General

Malware Config

Signatures

Files

• locale_772.dll.7z

  .7z

  Password: infected

• locale_772.dll

  .dll windows x64

  fc757a794fc47f894905468f1e90a498

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  GetUserNameA

  kernel32

  CloseHandle

  CreateFileA

  CreateFileMappingA

  CreateThread

  DeleteCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetComputerNameA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetModuleHandleA

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  IsDBCSLeadByteEx

  LeaveCriticalSection

  MapViewOfFile

  MultiByteToWideChar

  QueryPerformanceCounter

  RtlAddFunctionTable

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsGetValue

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualProtect

  VirtualQuery

  WideCharToMultiByte

  msvcrt

  ___lc_codepage_func

  ___mb_cur_max_func

  __iob_func

  _amsg_exit

  _errno

  _initterm

  _lock

  _unlock

  abort

  calloc

  fputc

  free

  fwrite

  localeconv

  malloc

  memcpy

  memmove

  realloc

  signal

  strcmp

  strerror

  strlen

  strncmp

  vfprintf

  wcslen

  psapi

  GetModuleInformation

  wininet

  HttpOpenRequestA

  HttpSendRequestA

  InternetCloseHandle

  InternetConnectA

  InternetOpenA

  Exports

  Exports

  COMPUTERNAME

  COMPUTERNAME_LEN

  C_DIR

  C_TEMP_DIR

  KEY

  SEARCH_PATHS

  SEARCH_PATHS_LEN

  USERNAME

  USERNAME_LEN

  _Z3XORPcyPKcy

  _Z3exePh

  _Z3runv

  _Z7httpLogPKcz

  _Z7sprintfPcPKcz

  _Z9ntRefreshv

  payload

  payload_len

  Sections

  .text

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 260KB - Virtual size: 259KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 5KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 112B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ