ahq-store-app[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ahq-store-app.exe
Size

15.1MB
MD5

10d1150c5f560340d61e8819b57d0aec
SHA1

9b64bb82c87458aa697da99cadb426120a053478
SHA256

b00a49355abf0c6a701d72c2bbd6fe55e9c45bdbcf983be27bb1f0ac580dc3fc
SHA512

3eedfce51951809ce551cbf15349a68906ab528bca61e4e1e9e279ff093d8eee449c130211d244108c8de7564f8d8de2d64f00b0f5911f25aa8a70f7f821b1c3
SSDEEP

196608:ubW2jpEwgKstRpViJp7cKE/WEumBp05JYzlFip9bNvH5Cy2dSe8eOqpgG/U4I7:u2tRpViJpx9gkYzlFiRPUy/evCG/TQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ahq-store-app.exe

Files

ahq-store-app.exe
.exe windows:6 windows x64 arch:x64

8ba6832f9f90a566fcff579304ae3ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ahq_store_app.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetProcAddress
LoadLibraryA
WriteFile
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
lstrlenW
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CreateIoCompletionPort
SetNamedPipeHandleState
CreateFileW
GetSystemTimePreciseAsFileTime
SetLastError
GetExitCodeProcess
WaitForSingleObject
CopyFileExW
SetFilePointerEx
LoadLibraryW
CancelIoEx
FindFirstFileW
Sleep
GetModuleHandleA
FindClose
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
CreateMutexW
SleepConditionVariableSRW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcessId
RtlUnwindEx
ReleaseMutex
FindNextFileW
RtlPcToFileHeader
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
SetHandleInformation
TlsGetValue
GetModuleHandleW
GetStdHandle
GetConsoleMode
LoadLibraryExW
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
GetCurrentProcess
CreateMutexA
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetCurrentThreadId
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
TlsSetValue
MoveFileExW
CloseHandle
OutputDebugStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ExitProcess
WaitForMultipleObjects
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
DeleteFileW
RemoveDirectoryW
SetEnvironmentVariableW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
GetLastError
FreeLibrary
LoadLibraryExA
GetSystemInfo
DeviceIoControl
SwitchToThread
HeapFree
SetFileCompletionNotificationModes
TlsFree

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute

ntdll

RtlNtStatusToDosError
RtlGetVersion
NtReadFile
NtCreateFile
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx

user32

CloseTouchInputHandle
ScreenToClient
CreateIcon
FindWindowExW
GetParent
DestroyIcon
SetWindowRgn
AdjustWindowRectEx
GetActiveWindow
CreateWindowExW
SetWindowLongPtrW
GetMenu
KillTimer
SetTimer
GetClipCursor
RegisterClassW
MonitorFromRect
SetWindowDisplayAffinity
GetMessageA
DispatchMessageA
GetWindowLongW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
EnumChildWindows
GetTouchInputInfo
RegisterWindowMessageA
SetWindowTextW
SetParent
ToUnicodeEx
GetMessageW
MonitorFromPoint
GetKeyboardLayout
AdjustWindowRect
MapVirtualKeyExW
GetKeyboardState
RedrawWindow
SystemParametersInfoW
GetClientRect
ReleaseCapture
PostMessageW
TrackMouseEvent
GetKeyState
GetAsyncKeyState
SetWindowLongW
RegisterRawInputDevices
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
PostThreadMessageW
SetCursorPos
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
FlashWindowEx
GetSystemMetrics
ClipCursor
TranslateMessage
RegisterTouchWindow
IsWindow
DispatchMessageW
IsIconic
GetSystemMenu
IsProcessDPIAware
MonitorFromWindow
TrackPopupMenu
SetForegroundWindow
ClientToScreen
GetCursorPos
EnableMenuItem
CreatePopupMenu
CreateMenu
DrawIconEx
GetDC
AppendMenuW
InsertMenuW
DrawTextW
ReleaseDC
GetWindowDC
OffsetRect
GetWindowRect
MapWindowPoints
GetMenuBarInfo
FillRect
SendInput
CheckMenuItem
SystemParametersInfoA
PostQuitMessage
ShowWindow
DrawMenuBar
SetMenu
RemoveMenu
CreateAcceleratorTableW
DestroyAcceleratorTable
DestroyMenu
PeekMessageW
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
SetPropW
MsgWaitForMultipleObjectsEx
GetRawInputData
ValidateRect
GetWindowPlacement
IsWindowVisible
GetUpdateRect
TranslateAcceleratorW
ShowCursor
SetMenuItemInfoW
EnumDisplayMonitors
RegisterClassExW
SendMessageW
FindWindowW
GetMenuItemInfoW
MapVirtualKeyW

comctl32

TaskDialogIndirect
RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

oleaut32

GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

shell32

DragQueryFileW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
DragFinish
Shell_NotifyIconW
SHAppBarMessage

ole32

RegisterDragDrop
CoIncrementMTAUsage
CoCreateInstance
RevokeDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
EventWriteTransfer
RegGetValueW
SystemFunction036
EventSetInformation
EventRegister
RegCloseKey
EventUnregister
RegQueryValueExW

ws2_32

WSAGetLastError
getsockname
WSAIoctl
closesocket
recv
WSASocketW
ioctlsocket
send
connect
getpeername
bind
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
shutdown
WSASend
getsockopt

gdi32

CreateCompatibleDC
BitBlt
SelectObject
DeleteDC
GetDeviceCaps
CreateDIBSection
SetTextColor
CombineRgn
CreateSolidBrush
DeleteObject
SetBkMode
CreateRectRgn

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

crypt32

CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertOpenStore

secur32

QueryContextAttributesW
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA

shlwapi

SHCreateMemStream

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
wcscmp
strcpy_s
strlen
wcsncmp

api-ms-win-crt-math-l1-1-0

floor
__setusermatherr
trunc
pow
round
fmod
roundf
ceil

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

terminate
_exit
_crt_atexit
exit
_initterm_e
_register_onexit_function
abort
_initialize_onexit_table
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_c_exit
_cexit
__p___argc
__p___argv
_seh_filter_exe
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
_callnewh

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ba6832f9f90a566fcff579304ae3ded

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

dwmapi

ntdll

user32

comctl32

oleaut32

shell32

ole32

bcrypt

advapi32

ws2_32

gdi32

api-ms-win-core-winrt-l1-1-0

crypt32

secur32

shlwapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 10.4MB - Virtual size: 10.4MB

.data Size: 2KB - Virtual size: 13KB

.pdata Size: 93KB - Virtual size: 92KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 10.4MB - Virtual size: 10.4MB

.data
Size: 2KB - Virtual size: 13KB

.pdata
Size: 93KB - Virtual size: 92KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 36KB - Virtual size: 36KB