Basic Information:
------------------------------------------
Target OS: Windows
Target Arch: Intel 64bit
File Type: PE32+ Executable
Lang: C
Size: 26K
MD5SUM: 0f9fd9565e6eb157fa9be11ed9c1dc9f
Test Environment:
- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
  |--> MetaDefender
  |--> VirusTotal
------------------------------------------

Functions:
------------------------------------
- Registry
 \
  |--> RegOpenKeyExW
  |--> RegQueryValueExW
  |--> RegCloseKey

- Networking
 \
  |--> RpcServerRegisterIfEx
  |--> RpcMgmtStopServerListening
  |--> RpcServerUseProtseqEpW
  |--> RpcServerListen
  |--> RpcServerUnregisterIf

- Process
 \
  |--> CreateThread
  |--> ExitProcess
  |--> CloseHandle
  |--> WaitForSingleObject

- Memory Management
 \
  |--> GetProcessHeap
  |--> HeapAlloc
  |--> HeapFree
  |--> memset
  |--> memcmp
  |--> memcpy

- Evasive
 \
  |--> DeregisterEventSource

- System/Persistence
 \
  |--> RegisterServiceCtrlHandlerW
  |--> SetServiceStatus
  |--> StartServiceCtrlDispatcherW
  |--> ReportEventW

- Cryptography
 \
  |--> CryptReleaseContext
  |--> CryptDecrypt
  |--> CryptEncrypt
  |--> CryptDestroyKey
  |--> CryptImportKey
  |--> CryptCreateHash
  |--> CryptDestroyHash
  |--> CryptGenRandom
  |--> CryptSetHashParam
  |--> CryptGetHashParam
  |--> CryptAcquireContextW
  |--> CryptHashData

- Information gathering
 \
  |--> GetSystemDefaultLCID
  |--> RegisterEventSourceW

- Other/Unknown
 \
  |--> GetLastError
  |--> NdrServerCall2
  |--> wcslen
  |--> _wcsicmp
------------------------------------

Abilites:
-------------------------------------------------
- Possibly tries to implement anti-virtualization techniques. 
- It scans networks and tries to find hosts.
- It tries to contact domains
 \
  |--> Domain: _ldap._tcp.dc._msdcs.scl3.dc
-------------------------------------------------

Connections:
---------------------------------------------------
- Domains
 \
  |-->  _ldap._tcp.dc._msdcs.scl3.dc
   \--> Host seems randomly generated by the program.(Host is down.)
---------------------------------------------------

Detected by:
-----------------------------------------
- VirusTotal
 \
  |--> 37/70

- Hybrid Analysis
 \
  |--> CrowdStrike Falcon
   \-> N/A
   /
  |--> MetaDefender
   \-> %31
   /
  |--> VirusTotal
   \-> %51

- Qu1cksc0pe
 \
  |-> [Threat Level]: Potentially Malicious.
  
- Scan reports
 \
  |--> Hybrid Analysis
   \-> https://www.hybrid-analysis.com/sample/7565255f0a28d065f8f30f876e7df3e46ef2e6fedf420eca7d454cf49887b2de
   /
  |--> VirusTotal
   \-> https://www.virustotal.com/gui/file/7565255f0a28d065f8f30f876e7df3e46ef2e6fedf420eca7d454cf49887b2de/detection
-----------------------------------------

Linked DLL Files:
---------------------------------
- msvcrt.dll
- KERNEL32.dll
- ADVAPI32.dll
- RPCRT4.dll
---------------------------------

Used Tools During Tests:
----------------------------------------------
- Qu1cksc0pe
 \
  |--> https://github.com/CYB3RMX/Qu1cksc0pe

- Sandbox Environments
 \
  |--> https://www.virustotal.com
  |--> https://www.hybrid-analysis.com

- Rabin2
----------------------------------------------