DigitalSide Threat Intel

well_clean.exe

First submission 2024-10-16 22:10:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 898.5 KB (920064 bytes)
Compile time: 2024-10-14 20:56:09
MD5: 18e64b3509e95557b6614610df2fcf20
SHA1: dcbea276ba28e6b87a4a7c92de8af0d8b5b96672
SHA256: 3c758f6490891a556c3d5c6a80d1b64214c57dfc1a5b06f7e1bae0ca427f9188
Import Hash : 948cc502fe9226992dce9417f952fce3
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 22/77 VT report date: 2024-10-16 02:58:43
Malware Type 1 trojan
Threat Type 3 autoit qeoft redcap

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.103/test/well_clean.exe VirusTotal Report 185.215.113.103 VirusTotal Report 2024-10-16 22:10:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x9ab1d 633856 25c1457c129ee77c0aaf98beb58f3526677687d4 0a1473f3064dcbc32ef93c5c8a90f3a6
.rdata 0x9c000 0x2fb82 195584 dd2c684a16b3f370a7c66588627005befd670b80 c9cf2468b60bf4f80f136ed54b3989fb
.data 0xcc000 0x706c 18432 b958d08b90b56aff3f2e0d6daf36b91c8f31ca4c 53b9025d545d65e23295e30afdbd16d9
.rsrc 0xd4000 0x9ff4 40960 27f6a8db90dfb3fcf79336c14a771376c9778eda d4d5cb464ad36544501e0f8c016bf505
.reloc 0xde000 0x7594 30208 359f6b9001cbad77104e5ed741f6d8024a1e6ffd c68ee8931a32d45eb82dc450ee40efc3

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xda038 1128
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_UK 0xda4a0 80
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_UK 0xdc660 344
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0xdc7b8 4796
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xddb14 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_UK 0xddb28 220
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_UK 0xddc04 1007

Meta infos 1

Translation: 0x0809 0x04b0

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 12

FindWindowExW
FindWindowW
GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
KERNEL32.dll
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
UxTheme.dll
SHELL32.dll
WININET.dll
OLEAUT32.dll
USER32.dll
VERSION.dll
PSAPI.DLL
USERENV.dll
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
MPR.dll
WINMM.dll
IPHLPAPI.DLL
GDI32.dll
WSOCK32.dll

Strings analysis - Possible IPs found 1

255.255.255.255

Import functions

Function Address Souspicious Anti Debug
WNetGetConnectionW 0x49c408
WNetCancelConnection2W 0x49c40c
WNetUseConnectionW 0x49c410
WNetAddConnection2W 0x49c414
Function Address Souspicious Anti Debug
GetSaveFileNameW 0x49c0b8
GetOpenFileNameW 0x49c0bc
Function Address Souspicious Anti Debug
GetFileVersionInfoW 0x49c77c
VerQueryValueW 0x49c780
GetFileVersionInfoSizeW 0x49c784
Function Address Souspicious Anti Debug
CreateStdDispatch 0x49c41c
CreateDispTypeInfo 0x49c420
UnRegisterTypeLib 0x49c424
UnRegisterTypeLibForUser 0x49c428
RegisterTypeLibForUser 0x49c42c
RegisterTypeLib 0x49c430
LoadTypeLibEx 0x49c434
VariantCopyInd 0x49c438
SysReAllocString 0x49c43c
SysFreeString 0x49c440
VariantChangeType 0x49c444
SafeArrayDestroyData 0x49c448
SafeArrayUnaccessData 0x49c44c
SafeArrayAccessData 0x49c450
SafeArrayAllocData 0x49c454
SafeArrayAllocDescriptorEx 0x49c458
SafeArrayCreateVector 0x49c45c
SysStringLen 0x49c460
QueryPathOfRegTypeLib 0x49c464
SysAllocString 0x49c468
VariantInit 0x49c46c
VariantClear 0x49c470
DispCallFunc 0x49c474
VariantTimeToSystemTime 0x49c478
VarR8FromDec 0x49c47c
SafeArrayGetVartype 0x49c480
SafeArrayDestroyDescriptor 0x49c484
VariantCopy 0x49c488
OleLoadPicture 0x49c48c
Function Address Souspicious Anti Debug
timeGetTime 0x49c7c8
waveOutSetVolume 0x49c7cc
mciSendStringW 0x49c7d0
Function Address Souspicious Anti Debug
HttpOpenRequestW 0x49c78c
InternetCloseHandle 0x49c790
InternetOpenW 0x49c794
InternetSetOptionW 0x49c798
InternetCrackUrlW 0x49c79c
HttpQueryInfoW 0x49c7a0
InternetQueryOptionW 0x49c7a4
InternetConnectW 0x49c7a8
HttpSendRequestW 0x49c7ac
FtpOpenFileW 0x49c7b0
FtpGetFileSize 0x49c7b4
InternetOpenUrlW 0x49c7b8
InternetReadFile 0x49c7bc
InternetQueryDataAvailable 0x49c7c0
Function Address Souspicious Anti Debug
EndPath 0x49c0c4
DeleteObject 0x49c0c8
GetTextExtentPoint32W 0x49c0cc
ExtCreatePen 0x49c0d0
StrokeAndFillPath 0x49c0d4
GetDeviceCaps 0x49c0d8
SetPixel 0x49c0dc
CloseFigure 0x49c0e0
LineTo 0x49c0e4
AngleArc 0x49c0e8
MoveToEx 0x49c0ec
Ellipse 0x49c0f0
CreateCompatibleBitmap 0x49c0f4
CreateCompatibleDC 0x49c0f8
PolyDraw 0x49c0fc
BeginPath 0x49c100
Rectangle 0x49c104
SetViewportOrgEx 0x49c108
GetObjectW 0x49c10c
SetBkMode 0x49c110
RoundRect 0x49c114
SetBkColor 0x49c118
CreatePen 0x49c11c
SelectObject 0x49c120
StretchBlt 0x49c124
CreateSolidBrush 0x49c128
SetTextColor 0x49c12c
CreateFontW 0x49c130
GetTextFaceW 0x49c134
GetStockObject 0x49c138
CreateDCW 0x49c13c
GetPixel 0x49c140
DeleteDC 0x49c144
GetDIBits 0x49c148
StrokePath 0x49c14c
Function Address Souspicious Anti Debug
DragFinish 0x49c49c
DragQueryPoint 0x49c4a0
ShellExecuteExW 0x49c4a4
DragQueryFileW 0x49c4a8
SHEmptyRecycleBinW 0x49c4ac
SHGetPathFromIDListW 0x49c4b0
SHBrowseForFolderW 0x49c4b4
SHCreateShellItem 0x49c4b8
SHGetDesktopFolder 0x49c4bc
SHGetSpecialFolderLocation 0x49c4c0
SHGetFolderPathW 0x49c4c4
SHFileOperationW 0x49c4c8
ExtractIconExW 0x49c4cc
Shell_NotifyIconW 0x49c4d0
ShellExecuteW 0x49c4d4
Function Address Souspicious Anti Debug
DuplicateHandle 0x49c164
CreateThread 0x49c168
WaitForSingleObject 0x49c16c
HeapAlloc 0x49c170
GetProcessHeap 0x49c174
HeapFree 0x49c178
Sleep 0x49c17c
GetCurrentThreadId 0x49c180
MultiByteToWideChar 0x49c184
MulDiv 0x49c188
GetVersionExW 0x49c18c
IsWow64Process 0x49c190
GetSystemInfo 0x49c194
FreeLibrary 0x49c198
LoadLibraryA 0x49c19c
GetProcAddress 0x49c1a0
SetErrorMode 0x49c1a4
GetModuleFileNameW 0x49c1a8
WideCharToMultiByte 0x49c1ac
lstrcpyW 0x49c1b0
lstrlenW 0x49c1b4
GetModuleHandleW 0x49c1b8
QueryPerformanceCounter 0x49c1bc
VirtualFreeEx 0x49c1c0
OpenProcess 0x49c1c4
VirtualAllocEx 0x49c1c8
WriteProcessMemory 0x49c1cc
ReadProcessMemory 0x49c1d0
CreateFileW 0x49c1d4
SetFilePointerEx 0x49c1d8
SetEndOfFile 0x49c1dc
ReadFile 0x49c1e0
WriteFile 0x49c1e4
FlushFileBuffers 0x49c1e8
TerminateProcess 0x49c1ec
CreateToolhelp32Snapshot 0x49c1f0
Process32FirstW 0x49c1f4
Process32NextW 0x49c1f8
SetFileTime 0x49c1fc
GetFileAttributesW 0x49c200
FindFirstFileW 0x49c204
FindClose 0x49c208
GetLongPathNameW 0x49c20c
GetShortPathNameW 0x49c210
DeleteFileW 0x49c214
IsDebuggerPresent 0x49c218
CopyFileExW 0x49c21c
MoveFileW 0x49c220
CreateDirectoryW 0x49c224
RemoveDirectoryW 0x49c228
SetSystemPowerState 0x49c22c
QueryPerformanceFrequency 0x49c230
LoadResource 0x49c234
LockResource 0x49c238
SizeofResource 0x49c23c
OutputDebugStringW 0x49c240
GetTempPathW 0x49c244
GetTempFileNameW 0x49c248
DeviceIoControl 0x49c24c
LoadLibraryW 0x49c250
GetLocalTime 0x49c254
CompareStringW 0x49c258
GetCurrentThread 0x49c25c
EnterCriticalSection 0x49c260
LeaveCriticalSection 0x49c264
GetStdHandle 0x49c268
CreatePipe 0x49c26c
InterlockedExchange 0x49c270
TerminateThread 0x49c274
LoadLibraryExW 0x49c278
FindResourceExW 0x49c27c
CopyFileW 0x49c280
VirtualFree 0x49c284
FormatMessageW 0x49c288
GetExitCodeProcess 0x49c28c
GetPrivateProfileStringW 0x49c290
WritePrivateProfileStringW 0x49c294
GetPrivateProfileSectionW 0x49c298
WritePrivateProfileSectionW 0x49c29c
GetPrivateProfileSectionNamesW 0x49c2a0
FileTimeToLocalFileTime 0x49c2a4
FileTimeToSystemTime 0x49c2a8
SystemTimeToFileTime 0x49c2ac
LocalFileTimeToFileTime 0x49c2b0
GetDriveTypeW 0x49c2b4
GetDiskFreeSpaceExW 0x49c2b8
GetDiskFreeSpaceW 0x49c2bc
GetVolumeInformationW 0x49c2c0
SetVolumeLabelW 0x49c2c4
CreateHardLinkW 0x49c2c8
SetFileAttributesW 0x49c2cc
CreateEventW 0x49c2d0
SetEvent 0x49c2d4
GetEnvironmentVariableW 0x49c2d8
SetEnvironmentVariableW 0x49c2dc
GlobalLock 0x49c2e0
GlobalUnlock 0x49c2e4
GlobalAlloc 0x49c2e8
GetFileSize 0x49c2ec
GlobalFree 0x49c2f0
GlobalMemoryStatusEx 0x49c2f4
Beep 0x49c2f8
GetSystemDirectoryW 0x49c2fc
HeapReAlloc 0x49c300
HeapSize 0x49c304
GetComputerNameW 0x49c308
GetWindowsDirectoryW 0x49c30c
GetCurrentProcessId 0x49c310
GetProcessIoCounters 0x49c314
CreateProcessW 0x49c318
GetProcessId 0x49c31c
SetPriorityClass 0x49c320
VirtualAlloc 0x49c324
GetCurrentDirectoryW 0x49c328
lstrcmpiW 0x49c32c
DecodePointer 0x49c330
GetLastError 0x49c334
RaiseException 0x49c338
InitializeCriticalSectionAndSpinCount 0x49c33c
DeleteCriticalSection 0x49c340
InterlockedDecrement 0x49c344
InterlockedIncrement 0x49c348
ResetEvent 0x49c34c
WaitForSingleObjectEx 0x49c350
IsProcessorFeaturePresent 0x49c354
UnhandledExceptionFilter 0x49c358
SetUnhandledExceptionFilter 0x49c35c
GetCurrentProcess 0x49c360
CloseHandle 0x49c364
GetFullPathNameW 0x49c368
GetStartupInfoW 0x49c36c
GetSystemTimeAsFileTime 0x49c370
InitializeSListHead 0x49c374
RtlUnwind 0x49c378
SetLastError 0x49c37c
TlsAlloc 0x49c380
TlsGetValue 0x49c384
TlsSetValue 0x49c388
TlsFree 0x49c38c
EncodePointer 0x49c390
ExitProcess 0x49c394
GetModuleHandleExW 0x49c398
ExitThread 0x49c39c
ResumeThread 0x49c3a0
FreeLibraryAndExitThread 0x49c3a4
GetACP 0x49c3a8
GetDateFormatW 0x49c3ac
GetTimeFormatW 0x49c3b0
LCMapStringW 0x49c3b4
GetStringTypeW 0x49c3b8
GetFileType 0x49c3bc
SetStdHandle 0x49c3c0
GetConsoleCP 0x49c3c4
GetConsoleMode 0x49c3c8
ReadConsoleW 0x49c3cc
GetTimeZoneInformation 0x49c3d0
FindFirstFileExW 0x49c3d4
IsValidCodePage 0x49c3d8
GetOEMCP 0x49c3dc
GetCPInfo 0x49c3e0
GetCommandLineA 0x49c3e4
GetCommandLineW 0x49c3e8
GetEnvironmentStringsW 0x49c3ec
FreeEnvironmentStringsW 0x49c3f0
SetEnvironmentVariableA 0x49c3f4
SetCurrentDirectoryW 0x49c3f8
FindNextFileW 0x49c3fc
WriteConsoleW 0x49c400
Function Address Souspicious Anti Debug
IsThemeActive 0x49c774
Function Address Souspicious Anti Debug
gethostbyname 0x49c7d8
recv 0x49c7dc
send 0x49c7e0
socket 0x49c7e4
inet_ntoa 0x49c7e8
setsockopt 0x49c7ec
ntohs 0x49c7f0
WSACleanup 0x49c7f4
WSAStartup 0x49c7f8
sendto 0x49c7fc
htons 0x49c800
__WSAFDIsSet 0x49c804
select 0x49c808
accept 0x49c80c
listen 0x49c810
bind 0x49c814
inet_addr 0x49c818
ioctlsocket 0x49c81c
recvfrom 0x49c820
WSAGetLastError 0x49c824
closesocket 0x49c828
gethostname 0x49c82c
connect 0x49c830
Function Address Souspicious Anti Debug
IcmpSendEcho 0x49c154
IcmpCloseHandle 0x49c158
IcmpCreateFile 0x49c15c
Function Address Souspicious Anti Debug
GetAce 0x49c000
RegEnumValueW 0x49c004
RegDeleteValueW 0x49c008
RegDeleteKeyW 0x49c00c
RegEnumKeyExW 0x49c010
RegSetValueExW 0x49c014
RegOpenKeyExW 0x49c018
RegCloseKey 0x49c01c
RegQueryValueExW 0x49c020
RegConnectRegistryW 0x49c024
InitializeSecurityDescriptor 0x49c028
InitializeAcl 0x49c02c
AdjustTokenPrivileges 0x49c030
OpenThreadToken 0x49c034
OpenProcessToken 0x49c038
LookupPrivilegeValueW 0x49c03c
DuplicateTokenEx 0x49c040
CreateProcessAsUserW 0x49c044
CreateProcessWithLogonW 0x49c048
GetLengthSid 0x49c04c
CopySid 0x49c050
LogonUserW 0x49c054
AllocateAndInitializeSid 0x49c058
CheckTokenMembership 0x49c05c
FreeSid 0x49c060
GetTokenInformation 0x49c064
RegCreateKeyExW 0x49c068
GetSecurityDescriptorDacl 0x49c06c
GetAclInformation 0x49c070
GetUserNameW 0x49c074
AddAce 0x49c078
SetSecurityDescriptorDacl 0x49c07c
InitiateSystemShutdownExW 0x49c080
Function Address Souspicious Anti Debug
GetProcessMemoryInfo 0x49c494
Function Address Souspicious Anti Debug
DestroyEnvironmentBlock 0x49c760
LoadUserProfileW 0x49c764
CreateEnvironmentBlock 0x49c768
UnloadUserProfile 0x49c76c
Function Address Souspicious Anti Debug
CoTaskMemAlloc 0x49c838
CoTaskMemFree 0x49c83c
CLSIDFromString 0x49c840
ProgIDFromCLSID 0x49c844
CLSIDFromProgID 0x49c848
OleSetMenuDescriptor 0x49c84c
MkParseDisplayName 0x49c850
OleSetContainedObject 0x49c854
CoCreateInstance 0x49c858
IIDFromString 0x49c85c
StringFromGUID2 0x49c860
CreateStreamOnHGlobal 0x49c864
OleInitialize 0x49c868
OleUninitialize 0x49c86c
CoInitialize 0x49c870
CoUninitialize 0x49c874
GetRunningObjectTable 0x49c878
CoGetInstanceFromFile 0x49c87c
CoGetObject 0x49c880
CoInitializeSecurity 0x49c884
CoCreateInstanceEx 0x49c888
CoSetProxyBlanket 0x49c88c
Function Address Souspicious Anti Debug
GetKeyboardLayoutNameW 0x49c4dc
IsCharAlphaW 0x49c4e0
IsCharAlphaNumericW 0x49c4e4
IsCharLowerW 0x49c4e8
IsCharUpperW 0x49c4ec
GetMenuStringW 0x49c4f0
GetSubMenu 0x49c4f4
GetCaretPos 0x49c4f8
IsZoomed 0x49c4fc
GetMonitorInfoW 0x49c500
SetWindowLongW 0x49c504
SetLayeredWindowAttributes 0x49c508
FlashWindow 0x49c50c
GetClassLongW 0x49c510
TranslateAcceleratorW 0x49c514
IsDialogMessageW 0x49c518
GetSysColor 0x49c51c
InflateRect 0x49c520
DrawFocusRect 0x49c524
DrawTextW 0x49c528
FrameRect 0x49c52c
DrawFrameControl 0x49c530
FillRect 0x49c534
PtInRect 0x49c538
DestroyAcceleratorTable 0x49c53c
CreateAcceleratorTableW 0x49c540
SetCursor 0x49c544
GetWindowDC 0x49c548
GetSystemMetrics 0x49c54c
GetActiveWindow 0x49c550
CharNextW 0x49c554
wsprintfW 0x49c558
RedrawWindow 0x49c55c
DrawMenuBar 0x49c560
DestroyMenu 0x49c564
SetMenu 0x49c568
GetWindowTextLengthW 0x49c56c
CreateMenu 0x49c570
IsDlgButtonChecked 0x49c574
DefDlgProcW 0x49c578
CallWindowProcW 0x49c57c
ReleaseCapture 0x49c580
SetCapture 0x49c584
PeekMessageW 0x49c588
GetInputState 0x49c58c
UnregisterHotKey 0x49c590
CharLowerBuffW 0x49c594
MonitorFromPoint 0x49c598
MonitorFromRect 0x49c59c
LoadImageW 0x49c5a0
mouse_event 0x49c5a4
ExitWindowsEx 0x49c5a8
SetActiveWindow 0x49c5ac
FindWindowExW 0x49c5b0
EnumThreadWindows 0x49c5b4
SetMenuDefaultItem 0x49c5b8
InsertMenuItemW 0x49c5bc
IsMenu 0x49c5c0
ClientToScreen 0x49c5c4
GetCursorPos 0x49c5c8
DeleteMenu 0x49c5cc
CheckMenuRadioItem 0x49c5d0
GetMenuItemID 0x49c5d4
GetMenuItemCount 0x49c5d8
SetMenuItemInfoW 0x49c5dc
GetMenuItemInfoW 0x49c5e0
SetForegroundWindow 0x49c5e4
IsIconic 0x49c5e8
FindWindowW 0x49c5ec
SystemParametersInfoW 0x49c5f0
LockWindowUpdate 0x49c5f4
SendInput 0x49c5f8
GetAsyncKeyState 0x49c5fc
SetKeyboardState 0x49c600
GetKeyboardState 0x49c604
GetKeyState 0x49c608
VkKeyScanW 0x49c60c
LoadStringW 0x49c610
DialogBoxParamW 0x49c614
MessageBeep 0x49c618
EndDialog 0x49c61c
SendDlgItemMessageW 0x49c620
GetDlgItem 0x49c624
SetWindowTextW 0x49c628
CopyRect 0x49c62c
ReleaseDC 0x49c630
GetDC 0x49c634
EndPaint 0x49c638
BeginPaint 0x49c63c
GetClientRect 0x49c640
GetMenu 0x49c644
DestroyWindow 0x49c648
EnumWindows 0x49c64c
GetDesktopWindow 0x49c650
IsWindow 0x49c654
IsWindowEnabled 0x49c658
IsWindowVisible 0x49c65c
EnableWindow 0x49c660
InvalidateRect 0x49c664
GetWindowLongW 0x49c668
GetWindowThreadProcessId 0x49c66c
AttachThreadInput 0x49c670
GetFocus 0x49c674
GetWindowTextW 0x49c678
SendMessageTimeoutW 0x49c67c
EnumChildWindows 0x49c680
CharUpperBuffW 0x49c684
GetClassNameW 0x49c688
GetParent 0x49c68c
GetDlgCtrlID 0x49c690
SendMessageW 0x49c694
MapVirtualKeyW 0x49c698
PostMessageW 0x49c69c
GetWindowRect 0x49c6a0
SetUserObjectSecurity 0x49c6a4
CloseDesktop 0x49c6a8
CloseWindowStation 0x49c6ac
OpenDesktopW 0x49c6b0
RegisterHotKey 0x49c6b4
GetCursorInfo 0x49c6b8
SetWindowPos 0x49c6bc
CopyImage 0x49c6c0
AdjustWindowRectEx 0x49c6c4
SetRect 0x49c6c8
SetClipboardData 0x49c6cc
EmptyClipboard 0x49c6d0
CountClipboardFormats 0x49c6d4
CloseClipboard 0x49c6d8
GetClipboardData 0x49c6dc
IsClipboardFormatAvailable 0x49c6e0
OpenClipboard 0x49c6e4
BlockInput 0x49c6e8
TrackPopupMenuEx 0x49c6ec
GetMessageW 0x49c6f0
SetProcessWindowStation 0x49c6f4
GetProcessWindowStation 0x49c6f8
OpenWindowStationW 0x49c6fc
GetUserObjectSecurity 0x49c700
MessageBoxW 0x49c704
DefWindowProcW 0x49c708
MoveWindow 0x49c70c
SetFocus 0x49c710
PostQuitMessage 0x49c714
KillTimer 0x49c718
CreatePopupMenu 0x49c71c
RegisterWindowMessageW 0x49c720
SetTimer 0x49c724
ShowWindow 0x49c728
CreateWindowExW 0x49c72c
RegisterClassExW 0x49c730
LoadIconW 0x49c734
LoadCursorW 0x49c738
GetSysColorBrush 0x49c73c
GetForegroundWindow 0x49c740
MessageBoxA 0x49c744
DestroyIcon 0x49c748
DispatchMessageW 0x49c74c
keybd_event 0x49c750
TranslateMessage 0x49c754
ScreenToClient 0x49c758
Function Address Souspicious Anti Debug
ImageList_ReplaceIcon 0x49c088
ImageList_Destroy 0x49c08c
ImageList_Remove 0x49c090
ImageList_SetDragCursorImage 0x49c094
ImageList_BeginDrag 0x49c098
ImageList_DragEnter 0x49c09c
ImageList_DragLeave 0x49c0a0
ImageList_EndDrag 0x49c0a4
ImageList_DragMove 0x49c0a8
InitCommonControlsEx 0x49c0ac
ImageList_Create 0x49c0b0

Related files by ImpHash 21 948cc502fe9226992dce9417f952fce3

Name Latest seen MD5
go.exe 2024-05-25 13:47:02 8fd5d84bd93a95a1ff016b2cfb921405
well.exe 2024-05-30 13:35:02 dd9a4a97f676e1a67fbb26876cd1679b
go.exe 2024-05-30 14:12:02 2e1caaf0a1fb87d6d3ff1780cfe68bca
go.exe 2024-05-30 16:46:02 a2ea30062de6998cf64ff7590eb51b5a
well.exe 2024-05-30 16:58:02 8d2fcc23ecc609ef46b191353bb8da4c
anon.exe 2024-06-01 03:18:01 16faec5f9aeecaaa1ee5dd1911236618
random.exe 2024-06-04 22:56:02 1dc1aeb9d05e1693877fe7a78839bde5
dude.exe 2024-06-07 07:48:01 aaf735aafa732fc96d2091354795185a
random.exe 2024-06-14 16:27:07 eeca7475e0c5e8d6935c229b7c0d83d2
go.exe 2024-06-28 21:45:01 bfe4e166869e2c50d669054444f00f39
random.exe 2024-07-26 01:54:02 2671133e91863dbf94703fa872313a68
industries.exe 2024-07-26 03:00:02 b77405e92a8557ab11d1d6ed25d6b390
fodhelper.exe 2024-08-26 15:11:03 fcb34a54159d0de7cb5fa2fae1c82e72
csrss.exe 2024-08-27 08:14:03 a1c95767e2aae895bca002778203b26e
MeMpEng.exe 2024-08-29 09:53:01 27cd8bf989a43004d8dea02d83aa760e
MeMpEng.exe 2024-08-30 10:19:03 2de33a20655435a626ae19973654e95c
wels.exe 2024-09-21 10:41:02 0568c4bcf6acda54e2251b1e35929608
random.exe 2024-09-20 17:01:02 adbcf5048cb3fe3f89f45085751875b0
random.exe 2024-09-21 02:10:02 d23aac5d0b47654754a6e6d79085c871
login.exe 2024-10-16 22:47:02 0538d8a54c0f7b2af395ff7322714d0b
clean.exe 2024-10-16 22:48:02 acafa6fa58da4d3ec756a5cdac02e996