General

Malware Config

Signatures

Files

• db2884a9012cf6e8ea5b3fabb0d02a9487eb412e75085b37188d5e8f4ada7ca9

  .exe windows x86

  2328c4172ef2beda911e34c8cfcbeb5d

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  ExitProcess

  CreateMutexW

  GetSystemDefaultUILanguage

  SetErrorMode

  WaitForSingleObject

  GetComputerNameW

  GetCommandLineA

  GetDriveTypeA

  InitializeCriticalSection

  OpenProcess

  GetSystemDirectoryW

  TerminateProcess

  GetModuleFileNameW

  ExitThread

  MultiByteToWideChar

  lstrlenW

  VirtualUnlock

  GetSystemInfo

  WaitForMultipleObjects

  lstrcmpiW

  lstrcatW

  GetUserDefaultUILanguage

  DeleteCriticalSection

  GetShortPathNameW

  GetWindowsDirectoryW

  lstrcpyW

  GetVolumeInformationW

  CreateThread

  lstrcpyA

  Sleep

  lstrcmpiA

  Process32FirstW

  Process32NextW

  CreateToolhelp32Snapshot

  LeaveCriticalSection

  EnterCriticalSection

  VirtualLock

  FindFirstFileW

  lstrcmpW

  MoveFileW

  FindClose

  FindNextFileW

  GetSystemTime

  GetNativeSystemInfo

  GetDriveTypeW

  GetDiskFreeSpaceW

  VerSetConditionMask

  VerifyVersionInfoW

  LoadLibraryA

  LocalAlloc

  LocalFree

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  WriteFile

  SetFilePointerEx

  HeapReAlloc

  lstrlenA

  ExpandEnvironmentStringsW

  CloseHandle

  GetModuleHandleA

  DeviceIoControl

  VirtualAlloc

  GetProcAddress

  CreateFileW

  ReadFile

  GetProcessHeap

  VirtualFree

  GetModuleHandleW

  HeapFree

  GetCurrentProcess

  HeapAlloc

  GetTickCount

  FlushFileBuffers

  OutputDebugStringW

  RtlUnwind

  LoadLibraryExW

  GetStdHandle

  LCMapStringW

  IsProcessorFeaturePresent

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  SetLastError

  GetCurrentThreadId

  EncodePointer

  DecodePointer

  GetModuleHandleExW

  WideCharToMultiByte

  GetStringTypeW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  TlsGetValue

  TlsSetValue

  IsDebuggerPresent

  WriteConsoleW

  user32

  wsprintfW

  GetForegroundWindow

  advapi32

  RegOpenKeyExW

  GetTokenInformation

  GetSidSubAuthorityCount

  GetSidSubAuthority

  OpenProcessToken

  GetUserNameW

  CryptDestroyKey

  CryptGenKey

  CryptEncrypt

  CryptImportKey

  CryptReleaseContext

  CryptGetKeyParam

  CryptAcquireContextW

  CryptExportKey

  RegSetValueExW

  RegCloseKey

  RegQueryValueExW

  RegCreateKeyExW

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteW

  ShellExecuteExW

  mpr

  WNetCloseEnum

  WNetOpenEnumW

  WNetEnumResourceW

  wininet

  HttpQueryInfoA

  HttpSendRequestW

  InternetConnectW

  InternetOpenW

  InternetCloseHandle

  HttpOpenRequestW

  Sections

  .text

  Size: 57KB - Virtual size: 57KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 41KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .text

  Size: 63KB - Virtual size: 64KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE