcessHandle
GetWindowCompositionAttribute
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
CreatePopupMenu
SetThreadDpiAwarenessContext
IsProcessDPIAware
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
GetWindowPlacement
GetGuiResources
IsHungAppWindow
ord2574
SwitchToThisWindow
GetLastActivePopup
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ExitWindowsEx
GetKeyState
IsIconic
LoadIconW
HungWindowFromGhostWindow
SetWindowPlacement
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
InjectKeyboardInput
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
GetSystemMetricsForDpi
ord2005
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
DrawTextExW
SetLayeredWindowAttributes
GetDoubleClickTime
CalculatePopupWindowPosition
GetLayeredWindowAttributes
InternalGetWindowText
GetMenuStringW
SetScrollPos
CopyIcon
GetLastInputInfo
GetScrollInfo
SetScrollInfo
IsZoomed
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
GetMenuState
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
IsTopLevelWindow
DeleteMenu
DrawTextW
LoadMenuW
GetSubMenu
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
MonitorFromPoint
EndTask
ReplyMessage
ord2573
GetAsyncKeyState
ModifyMenuW
BringWindowToTop
InsertMenuW
ShowWindowAsync
GetCursorInfo
GetSystemMenu
GetPhysicalCursorPos
GetClassLongW
GetClassWord
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush

sspicli

LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
GetUserNameExW
LsaConnectUntrusted

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerCreateRequest
PowerSetRequest

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
UuidFromStringW

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem
BiPtEnumerateWorkItemsForPackageName

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
EnumerateIdentityProviders

api-ms-win-crt-math-l1-1-0

floorf
ceilf

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.newsec
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe6f775dd0c72ffd106f56930c60a452

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-memory-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

.text
Size: 2.3MB - Virtual size: 2.3MB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 725KB - Virtual size: 725KB

.data
Size: 10KB - Virtual size: 26KB

.pdata
Size: 110KB - Virtual size: 110KB

.didat
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 20KB - Virtual size: 19KB

.newsec
Size: 512B - Virtual size: 4KB