phemedrone | bazaar[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

bazaar.zip
Size

13.0MB
MD5

86450906986e81de498f52c8b666c9b6
SHA1

5ebf7c047975f59ba40cd611ac906dfb6839c642
SHA256

ed810a225c4f5cc6115a4e2ad118097dc707752d538ff0ad975dc3668fc71881
SHA512

dfd1d9c9e50f547207d612c68ddc43476680e121b2c52e76bb3df526c861d461c0251c70bdbb1164bbaf0e269656863153e4128afcb69d9122d9c72a8a046b51
SSDEEP

393216:HR48Hn5wri7+rH36wM5XgIlsSGpgebcmi4:xBHn5qxHV4XgIlsSGKem4

Score

10^/10

rat default phemedrone asyncrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.2

Botnet

Default

80.76.49.148:4545

193.222.96.13:4449

85.209.133.18:4545

Mutex

ytsriovcxdv

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 10 IoCs

rat

resource	yara_rule
static1/unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus3.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus4.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/LgGFdDAm/Client.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/LgGFdDAm/main2.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/LgGFdDAm3/AntiVirus1.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/all file/LgGFdDAm/main.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/rkAIWKEr2/win1.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus.exe	family_asyncrat
static1/unpack001/bazaar/80.76.49.148/running/rkAIWKEr/win1.exe	family_asyncrat
static1/unpack002/f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.exe	family_asyncrat

Asyncrat family
asyncrat
Phemedrone family
phemedrone

Unsigned PE 34 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus00.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus3.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/AntiVirus4.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/Antivirus333.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/Client.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/Rihypax_LetThereBeNightingale_obf.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/main.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm/main2.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm2/AntiVirus2.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm2/Antivirus.exe
unpack001/bazaar/80.76.49.148/LgGFdDAm3/AntiVirus1.exe
unpack001/bazaar/80.76.49.148/ab/alabi.exe
unpack001/bazaar/80.76.49.148/all file/LgGFdDAm/main.exe
unpack001/bazaar/80.76.49.148/me/1.exe
unpack001/bazaar/80.76.49.148/me/2.exe
unpack001/bazaar/80.76.49.148/me/3.exe
unpack001/bazaar/80.76.49.148/me/4.exe
unpack001/bazaar/80.76.49.148/me/Azafyvo_LetThereBeNightingale_obf.exe
unpack001/bazaar/80.76.49.148/me/Ebyloto_LetThereBeNightingale_obf.exe
unpack001/bazaar/80.76.49.148/me/Enomoky_LetThereBeNightingale_obf.exe
unpack001/bazaar/80.76.49.148/me/Imejygo_LetThereBeNightingale.exe
unpack001/bazaar/80.76.49.148/me/Rihypax_LetThereBeNightingale_obf.exe
unpack001/bazaar/80.76.49.148/me/Unusoke_LetThereBeNightingale.exe
unpack001/bazaar/80.76.49.148/me/Xujamon_LetThereBeNightingale.exe
unpack001/bazaar/80.76.49.148/me/sch.exe
unpack001/bazaar/80.76.49.148/output.exe
unpack001/bazaar/80.76.49.148/rkAIWKEr2/win1.exe
unpack001/bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus.exe
unpack001/bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus2.exe
unpack001/bazaar/80.76.49.148/running/rkAIWKEr/win1.exe
unpack001/bazaar/80.76.49.148/tbsh/Chr0me.exe
unpack001/bazaar/80.76.49.148/tbsh/Chrome.exe
unpack002/f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.exe

Files

bazaar.zip
.zip
bazaar/2024-06-23_08-02.png
.png
bazaar/80.76.49.148/1/index.html
.html
bazaar/80.76.49.148/1/rkAIWKEr1/index.html
.html
bazaar/80.76.49.148/1/rkAIWKEr1/win1.cmd
.cmd .vbs
bazaar/80.76.49.148/DtRbsscQ/index.html
.html
bazaar/80.76.49.148/DtRbsscQ/lander.vbs
.vbs
bazaar/80.76.49.148/DtRbsscQ/lander2.vbs
.vbs
bazaar/80.76.49.148/DtRbsscQ2 - Copy/index.html
.html
bazaar/80.76.49.148/DtRbsscQ2 - Copy/lander.vbs
.vbs
bazaar/80.76.49.148/DtRbsscQ2/index.html
.html
bazaar/80.76.49.148/DtRbsscQ2/lander.vbs
.vbs
bazaar/80.76.49.148/LgGFdDAm/AntiVirus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/AntiVirus00.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/AntiVirus2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7b
Signer

Actual PE Digest

19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/AntiVirus3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/AntiVirus4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/Antivirus333.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/Rihypax_LetThereBeNightingale_obf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/index.html
.html
bazaar/80.76.49.148/LgGFdDAm/main.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm/main2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm2/AntiVirus2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm2/Antivirus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm2/index.html
.html
bazaar/80.76.49.148/LgGFdDAm3/AntiVirus1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/LgGFdDAm3/index.html
.html
bazaar/80.76.49.148/ab/alabi.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/ab/index.html
.html
bazaar/80.76.49.148/all file/DtRbsscQ/index.html
.html
bazaar/80.76.49.148/all file/DtRbsscQ/lander.vbs
.vbs
bazaar/80.76.49.148/all file/LgGFdDAm/index.html
.html
bazaar/80.76.49.148/all file/LgGFdDAm/main.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/all file/index.html
.html
bazaar/80.76.49.148/all file/rkAIWKEr/index.html
.html
bazaar/80.76.49.148/all file/rkAIWKEr/win1.cmd
.cmd .vbs
bazaar/80.76.49.148/all file/ycJOjCuR/index.html
.html
bazaar/80.76.49.148/all file/ycJOjCuR/lamda.cmd
bazaar/80.76.49.148/all file/ycJOjCuR/lamda1.cmd
bazaar/80.76.49.148/iisstart.png
.png
bazaar/80.76.49.148/index.html
.html
bazaar/80.76.49.148/me/1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 834KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Azafyvo_LetThereBeNightingale_obf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Ebyloto_LetThereBeNightingale_obf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Enomoky_LetThereBeNightingale_obf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Imejygo_LetThereBeNightingale.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Rihypax_LetThereBeNightingale_obf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Unusoke_LetThereBeNightingale.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/Xujamon_LetThereBeNightingale.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/me/index.html
.html
bazaar/80.76.49.148/me/sch.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/output.exe
.exe windows:5 windows x86 arch:x86

729115e660d22df63904ee7c0dbd38ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\463802\out\Release\FeedBack.pdb

Imports

kernel32

GetSystemWindowsDirectoryW
FreeResource
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetCurrentDirectoryW
CopyFileW
GetSystemDirectoryW
GetSystemTimeAsFileTime
CompareFileTime
GetFileAttributesW
lstrcpynW
lstrlenA
GetCurrentProcessId
CreateFileW
DeviceIoControl
CreateProcessW
GetTickCount
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
CreateEventW
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MulDiv
lstrcmpW
lstrlenW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
DeleteFileW
ProcessIdToSessionId
SetVolumeLabelW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
lstrcmpiA
lstrcmpA
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetFileAttributesExW
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
FileTimeToLocalFileTime
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MoveFileW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
SetFileTime
GetShortPathNameW
GetDiskFreeSpaceExW
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
TerminateProcess
ReleaseMutex
OpenMutexW
GlobalMemoryStatus
GlobalMemoryStatusEx
GetDriveTypeW
GetSystemPowerStatus
LocalAlloc
ReadFile
SystemTimeToFileTime
GetModuleHandleA
GetTimeZoneInformation
LocalFree
GetPrivateProfileStringW
GlobalFree
CreateMutexW
GetWindowsDirectoryW
CreateRemoteThread
GetVersionExW
GetSystemInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FreeConsole
WideCharToMultiByte
OpenProcess
CreateDirectoryW
GetFileSize
SetFilePointer
GetConsoleOutputCP
FileTimeToSystemTime
WriteFile
InterlockedDecrement
GetModuleFileNameW
SetEvent
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
SetErrorMode
LoadLibraryW
GetProcAddress
GetCommandLineW
GetModuleHandleW
FreeLibrary
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersion
WaitForMultipleObjects
InterlockedExchange
InterlockedCompareExchange
SetHandleCount
Sleep
CloseHandle
LocalFileTimeToFileTime
GetLastError

user32

GetForegroundWindow
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
ShowWindow
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
GetWindow
GetFocus
SetFocus
IsChild
EndPaint
FillRect
BeginPaint
GetClientRect
IsWindow
RedrawWindow
SetWindowPos
EnumDisplayMonitors
LoadStringW
UnregisterClassA
GetClassNameW
GetParent
CharNextW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
MoveWindow
ClientToScreen
ScreenToClient
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageW
GetDlgItem
CallWindowProcW
GetWindowRect
DefWindowProcW
CreateWindowExW
PostQuitMessage
PostMessageW
LoadImageW
GetSystemMetrics
SetRectEmpty
EnumChildWindows
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
IsWindowVisible
CopyRect
CreateDialogParamW
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
IsMenu
GetSubMenu
GetMenuStringW
GetMenuItemCount
GetMenuItemID
DestroyMenu
ModifyMenuW
IsRectEmpty
GetWindowThreadProcessId
SendMessageTimeoutW
FindWindowW
GetWindowPlacement
EnumDisplaySettingsW
MonitorFromPoint
SetActiveWindow
AttachThreadInput
AllowSetForegroundWindow
keybd_event
GetKeyboardState
WindowFromPoint
LoadIconW
GetCursorPos
SetCaretPos
ShowCaret
CreateCaret
HideCaret
SetDlgItemTextW
LoadMenuW
IsIconic
EnableMenuItem
GetKeyState
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
DrawTextW
PtInRect
GetClassLongW
SetClassLongW
GetMessagePos
EnableWindow
GetWindowDC
SetRect
SetCursor
OffsetRect
WaitForInputIdle
GetActiveWindow
MessageBoxW
SetWindowRgn
UpdateWindow
MonitorFromRect
DispatchMessageW

gdi32

SetTextColor
SetBkMode
SetBkColor
ExtTextOutW
Rectangle
CreatePen
GetTextExtentPoint32W
CreateFontIndirectW
SetViewportOrgEx
GetTextMetricsW
GetObjectA
GetPixel
CreateFontW
CreatePolygonRgn
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
EnumFontFamiliesW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

ConvertSidToStringSidW
RegEnumKeyExA
RegCreateKeyA
GetSidSubAuthority
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
ord680
ExtractIconExW
ShellExecuteW
SHGetFolderPathW
ord165
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CreateStreamOnHGlobal
CoGetClassObject
CoTaskMemAlloc

oleaut32

SafeArrayUnlock
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
DispCallFunc
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
VariantCopy
VarBstrCmp

shlwapi

StrChrW
StrCmpNW
wnsprintfW
PathUnquoteSpacesW
StrCmpW
PathCanonicalizeW
SHSetValueA
SHDeleteValueA
PathCompactPathW
PathAddBackslashW
PathStripPathW
PathStripToRootW
PathIsDirectoryW
SHGetValueA
PathFindFileNameW
ord437
StrCmpIW
PathRemoveFileSpecW
StrStrIW
PathIsRelativeW
PathFileExistsW
SHGetValueW
PathCombineW
PathAppendW
ColorRGBToHLS
ColorHLSToRGB
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipResetPath
GdipSetStringFormatAlign
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipSetStringFormatLineAlign
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipClosePathFigure
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipAddPathRectangleI
GdipCreateFromHDC
GdipAddPathArcI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashOffset
GdipSetPathGradientCenterColor
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetFontHeight
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipResetClip
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipFillRectangle
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipDrawLine
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipSetPenDashStyle
GdipSetPenWidth
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipAddPathLine2
GdipSetLinePresetBlend
GdipCreateLineBrushFromRect
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringA

wininet

InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
DeleteUrlCacheEntryW
InternetGetConnectedState

psapi

GetModuleFileNameExW

riched20

ord4

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/rkAIWKEr/index.html
.html
bazaar/80.76.49.148/rkAIWKEr/win1.cmd
.cmd .vbs
bazaar/80.76.49.148/rkAIWKEr/win2.cmd
.cmd .vbs
bazaar/80.76.49.148/rkAIWKEr2/index.html
.html
bazaar/80.76.49.148/rkAIWKEr2/win1.cmd
.cmd .vbs
bazaar/80.76.49.148/rkAIWKEr2/win1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/rkAIWKEr2/win4.cmd
.cmd .vbs
bazaar/80.76.49.148/running/DtRbsscQ/index.html
.html
bazaar/80.76.49.148/running/DtRbsscQ/lander.vbs
.vbs
bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/running/LgGFdDAm/index.html
.html
bazaar/80.76.49.148/running/index.html
.html
bazaar/80.76.49.148/running/rkAIWKEr/index.html
.html
bazaar/80.76.49.148/running/rkAIWKEr/win1.cmd
.cmd .vbs
bazaar/80.76.49.148/running/rkAIWKEr/win1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/running/rkAIWKEr/win4.cmd
.cmd .vbs
bazaar/80.76.49.148/running/ycJOjCuR/index.html
.html
bazaar/80.76.49.148/running/ycJOjCuR/lamda.cmd
bazaar/80.76.49.148/tbsh/Chr0me.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/tbsh/Chrome.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bazaar/80.76.49.148/tbsh/index.html
.html
bazaar/80.76.49.148/ycJOjCuR/index.html
.html
bazaar/80.76.49.148/ycJOjCuR/lamd.cmd
bazaar/80.76.49.148/ycJOjCuR/lamda.cmd
bazaar/80.76.49.148/ycJOjCuR2/index.html
.html
bazaar/80.76.49.148/ycJOjCuR2/lamda.cmd
bazaar/80.76.49.148/ycJOjCuR2/use in future.txt
bazaar/f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.zip
.zip

Password: infected
f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 833KB - Virtual size: 833KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 833KB - Virtual size: 832KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7bSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 141KB - Virtual size: 141KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 68KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 68KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 141KB - Virtual size: 141KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 69KB - Virtual size: 68KB

.text
Size: 833KB - Virtual size: 833KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 833KB - Virtual size: 832KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7b
Signer

.text
Size: 141KB - Virtual size: 141KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 141KB - Virtual size: 141KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 158KB - Virtual size: 157KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 158KB - Virtual size: 157KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 400KB - Virtual size: 400KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 833KB - Virtual size: 832KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 141KB - Virtual size: 141KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B