General

Malware Config

Signatures

Files

• c8aff7875b4cb18ab32a25ae82f9cdb35229b30232cab6c8bb835bd4c62c34f5

  .exe windows x86

  74049dfb008e04dc801074b384a97733

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  HeapLock

  CreateNamedPipeW

  GetExitCodeProcess

  DeactivateActCtx

  GetVersionExW

  GetConsoleCP

  GetConsoleAliasesLengthA

  GetDefaultCommConfigA

  FindFirstFileExA

  GetDriveTypeW

  FreeEnvironmentStringsW

  GetProcessPriorityBoost

  SetVolumeMountPointA

  SetCurrentDirectoryW

  GetLongPathNameA

  CopyFileW

  TlsGetValue

  LoadResource

  SetComputerNameExW

  SystemTimeToTzSpecificLocalTime

  FindAtomA

  ReleaseSemaphore

  CallNamedPipeW

  CreateMailslotW

  BuildCommDCBAndTimeoutsA

  VirtualProtect

  LoadLibraryA

  GlobalAlloc

  TryEnterCriticalSection

  GetCommandLineA

  InterlockedDecrement

  GetCalendarInfoA

  DeleteFileA

  CreateActCtxW

  OutputDebugStringA

  SetSystemTimeAdjustment

  SetPriorityClass

  WritePrivateProfileStringW

  GetProcessHeaps

  GlobalUnWire

  GetProcessHeap

  GetStartupInfoW

  GetDiskFreeSpaceExW

  GetCPInfoExW

  GetWindowsDirectoryA

  GetSystemWow64DirectoryW

  GetLastError

  GetProfileStringA

  WriteProfileSectionA

  GetProfileStringW

  GetConsoleCursorInfo

  SetLastError

  DeleteVolumeMountPointW

  DebugBreak

  GetPrivateProfileSectionW

  lstrcmpA

  ReadFileScatter

  SetConsoleMode

  GetSystemWindowsDirectoryA

  TerminateProcess

  GlobalFindAtomW

  FindCloseChangeNotification

  SetTapeParameters

  SetMailslotInfo

  InterlockedExchange

  DefineDosDeviceA

  FindVolumeMountPointClose

  EndUpdateResourceW

  WriteConsoleA

  GetSystemTimeAdjustment

  GetPrivateProfileSectionA

  WritePrivateProfileSectionA

  GetPrivateProfileStructW

  GetDriveTypeA

  GetFileAttributesExA

  FileTimeToLocalFileTime

  MoveFileA

  GetVolumePathNameW

  HeapUnlock

  lstrcmpW

  SetDefaultCommConfigA

  FindActCtxSectionGuid

  SetThreadContext

  MoveFileExW

  GlobalUnlock

  UnregisterWait

  BuildCommDCBA

  GlobalDeleteAtom

  OpenEventW

  TransmitCommChar

  WaitNamedPipeA

  GetPrivateProfileSectionNamesW

  FindResourceExW

  GetLocalTime

  SetLocalTime

  OpenSemaphoreA

  GetProcAddress

  SetFileShortNameW

  lstrcpyW

  VerLanguageNameW

  GetThreadSelectorEntry

  SetSystemTime

  SetConsoleCP

  GetConsoleAliasW

  FlushConsoleInputBuffer

  AllocConsole

  GetAtomNameW

  WriteConsoleInputA

  TransactNamedPipe

  GetCommState

  LockFile

  _lopen

  GetConsoleAliasExesLengthA

  GetWriteWatch

  GetConsoleOutputCP

  GetModuleHandleA

  WriteConsoleOutputCharacterW

  EnumDateFormatsW

  HeapReAlloc

  GetCommMask

  SetFilePointer

  FindClose

  SetFileApisToANSI

  CancelWaitableTimer

  GetCurrentProcessId

  SetNamedPipeHandleState

  GetCompressedFileSizeA

  FindNextVolumeMountPointW

  GetFullPathNameW

  WriteProfileStringW

  DeleteAtom

  GlobalAddAtomA

  AssignProcessToJobObject

  QueryDosDeviceW

  InitializeCriticalSection

  SetFirmwareEnvironmentVariableW

  GetBinaryTypeA

  CreateIoCompletionPort

  InterlockedIncrement

  Sleep

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  RaiseException

  RtlUnwind

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleFileNameW

  GetStartupInfoA

  WideCharToMultiByte

  MultiByteToWideChar

  LCMapStringA

  LCMapStringW

  GetCPInfo

  HeapValidate

  IsBadReadPtr

  GetModuleHandleW

  TlsAlloc

  TlsSetValue

  GetCurrentThreadId

  TlsFree

  GetStdHandle

  WriteFile

  WriteConsoleW

  GetFileType

  OutputDebugStringW

  ExitProcess

  LoadLibraryW

  GetModuleFileNameA

  SetHandleCount

  QueryPerformanceCounter

  GetTickCount

  GetSystemTimeAsFileTime

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  GetEnvironmentStringsW

  HeapDestroy

  HeapCreate

  HeapFree

  VirtualFree

  GetACP

  GetOEMCP

  IsValidCodePage

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  HeapAlloc

  HeapSize

  VirtualAlloc

  IsValidLocale

  EnumSystemLocalesA

  GetUserDefaultLCID

  FlushFileBuffers

  GetConsoleMode

  InitializeCriticalSectionAndSpinCount

  GetLocaleInfoW

  SetStdHandle

  CloseHandle

  CreateFileA

  user32

  OemToCharW

  Sections

  .text

  Size: 204KB - Virtual size: 203KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 177KB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gusizol

  Size: 512B - Virtual size: 5B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ