xJOQkftpyTWF (1)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

xJOQkftpyTWF (1).exe
Size

3.2MB
MD5

405901657d6a07a7406eed781f498a53
SHA1

c2e2de8fa3c0d8a1da3d6ab29d681fb87ade09c1
SHA256

466714432d1acc61e224fc28a605f3d52893fe97898f85c720d374e94e084460
SHA512

035f2c3a820e70a905cb862e798cd3fea64efaf572a9dd3a64f1208b7c2a263d725b9a8c638ea93d92950de33f55eaf95fbeffaec9f8416e014c075f2d55789a
SSDEEP

49152:aB4C8Q34SKJpA4GPXftnwICPwSAhCRLqPyU0jRK2U:mhpxPXFxD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xJOQkftpyTWF (1).exe

Files

xJOQkftpyTWF (1).exe
.exe windows:6 windows x64 arch:x64

fb3bf4e3ed2719b3161e1b8bd6c87507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\wgh\Desktop\Test\#1 Temp FiveM Imgui\x64\Release\Test.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

d3dcompiler_43

D3DCompile

gdi32

CreateRoundRectRgn
BitBlt
CreateSolidBrush
LineTo
TextOutW
SetTextColor
StretchBlt
SetBkColor
SelectObject
RoundRect
PatBlt

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
_Query_perf_counter
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?rdstate@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Query_perf_frequency
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

user32

SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
SetWindowRgn
IsWindowUnicode
DispatchMessageW
ReleaseCapture
SetCapture
GetCapture
PeekMessageW
PostMessageW
DefWindowProcW
GetKeyState
TrackMouseEvent
GetDC
GetClientRect
EmptyClipboard
GetForegroundWindow
PostQuitMessage
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
MoveWindow
GetSystemMetrics
UpdateWindow
GetWindowRect
MessageBoxA
FindWindowW
GetWindowDC
GetDesktopWindow
TranslateMessage

kernel32

GetFileInformationByHandleEx
MoveFileExW
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
GetTickCount
SetLastError
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
CreateFileA
GlobalGetAtomNameW
GetBinaryTypeW
ResetWriteWatch
GetWriteWatch
HeapQueryInformation
IsDebuggerPresent
GetEnvironmentVariableW
CreateEventW
SetEvent
OutputDebugStringW
GetSystemInfo
CheckRemoteDebuggerPresent
VirtualQuery
VirtualFree
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
LocalFree
K32GetModuleInformation
K32EnumProcessModules
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetThreadExecutionState
GetModuleFileNameW
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
CreateDirectoryW
DeleteFileW
Beep
CloseHandle
WaitForSingleObject
Sleep
CreateProcessW
GetModuleFileNameA
GetModuleHandleW
CreateFileW
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateThread
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
QueryFullProcessImageNameW
GetCurrentProcessId
TerminateProcess
GetCurrentThread
OpenProcess
VirtualAlloc
ReadProcessMemory
WriteProcessMemory

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow

shell32

ShellExecuteA
ShellExecuteW

winmm

mciSendStringW

advapi32

OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
GetUserNameA
SetSecurityInfo
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord200
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord22
ord301

crypt32

CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertEnumCertificatesInStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
PFXImportCertStore

ws2_32

WSAStartup
WSACleanup
closesocket
recv
send
listen
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htonl
ioctlsocket
htons
ntohs
setsockopt
__WSAFDIsSet
select
WSAIoctl
WSASetLastError
accept
socket

shlwapi

PathFileExistsW

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

winhttp

WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle

ntdll

RtlAdjustPrivilege
NtRaiseHardError

userenv

UnloadUserProfile

iphlpapi

GetAdaptersInfo

vcruntime140

__intrinsic_setjmp
__current_exception_context
longjmp
memcpy
memset
__std_terminate
__current_exception
strrchr
__C_specific_handler
memcmp
strchr
memmove
memchr
strstr
_CxxThrowException
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_getpid
strerror
__sys_nerr
_c_exit
_initterm_e
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo
_register_onexit_function
_crt_atexit
_cexit
exit
_register_thread_local_exe_atexit_callback
_errno
_seh_filter_exe
_set_app_type
abort
_invalid_parameter_noinfo_noreturn
_exit
_get_narrow_winmain_command_line
system
_beginthreadex
_resetstkoflw
terminate
_initterm

api-ms-win-crt-string-l1-1-0

strcmp
strpbrk
tolower
strncmp
wcslen
wcscmp
strncpy
strcspn
strspn
isupper
_strdup

api-ms-win-crt-stdio-l1-1-0

_fseeki64
_write
setvbuf
ungetc
_read
__stdio_common_vsscanf
fputc
fgetpos
__stdio_common_vfprintf
__acrt_iob_func
_wfopen
fgetc
_get_stream_buffer_pointers
_close
_open
__p__commode
fgets
_pclose
_popen
fopen
fclose
fwrite
_lseeki64
ftell
fflush
fread
fseek
fsetpos
_set_fmode
feof
fputs
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
realloc
free
calloc

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-math-l1-1-0

_dclass
_hypotf
__setusermatherr
ceilf
acosf
sinf
floorf
cosf
_dsign
sqrtf
fmodf

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
atoi
strtol
strtoul
strtod

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
remove
_lock_file
_unlock_file
_fstat64
_access

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64_s
strftime
_time64

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb3bf4e3ed2719b3161e1b8bd6c87507

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dx11_43

d3dcompiler_43

gdi32

dwmapi

msvcp140

user32

kernel32

imm32

shell32

winmm

advapi32

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

winhttp

ntdll

userenv

iphlpapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 321KB - Virtual size: 320KB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 56KB - Virtual size: 56KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 321KB - Virtual size: 320KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 56KB - Virtual size: 56KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 5KB