General

Malware Config

Signatures

Files

• bazaar.zip

  .zip
• bazaar/2024-06-23_08-02.png

  .png
• bazaar/80.76.49.148/1/index.html

  .html
• bazaar/80.76.49.148/1/rkAIWKEr1/index.html

  .html
• bazaar/80.76.49.148/1/rkAIWKEr1/win1.cmd

  .cmd .vbs
• bazaar/80.76.49.148/DtRbsscQ/index.html

  .html
• bazaar/80.76.49.148/DtRbsscQ/lander.vbs

  .vbs
• bazaar/80.76.49.148/DtRbsscQ/lander2.vbs

  .vbs
• bazaar/80.76.49.148/DtRbsscQ2 - Copy/index.html

  .html
• bazaar/80.76.49.148/DtRbsscQ2 - Copy/lander.vbs

  .vbs
• bazaar/80.76.49.148/DtRbsscQ2/index.html

  .html
• bazaar/80.76.49.148/DtRbsscQ2/lander.vbs

  .vbs
• bazaar/80.76.49.148/LgGFdDAm/AntiVirus.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 833KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/AntiVirus00.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/AntiVirus2.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Code Sign

  33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  05-05-2022 19:23

  Not After

  04-05-2023 19:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7b

  Signer

  Actual PE Digest

  19:8c:a1:71:a6:70:fa:5e:11:fc:14:5a:10:5a:db:51:80:57:30:82:37:92:d5:37:17:2c:74:76:3c:9b:32:7b

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/AntiVirus3.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/AntiVirus4.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/Antivirus333.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/Client.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/Rihypax_LetThereBeNightingale_obf.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 158KB - Virtual size: 157KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/index.html

  .html
• bazaar/80.76.49.148/LgGFdDAm/main.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 158KB - Virtual size: 157KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm/main2.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 400KB - Virtual size: 400KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm2/AntiVirus2.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm2/Antivirus.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm2/index.html

  .html
• bazaar/80.76.49.148/LgGFdDAm3/AntiVirus1.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/LgGFdDAm3/index.html

  .html
• bazaar/80.76.49.148/ab/alabi.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 432KB - Virtual size: 432KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/ab/index.html

  .html
• bazaar/80.76.49.148/all file/DtRbsscQ/index.html

  .html
• bazaar/80.76.49.148/all file/DtRbsscQ/lander.vbs

  .vbs
• bazaar/80.76.49.148/all file/LgGFdDAm/index.html

  .html
• bazaar/80.76.49.148/all file/LgGFdDAm/main.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/all file/index.html

  .html
• bazaar/80.76.49.148/all file/rkAIWKEr/index.html

  .html
• bazaar/80.76.49.148/all file/rkAIWKEr/win1.cmd

  .cmd .vbs
• bazaar/80.76.49.148/all file/ycJOjCuR/index.html

  .html
• bazaar/80.76.49.148/all file/ycJOjCuR/lamda.cmd
• bazaar/80.76.49.148/all file/ycJOjCuR/lamda1.cmd
• bazaar/80.76.49.148/iisstart.png

  .png
• bazaar/80.76.49.148/index.html

  .html
• bazaar/80.76.49.148/me/1.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 834KB - Virtual size: 833KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/2.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/3.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/4.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Azafyvo_LetThereBeNightingale_obf.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Ebyloto_LetThereBeNightingale_obf.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 166KB - Virtual size: 166KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Enomoky_LetThereBeNightingale_obf.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 166KB - Virtual size: 166KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Imejygo_LetThereBeNightingale.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Rihypax_LetThereBeNightingale_obf.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 158KB - Virtual size: 157KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Unusoke_LetThereBeNightingale.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/Xujamon_LetThereBeNightingale.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/me/index.html

  .html
• bazaar/80.76.49.148/me/sch.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/output.exe

  .exe windows:5 windows x86 arch:x86

  729115e660d22df63904ee7c0dbd38ad

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\463802\out\Release\FeedBack.pdb

  Imports

  kernel32

  GetSystemWindowsDirectoryW

  FreeResource

  GetUserDefaultUILanguage

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  CopyFileW

  GetSystemDirectoryW

  GetSystemTimeAsFileTime

  CompareFileTime

  GetFileAttributesW

  lstrcpynW

  lstrlenA

  GetCurrentProcessId

  CreateFileW

  DeviceIoControl

  CreateProcessW

  GetTickCount

  lstrcmpiW

  LoadLibraryExW

  MultiByteToWideChar

  CreateEventW

  ResetEvent

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  MulDiv

  lstrcmpW

  lstrlenW

  FindResourceExW

  LoadResource

  LockResource

  SizeofResource

  FindResourceW

  FindFirstFileW

  FindNextFileW

  FindClose

  GetTempPathW

  GetTempFileNameW

  DeleteFileW

  ProcessIdToSessionId

  SetVolumeLabelW

  UnmapViewOfFile

  CreateFileMappingW

  MapViewOfFile

  lstrcmpiA

  lstrcmpA

  HeapWalk

  HeapLock

  OpenThread

  HeapUnlock

  OutputDebugStringW

  GetFileSizeEx

  SetFilePointerEx

  InterlockedIncrement

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  SetEndOfFile

  CreateFileA

  GetLocaleInfoW

  WriteConsoleW

  GetFileAttributesExW

  WriteConsoleA

  SetStdHandle

  InitializeCriticalSectionAndSpinCount

  FlushFileBuffers

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetStartupInfoA

  GetFileType

  FileTimeToLocalFileTime

  GetDateFormatA

  GetTimeFormatA

  GetConsoleMode

  GetConsoleCP

  GetModuleFileNameA

  GetStdHandle

  IsValidCodePage

  GetOEMCP

  GetACP

  HeapCreate

  ExitProcess

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  MoveFileW

  GetStringTypeW

  LCMapStringW

  LCMapStringA

  GetCPInfo

  GetStartupInfoW

  CreateThread

  ExitThread

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlUnwind

  SetFileTime

  GetShortPathNameW

  GetDiskFreeSpaceExW

  MoveFileExW

  SetFileAttributesW

  RemoveDirectoryW

  TerminateProcess

  ReleaseMutex

  OpenMutexW

  GlobalMemoryStatus

  GlobalMemoryStatusEx

  GetDriveTypeW

  GetSystemPowerStatus

  LocalAlloc

  ReadFile

  SystemTimeToFileTime

  GetModuleHandleA

  GetTimeZoneInformation

  LocalFree

  GetPrivateProfileStringW

  GlobalFree

  CreateMutexW

  GetWindowsDirectoryW

  CreateRemoteThread

  GetVersionExW

  GetSystemInfo

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  FreeConsole

  WideCharToMultiByte

  OpenProcess

  CreateDirectoryW

  GetFileSize

  SetFilePointer

  GetConsoleOutputCP

  FileTimeToSystemTime

  WriteFile

  InterlockedDecrement

  GetModuleFileNameW

  SetEvent

  WaitForSingleObject

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GetCurrentProcess

  FlushInstructionCache

  DeleteCriticalSection

  RaiseException

  GetCurrentThreadId

  SetLastError

  SetErrorMode

  LoadLibraryW

  GetProcAddress

  GetCommandLineW

  GetModuleHandleW

  FreeLibrary

  HeapSize

  HeapReAlloc

  HeapDestroy

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  LoadLibraryA

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetVersion

  WaitForMultipleObjects

  InterlockedExchange

  InterlockedCompareExchange

  SetHandleCount

  Sleep

  CloseHandle

  LocalFileTimeToFileTime

  GetLastError

  user32

  GetForegroundWindow

  TranslateMessage

  GetMessageW

  PeekMessageW

  DestroyWindow

  SetWindowLongW

  ShowWindow

  RegisterClassExW

  LoadCursorW

  GetClassInfoExW

  RegisterWindowMessageW

  GetWindowLongW

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  DestroyAcceleratorTable

  GetSysColor

  GetWindow

  GetFocus

  SetFocus

  IsChild

  EndPaint

  FillRect

  BeginPaint

  GetClientRect

  IsWindow

  RedrawWindow

  SetWindowPos

  EnumDisplayMonitors

  LoadStringW

  UnregisterClassA

  GetClassNameW

  GetParent

  CharNextW

  GetDesktopWindow

  ReleaseDC

  GetDC

  CreateAcceleratorTableW

  MoveWindow

  ClientToScreen

  ScreenToClient

  ReleaseCapture

  SetCapture

  InvalidateRect

  InvalidateRgn

  SendMessageW

  GetDlgItem

  CallWindowProcW

  GetWindowRect

  DefWindowProcW

  CreateWindowExW

  PostQuitMessage

  PostMessageW

  LoadImageW

  GetSystemMetrics

  SetRectEmpty

  EnumChildWindows

  SwitchToThisWindow

  SetForegroundWindow

  BringWindowToTop

  IsWindowVisible

  CopyRect

  CreateDialogParamW

  SetTimer

  KillTimer

  IsDialogMessageW

  MapWindowPoints

  GetMonitorInfoW

  MonitorFromWindow

  IsMenu

  GetSubMenu

  GetMenuStringW

  GetMenuItemCount

  GetMenuItemID

  DestroyMenu

  ModifyMenuW

  IsRectEmpty

  GetWindowThreadProcessId

  SendMessageTimeoutW

  FindWindowW

  GetWindowPlacement

  EnumDisplaySettingsW

  MonitorFromPoint

  SetActiveWindow

  AttachThreadInput

  AllowSetForegroundWindow

  keybd_event

  GetKeyboardState

  WindowFromPoint

  LoadIconW

  GetCursorPos

  SetCaretPos

  ShowCaret

  CreateCaret

  HideCaret

  SetDlgItemTextW

  LoadMenuW

  IsIconic

  EnableMenuItem

  GetKeyState

  OpenClipboard

  IsClipboardFormatAvailable

  GetClipboardData

  CloseClipboard

  DrawTextW

  PtInRect

  GetClassLongW

  SetClassLongW

  GetMessagePos

  EnableWindow

  GetWindowDC

  SetRect

  SetCursor

  OffsetRect

  WaitForInputIdle

  GetActiveWindow

  MessageBoxW

  SetWindowRgn

  UpdateWindow

  MonitorFromRect

  DispatchMessageW

  gdi32

  SetTextColor

  SetBkMode

  SetBkColor

  ExtTextOutW

  Rectangle

  CreatePen

  GetTextExtentPoint32W

  CreateFontIndirectW

  SetViewportOrgEx

  GetTextMetricsW

  GetObjectA

  GetPixel

  CreateFontW

  CreatePolygonRgn

  GetStockObject

  GetObjectW

  GetDeviceCaps

  CreateSolidBrush

  DeleteObject

  CreateCompatibleBitmap

  CreateCompatibleDC

  SelectObject

  BitBlt

  DeleteDC

  EnumFontFamiliesW

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  ConvertSidToStringSidW

  RegEnumKeyExA

  RegCreateKeyA

  GetSidSubAuthority

  DuplicateTokenEx

  ConvertStringSidToSidW

  GetLengthSid

  SetTokenInformation

  CreateProcessAsUserW

  OpenProcessToken

  GetTokenInformation

  RegQueryInfoKeyW

  RegSetValueExW

  RegEnumKeyExW

  RegCreateKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  RegOpenKeyW

  shell32

  Shell_NotifyIconW

  SHGetPathFromIDListW

  ord680

  ExtractIconExW

  ShellExecuteW

  SHGetFolderPathW

  ord165

  SHBrowseForFolderW

  SHFileOperationW

  ShellExecuteExW

  SHCreateDirectoryExW

  SHGetSpecialFolderPathW

  ole32

  OleLockRunning

  CoTaskMemFree

  CoTaskMemRealloc

  StringFromGUID2

  CoCreateInstance

  CLSIDFromString

  CLSIDFromProgID

  CoUninitialize

  OleUninitialize

  OleInitialize

  CoInitialize

  CreateStreamOnHGlobal

  CoGetClassObject

  CoTaskMemAlloc

  oleaut32

  SafeArrayUnlock

  SysFreeString

  SysAllocStringLen

  SysStringLen

  SysAllocString

  VariantInit

  VariantClear

  SysAllocStringByteLen

  SysStringByteLen

  OleCreateFontIndirect

  LoadRegTypeLi

  LoadTypeLi

  VarUI4FromStr

  DispCallFunc

  SafeArrayCopy

  SafeArrayGetVartype

  SafeArrayCreate

  SafeArrayDestroy

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayLock

  VariantCopy

  VarBstrCmp

  shlwapi

  StrChrW

  StrCmpNW

  wnsprintfW

  PathUnquoteSpacesW

  StrCmpW

  PathCanonicalizeW

  SHSetValueA

  SHDeleteValueA

  PathCompactPathW

  PathAddBackslashW

  PathStripPathW

  PathStripToRootW

  PathIsDirectoryW

  SHGetValueA

  PathFindFileNameW

  ord437

  StrCmpIW

  PathRemoveFileSpecW

  StrStrIW

  PathIsRelativeW

  PathFileExistsW

  SHGetValueW

  PathCombineW

  PathAppendW

  ColorRGBToHLS

  ColorHLSToRGB

  StrCmpNIW

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  gdiplus

  GdipGetPathGradientPointCount

  GdipSetPathGradientSurroundColorsWithCount

  GdipResetPath

  GdipSetStringFormatAlign

  GdipCreatePathGradientFromPath

  GdipAddPathEllipseI

  GdipSetStringFormatLineAlign

  GdipCreatePath

  GdipDeletePath

  GdipAddPathLineI

  GdipClosePathFigure

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromFile

  GdipAddPathRectangleI

  GdipCreateFromHDC

  GdipAddPathArcI

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipSetPenDashOffset

  GdipSetPathGradientCenterColor

  GdipCreateHBITMAPFromBitmap

  GdipDrawImagePointRectI

  GdipRotateWorldTransform

  GdipTranslateWorldTransform

  GdipResetWorldTransform

  GdipBitmapSetPixel

  GdipBitmapGetPixel

  GdipCloneImage

  GdipDisposeImage

  GdipCreateBitmapFromScan0

  GdipGetImagePixelFormat

  GdipGetFontHeight

  GdipDeleteFont

  GdipCreateFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipDeleteFontFamily

  GdipPrivateAddMemoryFont

  GdipDeletePrivateFontCollection

  GdipNewPrivateFontCollection

  GdipGetFontCollectionFamilyList

  GdipCloneFontFamily

  GdipResetClip

  GdipSetClipRectI

  GdipDrawImageRectRectI

  GdipDrawImageRectI

  GdipMeasureString

  GdipDrawString

  GdipFillPath

  GdipFillRectangleI

  GdipFillRectangle

  GdipDrawPath

  GdipDrawEllipseI

  GdipDrawRectangleI

  GdipDrawLineI

  GdipDrawLine

  GdipSetPixelOffsetMode

  GdipGetPixelOffsetMode

  GdipSetSmoothingMode

  GdipGetSmoothingMode

  GdipSetTextRenderingHint

  GdipDeleteGraphics

  GdipGetImageGraphicsContext

  GdipCreateFromHWNDICM

  GdipCreateFromHWND

  GdipSetPenDashStyle

  GdipSetPenWidth

  GdipDeletePen

  GdipCreatePen2

  GdipCreatePen1

  GdipSetPathGradientGammaCorrection

  GdipSetPathGradientCenterPoint

  GdipAddPathLine2

  GdipSetLinePresetBlend

  GdipCreateLineBrushFromRect

  GdipCloneBrush

  GdipDeleteBrush

  GdipCreateSolidFill

  GdipAlloc

  GdipFree

  GdipGetImageHeight

  GdipGetImageWidth

  GdipGetPathWorldBoundsI

  GdipAddPathPie

  GdipAddPathLine

  GdipAddPathArc

  GdipSaveImageToFile

  GdipCreateBitmapFromHBITMAP

  GdipGetImageEncoders

  GdipGetImageEncodersSize

  GdipSetInterpolationMode

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  wintrust

  WTHelperProvDataFromStateData

  WinVerifyTrust

  crypt32

  CryptStringToBinaryA

  CertGetNameStringW

  CryptBinaryToStringA

  wininet

  InternetQueryOptionW

  InternetReadFile

  HttpQueryInfoW

  InternetCloseHandle

  InternetOpenUrlW

  InternetSetOptionW

  InternetOpenW

  DeleteUrlCacheEntryW

  InternetGetConnectedState

  psapi

  GetModuleFileNameExW

  riched20

  ord4

  userenv

  GetUserProfileDirectoryW

  Sections

  .text

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 239KB - Virtual size: 240KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 27KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.9MB - Virtual size: 3.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/rkAIWKEr/index.html

  .html
• bazaar/80.76.49.148/rkAIWKEr/win1.cmd

  .cmd .vbs
• bazaar/80.76.49.148/rkAIWKEr/win2.cmd

  .cmd .vbs
• bazaar/80.76.49.148/rkAIWKEr2/index.html

  .html
• bazaar/80.76.49.148/rkAIWKEr2/win1.cmd

  .cmd .vbs
• bazaar/80.76.49.148/rkAIWKEr2/win1.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/rkAIWKEr2/win4.cmd

  .cmd .vbs
• bazaar/80.76.49.148/running/DtRbsscQ/index.html

  .html
• bazaar/80.76.49.148/running/DtRbsscQ/lander.vbs

  .vbs
• bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/running/LgGFdDAm/AntiVirus2.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 433KB - Virtual size: 433KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/running/LgGFdDAm/index.html

  .html
• bazaar/80.76.49.148/running/index.html

  .html
• bazaar/80.76.49.148/running/rkAIWKEr/index.html

  .html
• bazaar/80.76.49.148/running/rkAIWKEr/win1.cmd

  .cmd .vbs
• bazaar/80.76.49.148/running/rkAIWKEr/win1.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/running/rkAIWKEr/win4.cmd

  .cmd .vbs
• bazaar/80.76.49.148/running/ycJOjCuR/index.html

  .html
• bazaar/80.76.49.148/running/ycJOjCuR/lamda.cmd
• bazaar/80.76.49.148/tbsh/Chr0me.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 832KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/tbsh/Chrome.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 833KB - Virtual size: 833KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• bazaar/80.76.49.148/tbsh/index.html

  .html
• bazaar/80.76.49.148/ycJOjCuR/index.html

  .html
• bazaar/80.76.49.148/ycJOjCuR/lamd.cmd
• bazaar/80.76.49.148/ycJOjCuR/lamda.cmd
• bazaar/80.76.49.148/ycJOjCuR2/index.html

  .html
• bazaar/80.76.49.148/ycJOjCuR2/lamda.cmd
• bazaar/80.76.49.148/ycJOjCuR2/use in future.txt
• bazaar/f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.zip

  .zip

  Password: infected

• f513d263e64eddbd4e71dd6ca9652be04ebcacfa423e3d3b4046f1bd3fdc23d8.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ