51b6c16447986057f25a79fb98205e50N

Sharing

Copy URL Twitter E-mail

General

Target

51b6c16447986057f25a79fb98205e50N
Size

3.9MB
MD5

51b6c16447986057f25a79fb98205e50
SHA1

043de88883ca3151db4676f930c41298a4cc4d4d
SHA256

aefa31c3275772c8c4e742a76169f24eb76e2bb8d1505719666cb0d218a9bc0c
SHA512

46059adac0a3968470eaa645e5ddafbcd77737689457efae0df356d7fc99561a88bf00a6f75a91ac3793c31bb06ed85582950e792f905a920ed7e28e85ff7904
SSDEEP

49152:yAF958OjmUc5legsE3trryuApr/NgDwfdPrKBpF5HZ9kvFYagq1V7kvE/mieVYyC:PLnACr/t6B9QP3+w8a0cD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51b6c16447986057f25a79fb98205e50N

Files

51b6c16447986057f25a79fb98205e50N
.exe windows:10 windows x64 arch:x64

28b1f9e02a0a3f838ab6e66de61c8b86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcrt

_cexit
ceil
ceilf
_XcptFilter
_amsg_exit
floor
floorf
__wgetmainargs
memcmp
sqrt
_exit
??1type_info@@UEAA@XZ
_onexit
_unlock
malloc
__setusermatherr
free
_lock
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memcpy
_initterm
realloc
_CxxThrowException
_get_errno
_set_errno
wcsncmp
localtime
mktime
difftime
bsearch
wcsncpy_s
wcscspn
_errno
pow
iswalnum
time
wcscpy_s
_set_error_mode
wcsstr
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
__C_specific_handler
_vsnwprintf_s
_wcmdln
_snwprintf_s
_fmode
__CxxFrameHandler3
_commode
memset
strncmp
__set_app_type
?terminate@@YAXXZ
__dllonexit
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
memmove
_vsnwprintf
exit
wcscmp

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
QueryInformationJobObject

api-ms-win-core-url-l1-1-0

UrlUnescapeW
HashData

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
DeactivateActCtx
ActivateActCtx
CreateActCtxW

ntdll

RtlInitString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwSetInformationProcess
ZwOpenFile
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlFreeUnicodeString
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlDosPathNameToNtPathName_U_WithStatus
swscanf_s
WinSqmAddToStreamEx
WinSqmIsOptedIn
WinSqmSetDWORD
RtlQueryResourcePolicy
NtSetThreadExecutionState
RtlNtStatusToDosErrorNoTeb
NtQueryInformationProcess
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlRunOnceExecuteOnce
RtlAppendUnicodeStringToString
NtSetInformationProcess
RtlCaptureContext
RtlAppendUnicodeToString
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeString
ZwQuerySystemInformation
RtlGetVersion
wcsspn
wcsrchr
wcstol
_wcsnicmp
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
wcschr
_itow_s
_wtoi
_wcsicmp
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
ZwQueryInformationProcess

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FindResourceExW
GetProcAddress
LoadStringW
FindStringOrdinal
LoadResource
GetModuleHandleExW
FreeLibrary
GetModuleHandleA
FreeLibraryAndExitThread
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
LockResource
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
InitializeCriticalSection
CreateMutexW
InitializeSRWLock
ResetEvent
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
CreateEventExW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
ReleaseSRWLockExclusive
SetEvent
SleepEx
TryEnterCriticalSection
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
LeaveCriticalSection
OpenMutexW
AcquireSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetErrorMode
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

WriteFile
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesW
CompareFileTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite
EventActivityIdControl
EventEnabled
EventWriteTransfer
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
CreateThreadpoolWork
CallbackMayRunLong
SetThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

OpenThread
GetProcessId
ResumeThread
GetPriorityClass
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
TlsSetValue
GetCurrentProcessId
TerminateThread
GetStartupInfoW
GetCurrentThreadId
ExitProcess
TlsGetValue
CreateProcessW
ProcessIdToSessionId
GetThreadPriority
SetThreadPriority
GetExitCodeProcess
CreateThread
SetProcessShutdownParameters
TlsFree
TerminateProcess
SetThreadPriorityBoost
TlsAlloc
QueueUserAPC
SetPriorityClass

api-ms-win-core-localization-l1-2-0

GetCalendarInfoW
GetLocaleInfoEx
GetUserDefaultLangID
GetThreadUILanguage
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
VariantClear
VariantInit

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
SetProcessReference
SHCreateThread
SHCreateThreadRef
SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoGetCallContext
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoFreeUnusedLibraries
CoGetStdMarshalEx
CoTaskMemRealloc
CoSetProxyBlanket
IIDFromString
CoCancelCall
CoTaskMemFree
CoInitializeSecurity
PropVariantClear
CoDisableCallCancellation
CoEnableCallCancellation
CoWaitForMultipleHandles
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoGetMalloc
CoTaskMemAlloc
CoGetApartmentType
StringFromIID
CoGetClassObject
CoCreateGuid

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount64
GetVersionExW
GetSystemTime
GetLocalTime

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-sysinfo-l1-1-0

IsOS
SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrStrIW
StrCmpW
StrCmpICW
QISearch
StrCmpNICW
StrChrIW
StrCmpNIW
StrCmpIW
StrToIntW
StrCmpICA
StrChrW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegDeleteTreeW
RegDeleteValueW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set
IUnknown_QueryService
IUnknown_SetSite

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathIsRelativeW
PathGetDriveNumberW
PathFindExtensionW
SHExpandEnvironmentStringsW
PathGetArgsW
PathIsFileSpecW
PathCommonPrefixW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
PathQuoteSpacesW
PathRemoveBlanksW
PathFindFileNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsSubstringWithSpecifiedLength

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHSetValueW
SHDeleteValueW
SHEnumKeyExW
SHGetValueW
SHRegGetValueW
SHQueryInfoKeyW

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
MakeAbsoluteSD
IsValidSid
GetTokenInformation
DuplicateToken
AddAce
CheckTokenMembership
InitializeAcl
DeleteAce
GetAce
GetAclInformation
EqualSid
CreateWellKnownSid

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchAddExtension
PathCchCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
VirtualAlloc
MapViewOfFile
VirtualProtect
UnmapViewOfFile

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
IStream_Write
SHOpenRegStream2W
IStream_Read
SHCreateMemStream
SHCreateStreamOnFileW
IStream_Reset

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
PowerDeterminePlatformRoleEx
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord635
SHPinDllOfCLSID
PathRemoveArgsW
ord479
ord478
SHIsChildOrSelf
ord481
ord544
ord24
ord165
ord197
AssocQueryStringW
StrRetToBufW
ord279
ShellMessageBoxW
ord509
SHCreateWorkerWindowW
StrRetToStrW
ord292
IUnknown_GetWindow

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
GetSystemMetrics

api-ms-win-ntuser-rectangle-l1-1-0

SetRect
OffsetRect
EqualRect
IntersectRect
SubtractRect
UnionRect
InflateRect
CopyRect
IsRectEmpty
PtInRect
SetRectEmpty

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent
NotifyWinEvent

api-ms-win-shell-namespace-l1-1-0

ILCloneFirst
SHCreateItemFromIDList
ILGetSize
SHGetNameFromIDList
SHBindToParent
ILIsParent
SHBindToObject
ILClone
SHGetIDListFromObject
SHCreateItemFromParsingName
ILFindLastID
ILIsEqual
ILRemoveLastID
ILCombine
SHBindToFolderIDListParent
ILFree
SHParseDisplayName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

EnableMouseInPointer
GetPointerDevices
GetPointerType
GetCurrentInputMessageSource
GetPointerInfo

api-ms-win-storage-exports-internal-l1-1-0

SetThreadFlags
GetThreadFlags
SHGetFolderPathEx
SHGetKnownFolderIDList

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand
CreateWindowInBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

InitVariantFromGUIDAsString
InitVariantFromResource
PropVariantToUInt32
PSCreateMemoryPropertyStore
PropVariantToStringAlloc
PSPropertyBag_WriteStr
PSPropertyBag_WriteDWORD

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
ParseApplicationUserModelId
GetStagedPackagePathByFullName

api-ms-onecoreuap-settingsync-status-l1-1-0

IsSettingSyncEnabled
IsRoamingEnabled

gdi32

SetViewportOrgEx
GetDeviceCaps
CreateRectRgn
SetRectRgn
GetViewportOrgEx
GetClipRgn
GetBkColor
CreateSolidBrush
GetOutlineTextMetricsW
Rectangle
OffsetRgn
CombineRgn
DeleteObject
GetObjectW
CreateDIBSection
DeleteDC
CreateCompatibleDC
SelectObject
GdiAlphaBlend
StretchDIBits
GetClipBox
CreateCompatibleBitmap
OffsetWindowOrgEx
BitBlt
SetBkMode
CreateBitmap
SetStretchBltMode
PatBlt
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
CreateFontIndirectW
GetStockObject
GetDIBits
SetBkColor
GetTextExtentPoint32W
CreateRectRgnIndirect
ExcludeClipRect
GetGlyphOutlineW
StretchBlt
GdiFlush
Polyline
CreatePen
GetCurrentObject
SelectClipRgn

kernel32

RegisterApplicationRestart
VerSetConditionMask
IsBadWritePtr

wininet

InternetCrackUrlW

shcore

SHUnicodeToAnsi
ord192
ord183
ord126
ord109
ord213
ord174
ord121
ord190
ord123
ord1
ord187
ord186
ord184
ord142
ord162
ord244
ord200

shell32

ord723
ord172
ord885
ord95
ord850
ord22
ord134
ord907
ord743
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
SHGetPropertyStoreForWindow
ord906
ord895
SHGetLocalizedName
SHEvaluateSystemCommandTemplate
ord764
ord866
ord181
ord244
ExtractIconExW
ord132
ord680
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord2
ord711
SHFileOperationW
ord4
SHGetPathFromIDListW
ord645
ord644
ord753
ord733
SHChangeNotifyRegisterThread
DragQueryFileW
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ShellExecuteW
ord190
ord85
ord100
ord137

shlwapi

ord164
PathIsDirectoryW
ord413
AssocCreate
ChrCmpIW
AssocQueryKeyW
ord467
ord163
ord548

uxtheme

IsAppThemed
DrawThemeTextEx
IsCompositionActive
ord118
ord86
ord122
ord120
ord98
ord121
ord104
ord106
DrawThemeBackground
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
BeginBufferedPaint
GetThemeBackgroundExtent
GetThemeBool
EndBufferedPaint
BufferedPaintUnInit
OpenThemeData
OpenThemeDataForDpi
GetWindowTheme
SetWindowTheme
GetThemeColor
GetThemePartSize
GetThemeMetric
GetThemeInt
GetThemeMargins
BufferedPaintSetAlpha
GetBufferedPaintBits
GetThemeFont
ord126
IsThemeActive

dwmapi

ord113
ord140
ord141
ord159
DwmQueryThumbnailSourceSize
DwmEnableBlurBehindWindow
ord124
DwmIsCompositionEnabled
DwmUpdateThumbnailProperties
DwmSetWindowAttribute
ord139
DwmUnregisterThumbnail
ord114
ord138
DwmGetWindowAttribute
DwmRegisterThumbnail

win32u

NtDCompositionGetFrameStatistics

user32

LoadMenuW
GetSubMenu
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
MonitorFromPoint
ReplyMessage
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
GhostWindowFromHungWindow
GetIconInfoExW
GetIconInfo
GetClassWord
GetClassLongW
GetPhysicalCursorPos
DrawTextExW
GetCursorInfo
ShowWindowAsync
InsertMenuW
BringWindowToTop
ord2573
SetThreadDesktop
EndTask
DeleteMenu
TrackPopupMenuEx
OpenInputDesktop
SetMenuDefaultItem
RemoveMenu
IsTopLevelWindow
GetMenuState
IsZoomed
SetScrollInfo
EnableMenuItem
GetScrollInfo
CheckMenuItem
LoadImageW
SetGestureConfig
SetWindowCompositionAttribute
GetDpiForWindow
AdjustWindowRect
SetScrollPos
GetMenuStringW
InternalGetWindowText
DrawTextW
GetDoubleClickTime
IsProcessDPIAware
SetThreadDpiAwarenessContext
GetWindowCompositionAttribute
GetWindowProcessHandle
ReleaseCapture
GetClassLongPtrW
UpdateLayeredWindow
GetCapture
SetCapture
GetLastInputInfo
ord2005
GetSystemMetricsForDpi
UnregisterClassW
DrawIconEx
DestroyIcon
ord2522
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
CopyImage
IsCharAlphaNumericW
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
GetLayeredWindowAttributes
InjectMouseInput
FillRect
AdjustWindowRectEx
GetDC
ReleaseDC
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
GetThreadDesktop
GetUserObjectInformationW
CloseDesktop
LockWorkStation
TileWindows
CascadeWindows
LoadCursorW
SetWindowPlacement
SetCursor
SetMenuItemInfoW
DefWindowProcA
HungWindowFromGhostWindow
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
CopyIcon
TranslateAcceleratorW
ord2611
MonitorFromRect
GetWindowPlacement
GetGuiResources
IsHungAppWindow
LoadIconW
TrackMouseEvent
ord2574
SwitchToThisWindow
GetLastActivePopup
IsIconic
UnregisterHotKey
GetProcessWindowStation
UnregisterClassA
GetKeyState
RegisterHotKey
SetLayeredWindowAttributes
MonitorFromWindow
SendDlgItemMessageW
EndDialog
ExitWindowsEx
CalculatePopupWindowPosition

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
I_RpcExceptionFilter
NdrClientCall3
RpcBindingFromStringBindingW
UuidFromStringW
RpcBindingFree
RpcStringBindingComposeW

api-ms-win-core-biptcltapi-l1-1-6

BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory
BiPtQueryWorkItem
BiPtAssociateApplicationEntryPoint

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
GetIdentityProviderInfoByGUID
ReleaseIdentityProviderEnumContext
EnumerateIdentityProviders

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28b1f9e02a0a3f838ab6e66de61c8b86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

twinapi

api-ms-win-core-job-l2-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-com-l1-1-1

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-shcore-registry-l1-1-1

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-errorhandling-l1-1-2

.text
Size: 2.0MB - Virtual size: 2.0MB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 604KB - Virtual size: 604KB

.data
Size: 6KB - Virtual size: 20KB

.pdata
Size: 101KB - Virtual size: 100KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 19KB - Virtual size: 18KB