Desktop[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

28.2MB
MD5

a53195ba3393b1b22dc10aa1fb89138e
SHA1

4d14bdc398738571f5f54645c6cfa1f71599c5d5
SHA256

2493b1670448dd397094a7c28368d91f5eb97fd2f959d04d6c9ca5082e522c58
SHA512

f8bb56d7dd41e3b628778048854d4d037f34983c9c717a343363878c923b3f54b41df9f823587de142680260a30387ec5bae9bdd90acd8a86d2cf7a843bc0c05
SSDEEP

786432:Fb6O1bbEkl5P8wfg1xa5eo5HxIMqKMt/cNu8Wy+xMVo:FGO1b4Y141CZxIM7uB8fIMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[FreeTP.Org]Risk-of-Rain-2-Multiplayer-Fix-Online.exe
unpack001/qbittorrent_4.3.6_x64_setup.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/nsisFirewallW.dll
unpack002/qbittorrent.exe

Files

Desktop.rar
.rar
Risk_of_Rain_2_1.2.4.4.torrent
[FreeTP.Org]Risk-of-Rain-2-Multiplayer-Fix-Online.exe
.exe windows:5 windows x86 arch:x86

483f0c4259a9148c34961abbda6146c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qbittorrent_4.3.6_x64_setup.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:5 windows x86 arch:x86

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
CloseHandle
Sleep
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetLongPathNameW
lstrcmpiW
QueryDosDeviceW
GetLogicalDriveStringsW
lstrlenW
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetVersionExW

Exports

Exports

FindProc
KillProc
WaitProcEnd
WaitProcStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.exe
.exe windows:6 windows x64 arch:x64

5d424bcf95b6ab1d0fdd9378b9ff9c86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\QBITTORRENT\build-qbittorrent436-Qt5_msvc2017_x64-Release\src\release\qbittorrent.pdb

Imports

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
NotifyUnicastIpAddressChange
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW
CancelMibChangeNotify2

powrprof

SetSuspendState

user32

GetTouchInputInfo
GetMessageExtraInfo
GetAsyncKeyState
EnumWindows
AllowSetForegroundWindow
ShutdownBlockReasonDestroy
ChangeWindowMessageFilterEx
DrawIconEx
PostThreadMessageW
KillTimer
GetQueueStatus
DestroyIcon
CallNextHookEx
RegisterClassW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
ShutdownBlockReasonCreate
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
SetTimer
TrackMouseEvent
GetIconInfo
GetCursor
GetCursorInfo
GetWindowTextW
CloseTouchInputHandle
RealGetWindowClassW
CreateIconIndirect
CreateCursor
LoadCursorW
SetCursorPos
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClipboardFormatW
GetMenuItemInfoW
ModifyMenuW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetDesktopWindow
GetSysColor
GetDC
DestroyWindow
DefWindowProcW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
IsWindow
MessageBeep
EndPaint
BeginPaint
IsIconic
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
UpdateLayeredWindow
GetClientRect
SetWindowLongW
FlashWindowEx
SetCursor
SetCapture
SetParent
GetUpdateRect
SetFocus
SetLayeredWindowAttributes
UnregisterTouchWindow
MoveWindow
GetForegroundWindow
AttachThreadInput
SetWindowPlacement
IsChild
ClientToScreen
RegisterTouchWindow
GetCapture
ShowWindow
DestroyCursor
GetWindowPlacement
GetWindowLongPtrW
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowRgn
SetWindowLongPtrW
SetWindowPos
IsWindowVisible
GetMenu
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
IsTouchWindow
AdjustWindowRectEx
GetSystemMenu
GetWindowThreadProcessId
GetWindowLongW
GetCursorPos
LoadImageW
GetSysColorBrush
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetKeyboardLayoutList
GetClassInfoW
WindowFromPoint
RegisterClassExW
ChildWindowFromPointEx
UnregisterClassW
GetFocus
ChangeClipboardChain
IsHungAppWindow
SetClipboardViewer
FindWindowA
RegisterWindowMessageW
ShowCaret
DestroyCaret
IsWindowEnabled
GetKeyboardLayout
CreateCaret
SetCaretPos
HideCaret
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
ToAscii
IsZoomed
TrackPopupMenuEx
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
MapVirtualKeyW
GetKeyState
LoadIconW
CreateMenu
AppendMenuW
RemoveMenu
InsertMenuW
DrawMenuBar
DestroyMenu
SetMenu
TrackPopupMenu
CreatePopupMenu

dbghelp

StackWalk64
SymFromAddr
SymGetLineFromAddr64
SymEnumSymbols
SymSetContext
SymGetModuleInfo64
SymCleanup
SymInitializeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetCurrentThemeName
IsThemeActive
GetThemePartSize
GetThemeColor
OpenThemeData
GetThemeBackgroundRegion
SetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeEnumValue
ord47
GetThemeBool
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetThemeMargins
GetThemeInt

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SafeArrayCreateVector
SysAllocString
SysFreeString
SafeArrayPutElement

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetOpenStatus
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmNotifyIME

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertOpenSystemStoreW
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore

gdi32

GetDIBits
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
GetFontData
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
SetGraphicsMode
CreateFontIndirectW
GetBitmapBits
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW
GetOutlineTextMetricsW
GetTextExtentPoint32W

advapi32

InitiateSystemShutdownW
AdjustTokenPrivileges
OpenProcessToken
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
SystemFunction036
CopySid
BuildTrusteeWithSidW
DuplicateToken
GetNamedSecurityInfoW
LookupAccountSidW
MapGenericMask
AccessCheck
GetEffectiveRightsFromAclW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegFlushKey
LookupPrivilegeValueW
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExW

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAHtonl
WSAAccept
WSAConnect
gethostname
accept
WSAAsyncSelect
ioctlsocket
getaddrinfo
freeaddrinfo
getnameinfo
htons
WSAAddressToStringW
ntohs
ntohl
WSASetLastError
WSAStringToAddressW
htonl
WSAGetLastError
WSACleanup
WSAStartup
WSARecv
WSASocketW
select
WSANtohl
getsockname
bind
closesocket
listen
socket
WSASend
__WSAFDIsSet
getpeername
WSARecvFrom
WSASendTo
WSAIoctl
WSANtohs
connect
setsockopt
getsockopt

kernel32

CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
HeapSize
ExitThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
InitializeSListHead
GetStringTypeW
GetTickCount
GetExitCodeThread
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
TryEnterCriticalSection
GetCommandLineA
SetStdHandle
SetFileAttributesW
GetConsoleCP
GetModuleFileNameA
HeapFree
HeapAlloc
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetProcessHeap
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
FindFirstFileExA
FindNextFileA
WriteConsoleW
GetCPInfo
IsDebuggerPresent
VirtualAlloc
VirtualFree
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
ReleaseSemaphore
CreateSemaphoreW
LCMapStringW
CompareStringW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
VirtualQuery
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FormatMessageW
GetLastError
TlsAlloc
CloseHandle
LocalFree
WideCharToMultiByte
TlsFree
FormatMessageA
GetCurrentProcessId
RtlCaptureContext
GetCurrentProcess
GetCurrentThread
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
ReleaseMutex
ProcessIdToSessionId
Sleep
OpenMutexW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetVolumePathNameW
GetDriveTypeW
GetSystemDirectoryW
SetThreadExecutionState
VerSetConditionMask
VerifyVersionInfoW
SetLastError
GetStdHandle
WriteFile
GetEnvironmentVariableW
GetModuleHandleW
GetFileType
RtlVirtualUnwind
TlsSetValue
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
TlsGetValue
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
PostQueuedCompletionStatus
SetWaitableTimer
VerifyVersionInfoA
GetQueuedCompletionStatus
CreateEventW
SetEvent
TerminateThread
QueueUserAPC
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
CreateFileW
GetFileInformationByHandle
DeleteFileW
CopyFileW
ReadFile
GetFileSizeEx
DeviceIoControl
SetEndOfFile
GetOverlappedResult
SetFilePointerEx
CreateEventA
GetACP
CreateWaitableTimerA
CancelIo
GetModuleHandleA
GlobalMemoryStatusEx
lstrcmpW
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetUserDefaultLangID
GetVolumeInformationW
GetLongPathNameW
LocalAlloc
GetConsoleWindow
ExitProcess
InitializeCriticalSection
DisconnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GlobalFree
SetHandleInformation
CompareStringEx
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
SetFilePointer
WaitForSingleObjectEx
GetExitCodeProcess
GetLocalTime
GetSystemTime
GetNativeSystemInfo
CreateThread
GetSystemInfo
SwitchToThread
GetThreadPriority
SetThreadPriority
ResumeThread
QueryPerformanceFrequency
GetTickCount64
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
RegisterWaitForSingleObject
UnregisterWaitEx
CancelIoEx
ReadFileEx
PeekNamedPipe
WriteFileEx
GetModuleFileNameW
GetStartupInfoW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetVolumePathNamesForVolumeNameW
GetFullPathNameW
GetFileInformationByHandleEx
SetFileTime
SetErrorMode
GetLogicalDrives
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
MoveFileExW
FileTimeToSystemTime
FlushFileBuffers

ole32

CoCreateInstance
CoInitialize
OleFlushClipboard
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
OleUninitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
ReleaseStgMedium
CoUninitialize
DoDragDrop

shell32

SHGetKnownFolderPath
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetMalloc
ShellExecuteW
SHGetStockIconInfo
ord727
ord190
ord155
SHOpenFolderAndSelectItems
SHGetFileInfoW
CommandLineToArgvW
SHChangeNotify

winmm

timeKillEvent
timeSetEvent
PlaySoundW

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptGenRandom

Sections

.text
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
qbittorrent.pdb
qt.conf
translations/qt_fa.qm
translations/qt_gl.qm
translations/qt_lt.qm
translations/qt_pt.qm
translations/qt_sl.qm
translations/qt_sv.qm
translations/qt_zh_CN.qm
translations/qtbase_ar.qm
translations/qtbase_bg.qm
translations/qtbase_ca.qm
translations/qtbase_cs.qm
translations/qtbase_da.qm
translations/qtbase_de.qm
translations/qtbase_es.qm
translations/qtbase_fi.qm
translations/qtbase_fr.qm
translations/qtbase_gd.qm
translations/qtbase_he.qm
translations/qtbase_hu.qm
translations/qtbase_it.qm
translations/qtbase_ja.qm
translations/qtbase_ko.qm
translations/qtbase_lv.qm
translations/qtbase_pl.qm
translations/qtbase_ru.qm
translations/qtbase_sk.qm
translations/qtbase_tr.qm
translations/qtbase_uk.qm
translations/qtbase_zh_TW.qm

Sharing

General

Malware Config

Signatures

Files

483f0c4259a9148c34961abbda6146c1

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 81KB - Virtual size: 80KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 55KB - Virtual size: 55KB

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 35KB - Virtual size: 35KB

0cd94af3a016a5de4ab9a5a9a02d4173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 28B

.reloc Size: 512B - Virtual size: 196B

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 81KB - Virtual size: 80KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 55KB - Virtual size: 55KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 196B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 324B

.reloc
Size: 1024B - Virtual size: 546B