login.exe

First submission 2024-10-16 22:47:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	896.5 KB (918016 bytes)
Compile time:	2024-10-16 12:48:58
MD5:	0538d8a54c0f7b2af395ff7322714d0b
SHA1:	f68fc3b6f4002a3ea3ad783ba3916adbb3b11bfe
SHA256:	b343223941d4b7a3ceef992db2f5495e5ee701122071619e7f85ffd1d0e88efc
Import Hash :	948cc502fe9226992dce9417f952fce3
Sections 5	.text .rdata .data .rsrc .reloc
Directories 5	import resource debug tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	13/77 VT report date: 2024-10-16 22:13:46
Malware Type 1	trojan
Threat Type 1	autoit

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://185.215.113.103/test/login.exe	185.215.113.103	2024-10-16 22:47:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x9ab1d	633856	25c1457c129ee77c0aaf98beb58f3526677687d4	0a1473f3064dcbc32ef93c5c8a90f3a6
.rdata	0x9c000	0x2fb82	195584	dd2c684a16b3f370a7c66588627005befd670b80	c9cf2468b60bf4f80f136ed54b3989fb
.data	0xcc000	0x706c	18432	b958d08b90b56aff3f2e0d6daf36b91c8f31ca4c	53b9025d545d65e23295e30afdbd16d9
.rsrc	0xd4000	0x9768	38912	c9eddd05274dd99a041b514a238ec93ceb14deaa	5269980a3a47f8082fb140bcf2d9add6
.reloc	0xde000	0x7594	30208	359f6b9001cbad77104e5ed741f6d8024a1e6ffd	c68ee8931a32d45eb82dc450ee40efc3

PE Resources 7

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xda038	1128
RT_MENU	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xda4a0	80
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xdc660	344
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xdc7b8	2608	PE Resource: RT_RCDATA - Data HKlJLS H}AU3!EA06Ms$<zgkCR:!).@Fk;!u:=3daMbltjxI8vrTtxH!)98O ,XOg;Mm=AFPWWY$cFKxif3H2)<9m&4Rp E K'FhkCR%x}qU-(%V?phf@#{'lv)~KdC`:c!)A&!0~}hw14h%!4AV+},{{sxKVE`[r$,PMyn2tW1b^Uom'4wx5 lslu!\r~<z)hG},?:WF=g53:'teqDVp((d&gmt\ ^.gfXc{Q@zU`J% ;q;">J\y5ZJXnJ]%3?OZF_h#ZmY-R>l>G0Rz5>q`lE .a-s_v^p\|C->M>5p3bUk;5Ulx`NCEq]f8'e]7D/]P dOO~S'%%# Kzdvp}wwVb1xXB!e2[]gteK4 AmAZ ?kb+ZhkoIHMsKa8(Fq('}u&> Tm)0{QH\|b{ e<MhyvdBqFj},H2 8UDe+"Hl^8Gq\,(oK'dz;rD2q7Ck]# R"O $TB"m;;CGT?:"Fv,c)\i[c/XAvZZ@D1g,x9tOVtQ~-^`>tG+h=#='NL2BKe~by7PG_h w* !f`Z46pG6?#: e :%?N`qLer\6nPzpMDw1Q)rbF#PRJB6 Yur5j?swZ\|vn6yA&u@<gpZTQoNc/Sp::I-Qy U'!"%f(`U$Ac8 &8ZFtf~^0,Y~]Cm=a#\|F8)mB:T b39own<;PK)k9e@BSa5!]_%B-C~i)Wy"Peb)tRzbvd:GI[[,fXhrikmQHe5:@$DroEh>m5,A!_{:jQ@]eZg5h6ER_eX]NhQgA"+/#Q8sa[[QAWz#dAWs$q]!\|Xf8IT\|[5m_':5Uh]'8@!&l EmQ\|faPf,>.{k.Uro%) ztI #?p6{of G7rOgW[BM51{)t9k.>K1W~-L# U'1rd^k1+7q%zlxq1ORY2$*Q1;wY_,tl82+8H XO9dvp(K` \NJ%8Crz`+zJi$1"ShxNF5<`@IssAr5qStd-C8<Ip&Y8LUn$9 Ld}6L}9S1 {DHr ~,TgX?qC\|K<?rAU3!EA06
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xdd288	20
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xdd29c	220
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_UK	0xdd378	1007	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="" processorArchitecture="" publicKeyToken="6595b64144ccf1df"/> </dependentAssembly> </dependency> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> </application> </compatibility> </assembly>

Meta infos 1

Translation:	0x0809 0x04b0

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 12

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
KERNEL32.dll
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
UxTheme.dll
SHELL32.dll
WININET.dll
OLEAUT32.dll
USER32.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
MPR.dll
WINMM.dll
IPHLPAPI.DLL
GDI32.dll
WSOCK32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Import functions

MPR.dll 4 COMDLG32.dll 2 VERSION.dll 3 OLEAUT32.dll 29 WINMM.dll 3 WININET.dll 14 GDI32.dll 35 SHELL32.dll 15 KERNEL32.dll 168 UxTheme.dll 1 WSOCK32.dll 23 IPHLPAPI.DLL 3 ADVAPI32.dll 33 PSAPI.DLL 1 USERENV.dll 4 ole32.dll 22 USER32.dll 160 COMCTL32.dll 11

Function	Address	Souspicious	Anti Debug
WNetGetConnectionW	0x49c408
WNetCancelConnection2W	0x49c40c
WNetUseConnectionW	0x49c410
WNetAddConnection2W	0x49c414

Function	Address	Souspicious	Anti Debug
GetSaveFileNameW	0x49c0b8
GetOpenFileNameW	0x49c0bc

Function	Address	Souspicious	Anti Debug
GetFileVersionInfoW	0x49c77c
VerQueryValueW	0x49c780
GetFileVersionInfoSizeW	0x49c784

Function	Address	Souspicious	Anti Debug
CreateStdDispatch	0x49c41c
CreateDispTypeInfo	0x49c420
UnRegisterTypeLib	0x49c424
UnRegisterTypeLibForUser	0x49c428
RegisterTypeLibForUser	0x49c42c
RegisterTypeLib	0x49c430
LoadTypeLibEx	0x49c434
VariantCopyInd	0x49c438
SysReAllocString	0x49c43c
SysFreeString	0x49c440
VariantChangeType	0x49c444
SafeArrayDestroyData	0x49c448
SafeArrayUnaccessData	0x49c44c
SafeArrayAccessData	0x49c450
SafeArrayAllocData	0x49c454
SafeArrayAllocDescriptorEx	0x49c458
SafeArrayCreateVector	0x49c45c
SysStringLen	0x49c460
QueryPathOfRegTypeLib	0x49c464
SysAllocString	0x49c468
VariantInit	0x49c46c
VariantClear	0x49c470
DispCallFunc	0x49c474
VariantTimeToSystemTime	0x49c478
VarR8FromDec	0x49c47c
SafeArrayGetVartype	0x49c480
SafeArrayDestroyDescriptor	0x49c484
VariantCopy	0x49c488
OleLoadPicture	0x49c48c

Function	Address	Souspicious	Anti Debug
timeGetTime	0x49c7c8
waveOutSetVolume	0x49c7cc
mciSendStringW	0x49c7d0

Function	Address	Souspicious	Anti Debug
HttpOpenRequestW	0x49c78c
InternetCloseHandle	0x49c790
InternetOpenW	0x49c794
InternetSetOptionW	0x49c798
InternetCrackUrlW	0x49c79c
HttpQueryInfoW	0x49c7a0
InternetQueryOptionW	0x49c7a4
InternetConnectW	0x49c7a8
HttpSendRequestW	0x49c7ac
FtpOpenFileW	0x49c7b0
FtpGetFileSize	0x49c7b4
InternetOpenUrlW	0x49c7b8
InternetReadFile	0x49c7bc
InternetQueryDataAvailable	0x49c7c0

Function	Address	Souspicious	Anti Debug
EndPath	0x49c0c4
DeleteObject	0x49c0c8
GetTextExtentPoint32W	0x49c0cc
ExtCreatePen	0x49c0d0
StrokeAndFillPath	0x49c0d4
GetDeviceCaps	0x49c0d8
SetPixel	0x49c0dc
CloseFigure	0x49c0e0
LineTo	0x49c0e4
AngleArc	0x49c0e8
MoveToEx	0x49c0ec
Ellipse	0x49c0f0
CreateCompatibleBitmap	0x49c0f4
CreateCompatibleDC	0x49c0f8
PolyDraw	0x49c0fc
BeginPath	0x49c100
Rectangle	0x49c104
SetViewportOrgEx	0x49c108
GetObjectW	0x49c10c
SetBkMode	0x49c110
RoundRect	0x49c114
SetBkColor	0x49c118
CreatePen	0x49c11c
SelectObject	0x49c120
StretchBlt	0x49c124
CreateSolidBrush	0x49c128
SetTextColor	0x49c12c
CreateFontW	0x49c130
GetTextFaceW	0x49c134
GetStockObject	0x49c138
CreateDCW	0x49c13c
GetPixel	0x49c140
DeleteDC	0x49c144
GetDIBits	0x49c148
StrokePath	0x49c14c

Function	Address	Souspicious	Anti Debug
DragFinish	0x49c49c
DragQueryPoint	0x49c4a0
ShellExecuteExW	0x49c4a4
DragQueryFileW	0x49c4a8
SHEmptyRecycleBinW	0x49c4ac
SHGetPathFromIDListW	0x49c4b0
SHBrowseForFolderW	0x49c4b4
SHCreateShellItem	0x49c4b8
SHGetDesktopFolder	0x49c4bc
SHGetSpecialFolderLocation	0x49c4c0
SHGetFolderPathW	0x49c4c4
SHFileOperationW	0x49c4c8
ExtractIconExW	0x49c4cc
Shell_NotifyIconW	0x49c4d0
ShellExecuteW	0x49c4d4

Function	Address	Souspicious	Anti Debug
DuplicateHandle	0x49c164
CreateThread	0x49c168
WaitForSingleObject	0x49c16c
HeapAlloc	0x49c170
GetProcessHeap	0x49c174
HeapFree	0x49c178
Sleep	0x49c17c
GetCurrentThreadId	0x49c180
MultiByteToWideChar	0x49c184
MulDiv	0x49c188
GetVersionExW	0x49c18c
IsWow64Process	0x49c190
GetSystemInfo	0x49c194
FreeLibrary	0x49c198
LoadLibraryA	0x49c19c
GetProcAddress	0x49c1a0
SetErrorMode	0x49c1a4
GetModuleFileNameW	0x49c1a8
WideCharToMultiByte	0x49c1ac
lstrcpyW	0x49c1b0
lstrlenW	0x49c1b4
GetModuleHandleW	0x49c1b8
QueryPerformanceCounter	0x49c1bc
VirtualFreeEx	0x49c1c0
OpenProcess	0x49c1c4
VirtualAllocEx	0x49c1c8
WriteProcessMemory	0x49c1cc
ReadProcessMemory	0x49c1d0
CreateFileW	0x49c1d4
SetFilePointerEx	0x49c1d8
SetEndOfFile	0x49c1dc
ReadFile	0x49c1e0
WriteFile	0x49c1e4
FlushFileBuffers	0x49c1e8
TerminateProcess	0x49c1ec
CreateToolhelp32Snapshot	0x49c1f0
Process32FirstW	0x49c1f4
Process32NextW	0x49c1f8
SetFileTime	0x49c1fc
GetFileAttributesW	0x49c200
FindFirstFileW	0x49c204
FindClose	0x49c208
GetLongPathNameW	0x49c20c
GetShortPathNameW	0x49c210
DeleteFileW	0x49c214
IsDebuggerPresent	0x49c218
CopyFileExW	0x49c21c
MoveFileW	0x49c220
CreateDirectoryW	0x49c224
RemoveDirectoryW	0x49c228
SetSystemPowerState	0x49c22c
QueryPerformanceFrequency	0x49c230
LoadResource	0x49c234
LockResource	0x49c238
SizeofResource	0x49c23c
OutputDebugStringW	0x49c240
GetTempPathW	0x49c244
GetTempFileNameW	0x49c248
DeviceIoControl	0x49c24c
LoadLibraryW	0x49c250
GetLocalTime	0x49c254
CompareStringW	0x49c258
GetCurrentThread	0x49c25c
EnterCriticalSection	0x49c260
LeaveCriticalSection	0x49c264
GetStdHandle	0x49c268
CreatePipe	0x49c26c
InterlockedExchange	0x49c270
TerminateThread	0x49c274
LoadLibraryExW	0x49c278
FindResourceExW	0x49c27c
CopyFileW	0x49c280
VirtualFree	0x49c284
FormatMessageW	0x49c288
GetExitCodeProcess	0x49c28c
GetPrivateProfileStringW	0x49c290
WritePrivateProfileStringW	0x49c294
GetPrivateProfileSectionW	0x49c298
WritePrivateProfileSectionW	0x49c29c
GetPrivateProfileSectionNamesW	0x49c2a0
FileTimeToLocalFileTime	0x49c2a4
FileTimeToSystemTime	0x49c2a8
SystemTimeToFileTime	0x49c2ac
LocalFileTimeToFileTime	0x49c2b0
GetDriveTypeW	0x49c2b4
GetDiskFreeSpaceExW	0x49c2b8
GetDiskFreeSpaceW	0x49c2bc
GetVolumeInformationW	0x49c2c0
SetVolumeLabelW	0x49c2c4
CreateHardLinkW	0x49c2c8
SetFileAttributesW	0x49c2cc
CreateEventW	0x49c2d0
SetEvent	0x49c2d4
GetEnvironmentVariableW	0x49c2d8
SetEnvironmentVariableW	0x49c2dc
GlobalLock	0x49c2e0
GlobalUnlock	0x49c2e4
GlobalAlloc	0x49c2e8
GetFileSize	0x49c2ec
GlobalFree	0x49c2f0
GlobalMemoryStatusEx	0x49c2f4
Beep	0x49c2f8
GetSystemDirectoryW	0x49c2fc
HeapReAlloc	0x49c300
HeapSize	0x49c304
GetComputerNameW	0x49c308
GetWindowsDirectoryW	0x49c30c
GetCurrentProcessId	0x49c310
GetProcessIoCounters	0x49c314
CreateProcessW	0x49c318
GetProcessId	0x49c31c
SetPriorityClass	0x49c320
VirtualAlloc	0x49c324
GetCurrentDirectoryW	0x49c328
lstrcmpiW	0x49c32c
DecodePointer	0x49c330
GetLastError	0x49c334
RaiseException	0x49c338
InitializeCriticalSectionAndSpinCount	0x49c33c
DeleteCriticalSection	0x49c340
InterlockedDecrement	0x49c344
InterlockedIncrement	0x49c348
ResetEvent	0x49c34c
WaitForSingleObjectEx	0x49c350
IsProcessorFeaturePresent	0x49c354
UnhandledExceptionFilter	0x49c358
SetUnhandledExceptionFilter	0x49c35c
GetCurrentProcess	0x49c360
CloseHandle	0x49c364
GetFullPathNameW	0x49c368
GetStartupInfoW	0x49c36c
GetSystemTimeAsFileTime	0x49c370
InitializeSListHead	0x49c374
RtlUnwind	0x49c378
SetLastError	0x49c37c
TlsAlloc	0x49c380
TlsGetValue	0x49c384
TlsSetValue	0x49c388
TlsFree	0x49c38c
EncodePointer	0x49c390
ExitProcess	0x49c394
GetModuleHandleExW	0x49c398
ExitThread	0x49c39c
ResumeThread	0x49c3a0
FreeLibraryAndExitThread	0x49c3a4
GetACP	0x49c3a8
GetDateFormatW	0x49c3ac
GetTimeFormatW	0x49c3b0
LCMapStringW	0x49c3b4
GetStringTypeW	0x49c3b8
GetFileType	0x49c3bc
SetStdHandle	0x49c3c0
GetConsoleCP	0x49c3c4
GetConsoleMode	0x49c3c8
ReadConsoleW	0x49c3cc
GetTimeZoneInformation	0x49c3d0
FindFirstFileExW	0x49c3d4
IsValidCodePage	0x49c3d8
GetOEMCP	0x49c3dc
GetCPInfo	0x49c3e0
GetCommandLineA	0x49c3e4
GetCommandLineW	0x49c3e8
GetEnvironmentStringsW	0x49c3ec
FreeEnvironmentStringsW	0x49c3f0
SetEnvironmentVariableA	0x49c3f4
SetCurrentDirectoryW	0x49c3f8
FindNextFileW	0x49c3fc
WriteConsoleW	0x49c400

Function	Address	Souspicious	Anti Debug
IsThemeActive	0x49c774

Function	Address	Souspicious	Anti Debug
gethostbyname	0x49c7d8
recv	0x49c7dc
send	0x49c7e0
socket	0x49c7e4
inet_ntoa	0x49c7e8
setsockopt	0x49c7ec
ntohs	0x49c7f0
WSACleanup	0x49c7f4
WSAStartup	0x49c7f8
sendto	0x49c7fc
htons	0x49c800
__WSAFDIsSet	0x49c804
select	0x49c808
accept	0x49c80c
listen	0x49c810
bind	0x49c814
inet_addr	0x49c818
ioctlsocket	0x49c81c
recvfrom	0x49c820
WSAGetLastError	0x49c824
closesocket	0x49c828
gethostname	0x49c82c
connect	0x49c830

Function	Address	Souspicious	Anti Debug
IcmpSendEcho	0x49c154
IcmpCloseHandle	0x49c158
IcmpCreateFile	0x49c15c

Function	Address	Souspicious	Anti Debug
GetAce	0x49c000
RegEnumValueW	0x49c004
RegDeleteValueW	0x49c008
RegDeleteKeyW	0x49c00c
RegEnumKeyExW	0x49c010
RegSetValueExW	0x49c014
RegOpenKeyExW	0x49c018
RegCloseKey	0x49c01c
RegQueryValueExW	0x49c020
RegConnectRegistryW	0x49c024
InitializeSecurityDescriptor	0x49c028
InitializeAcl	0x49c02c
AdjustTokenPrivileges	0x49c030
OpenThreadToken	0x49c034
OpenProcessToken	0x49c038
LookupPrivilegeValueW	0x49c03c
DuplicateTokenEx	0x49c040
CreateProcessAsUserW	0x49c044
CreateProcessWithLogonW	0x49c048
GetLengthSid	0x49c04c
CopySid	0x49c050
LogonUserW	0x49c054
AllocateAndInitializeSid	0x49c058
CheckTokenMembership	0x49c05c
FreeSid	0x49c060
GetTokenInformation	0x49c064
RegCreateKeyExW	0x49c068
GetSecurityDescriptorDacl	0x49c06c
GetAclInformation	0x49c070
GetUserNameW	0x49c074
AddAce	0x49c078
SetSecurityDescriptorDacl	0x49c07c
InitiateSystemShutdownExW	0x49c080

Function	Address	Souspicious	Anti Debug
GetProcessMemoryInfo	0x49c494

Function	Address	Souspicious	Anti Debug
DestroyEnvironmentBlock	0x49c760
LoadUserProfileW	0x49c764
CreateEnvironmentBlock	0x49c768
UnloadUserProfile	0x49c76c

Function	Address	Souspicious	Anti Debug
CoTaskMemAlloc	0x49c838
CoTaskMemFree	0x49c83c
CLSIDFromString	0x49c840
ProgIDFromCLSID	0x49c844
CLSIDFromProgID	0x49c848
OleSetMenuDescriptor	0x49c84c
MkParseDisplayName	0x49c850
OleSetContainedObject	0x49c854
CoCreateInstance	0x49c858
IIDFromString	0x49c85c
StringFromGUID2	0x49c860
CreateStreamOnHGlobal	0x49c864
OleInitialize	0x49c868
OleUninitialize	0x49c86c
CoInitialize	0x49c870
CoUninitialize	0x49c874
GetRunningObjectTable	0x49c878
CoGetInstanceFromFile	0x49c87c
CoGetObject	0x49c880
CoInitializeSecurity	0x49c884
CoCreateInstanceEx	0x49c888
CoSetProxyBlanket	0x49c88c

Function	Address	Souspicious	Anti Debug
GetKeyboardLayoutNameW	0x49c4dc
IsCharAlphaW	0x49c4e0
IsCharAlphaNumericW	0x49c4e4
IsCharLowerW	0x49c4e8
IsCharUpperW	0x49c4ec
GetMenuStringW	0x49c4f0
GetSubMenu	0x49c4f4
GetCaretPos	0x49c4f8
IsZoomed	0x49c4fc
GetMonitorInfoW	0x49c500
SetWindowLongW	0x49c504
SetLayeredWindowAttributes	0x49c508
FlashWindow	0x49c50c
GetClassLongW	0x49c510
TranslateAcceleratorW	0x49c514
IsDialogMessageW	0x49c518
GetSysColor	0x49c51c
InflateRect	0x49c520
DrawFocusRect	0x49c524
DrawTextW	0x49c528
FrameRect	0x49c52c
DrawFrameControl	0x49c530
FillRect	0x49c534
PtInRect	0x49c538
DestroyAcceleratorTable	0x49c53c
CreateAcceleratorTableW	0x49c540
SetCursor	0x49c544
GetWindowDC	0x49c548
GetSystemMetrics	0x49c54c
GetActiveWindow	0x49c550
CharNextW	0x49c554
wsprintfW	0x49c558
RedrawWindow	0x49c55c
DrawMenuBar	0x49c560
DestroyMenu	0x49c564
SetMenu	0x49c568
GetWindowTextLengthW	0x49c56c
CreateMenu	0x49c570
IsDlgButtonChecked	0x49c574
DefDlgProcW	0x49c578
CallWindowProcW	0x49c57c
ReleaseCapture	0x49c580
SetCapture	0x49c584
PeekMessageW	0x49c588
GetInputState	0x49c58c
UnregisterHotKey	0x49c590
CharLowerBuffW	0x49c594
MonitorFromPoint	0x49c598
MonitorFromRect	0x49c59c
LoadImageW	0x49c5a0
mouse_event	0x49c5a4
ExitWindowsEx	0x49c5a8
SetActiveWindow	0x49c5ac
FindWindowExW	0x49c5b0
EnumThreadWindows	0x49c5b4
SetMenuDefaultItem	0x49c5b8
InsertMenuItemW	0x49c5bc
IsMenu	0x49c5c0
ClientToScreen	0x49c5c4
GetCursorPos	0x49c5c8
DeleteMenu	0x49c5cc
CheckMenuRadioItem	0x49c5d0
GetMenuItemID	0x49c5d4
GetMenuItemCount	0x49c5d8
SetMenuItemInfoW	0x49c5dc
GetMenuItemInfoW	0x49c5e0
SetForegroundWindow	0x49c5e4
IsIconic	0x49c5e8
FindWindowW	0x49c5ec
SystemParametersInfoW	0x49c5f0
LockWindowUpdate	0x49c5f4
SendInput	0x49c5f8
GetAsyncKeyState	0x49c5fc
SetKeyboardState	0x49c600
GetKeyboardState	0x49c604
GetKeyState	0x49c608
VkKeyScanW	0x49c60c
LoadStringW	0x49c610
DialogBoxParamW	0x49c614
MessageBeep	0x49c618
EndDialog	0x49c61c
SendDlgItemMessageW	0x49c620
GetDlgItem	0x49c624
SetWindowTextW	0x49c628
CopyRect	0x49c62c
ReleaseDC	0x49c630
GetDC	0x49c634
EndPaint	0x49c638
BeginPaint	0x49c63c
GetClientRect	0x49c640
GetMenu	0x49c644
DestroyWindow	0x49c648
EnumWindows	0x49c64c
GetDesktopWindow	0x49c650
IsWindow	0x49c654
IsWindowEnabled	0x49c658
IsWindowVisible	0x49c65c
EnableWindow	0x49c660
InvalidateRect	0x49c664
GetWindowLongW	0x49c668
GetWindowThreadProcessId	0x49c66c
AttachThreadInput	0x49c670
GetFocus	0x49c674
GetWindowTextW	0x49c678
SendMessageTimeoutW	0x49c67c
EnumChildWindows	0x49c680
CharUpperBuffW	0x49c684
GetClassNameW	0x49c688
GetParent	0x49c68c
GetDlgCtrlID	0x49c690
SendMessageW	0x49c694
MapVirtualKeyW	0x49c698
PostMessageW	0x49c69c
GetWindowRect	0x49c6a0
SetUserObjectSecurity	0x49c6a4
CloseDesktop	0x49c6a8
CloseWindowStation	0x49c6ac
OpenDesktopW	0x49c6b0
RegisterHotKey	0x49c6b4
GetCursorInfo	0x49c6b8
SetWindowPos	0x49c6bc
CopyImage	0x49c6c0
AdjustWindowRectEx	0x49c6c4
SetRect	0x49c6c8
SetClipboardData	0x49c6cc
EmptyClipboard	0x49c6d0
CountClipboardFormats	0x49c6d4
CloseClipboard	0x49c6d8
GetClipboardData	0x49c6dc
IsClipboardFormatAvailable	0x49c6e0
OpenClipboard	0x49c6e4
BlockInput	0x49c6e8
TrackPopupMenuEx	0x49c6ec
GetMessageW	0x49c6f0
SetProcessWindowStation	0x49c6f4
GetProcessWindowStation	0x49c6f8
OpenWindowStationW	0x49c6fc
GetUserObjectSecurity	0x49c700
MessageBoxW	0x49c704
DefWindowProcW	0x49c708
MoveWindow	0x49c70c
SetFocus	0x49c710
PostQuitMessage	0x49c714
KillTimer	0x49c718
CreatePopupMenu	0x49c71c
RegisterWindowMessageW	0x49c720
SetTimer	0x49c724
ShowWindow	0x49c728
CreateWindowExW	0x49c72c
RegisterClassExW	0x49c730
LoadIconW	0x49c734
LoadCursorW	0x49c738
GetSysColorBrush	0x49c73c
GetForegroundWindow	0x49c740
MessageBoxA	0x49c744
DestroyIcon	0x49c748
DispatchMessageW	0x49c74c
keybd_event	0x49c750
TranslateMessage	0x49c754
ScreenToClient	0x49c758

Function	Address	Souspicious	Anti Debug
ImageList_ReplaceIcon	0x49c088
ImageList_Destroy	0x49c08c
ImageList_Remove	0x49c090
ImageList_SetDragCursorImage	0x49c094
ImageList_BeginDrag	0x49c098
ImageList_DragEnter	0x49c09c
ImageList_DragLeave	0x49c0a0
ImageList_EndDrag	0x49c0a4
ImageList_DragMove	0x49c0a8
InitCommonControlsEx	0x49c0ac
ImageList_Create	0x49c0b0

Name	Latest seen	MD5
go.exe	2024-05-25 13:47:02	8fd5d84bd93a95a1ff016b2cfb921405
well.exe	2024-05-30 13:35:02	dd9a4a97f676e1a67fbb26876cd1679b
go.exe	2024-05-30 14:12:02	2e1caaf0a1fb87d6d3ff1780cfe68bca
go.exe	2024-05-30 16:46:02	a2ea30062de6998cf64ff7590eb51b5a
well.exe	2024-05-30 16:58:02	8d2fcc23ecc609ef46b191353bb8da4c
anon.exe	2024-06-01 03:18:01	16faec5f9aeecaaa1ee5dd1911236618
random.exe	2024-06-04 22:56:02	1dc1aeb9d05e1693877fe7a78839bde5
dude.exe	2024-06-07 07:48:01	aaf735aafa732fc96d2091354795185a
random.exe	2024-06-14 16:27:07	eeca7475e0c5e8d6935c229b7c0d83d2
go.exe	2024-06-28 21:45:01	bfe4e166869e2c50d669054444f00f39
random.exe	2024-07-26 01:54:02	2671133e91863dbf94703fa872313a68
industries.exe	2024-07-26 03:00:02	b77405e92a8557ab11d1d6ed25d6b390
fodhelper.exe	2024-08-26 15:11:03	fcb34a54159d0de7cb5fa2fae1c82e72
csrss.exe	2024-08-27 08:14:03	a1c95767e2aae895bca002778203b26e
MeMpEng.exe	2024-08-29 09:53:01	27cd8bf989a43004d8dea02d83aa760e
MeMpEng.exe	2024-08-30 10:19:03	2de33a20655435a626ae19973654e95c
wels.exe	2024-09-21 10:41:02	0568c4bcf6acda54e2251b1e35929608
random.exe	2024-09-20 17:01:02	adbcf5048cb3fe3f89f45085751875b0
random.exe	2024-09-21 02:10:02	d23aac5d0b47654754a6e6d79085c871
well_clean.exe	2024-10-16 22:10:02	18e64b3509e95557b6614610df2fcf20
clean.exe	2024-10-16 22:48:02	acafa6fa58da4d3ec756a5cdac02e996