Errors

General

Malware Config

Signatures

Files

• 20bd2c0698859a509073f5146c859cbbb126e5517f682c41865ec9ebc6d37107

  .exe windows x86

  c6965e5aacc39299c42a5af86d1cb9cd

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetConsoleAliasExesW

  EnumTimeFormatsW

  GetUserDefaultLangID

  GetCommandLineA

  GetDriveTypeA

  InitializeCriticalSection

  GlobalAlloc

  IsValidLocale

  TerminateThread

  GetThreadSelectorEntry

  GetCalendarInfoW

  FormatMessageW

  GetSystemTimeAdjustment

  GetVersionExW

  SetConsoleCP

  WritePrivateProfileStructW

  CreateSemaphoreA

  GetFileAttributesW

  SetMessageWaitingIndicator

  IsBadWritePtr

  GetAtomNameW

  GetCompressedFileSizeA

  GetTimeZoneInformation

  lstrlenW

  GetFileSizeEx

  SetThreadLocale

  FindFirstFileA

  InterlockedFlushSList

  GetCurrentDirectoryW

  BindIoCompletionCallback

  ReadConsoleOutputCharacterA

  GetLongPathNameA

  HeapSize

  DefineDosDeviceW

  IsValidCodePage

  GetFirmwareEnvironmentVariableW

  EnumSystemCodePagesW

  SetComputerNameA

  SetFileTime

  SetFileAttributesA

  PrepareTape

  GetProcessVersion

  LoadLibraryA

  OpenMutexA

  InterlockedExchangeAdd

  LocalAlloc

  DeleteTimerQueue

  OpenEventA

  HeapLock

  GetCommMask

  AddAtomA

  GetThreadPriority

  CreateIoCompletionPort

  WaitCommEvent

  GetModuleHandleA

  UpdateResourceW

  FreeEnvironmentStringsW

  VirtualProtect

  OpenEventW

  GetShortPathNameW

  OutputDebugStringA

  DuplicateHandle

  SetProcessShutdownParameters

  CloseHandle

  MoveFileWithProgressW

  GetFileInformationByHandle

  FindNextVolumeA

  WriteProcessMemory

  lstrcpyW

  CreateFileW

  ReadConsoleW

  ReadFile

  FlushFileBuffers

  WriteConsoleW

  SetStdHandle

  OutputDebugStringW

  FormatMessageA

  GetPrivateProfileStringW

  IsBadReadPtr

  GetCommProperties

  SleepEx

  OpenSemaphoreA

  QueryDosDeviceA

  OpenJobObjectA

  InterlockedIncrement

  WriteConsoleOutputCharacterA

  GetCPInfo

  TlsGetValue

  WritePrivateProfileStructA

  lstrlenA

  GetCommModemStatus

  CreateTimerQueue

  GetFullPathNameA

  GetVolumeNameForVolumeMountPointA

  SetTimerQueueTimer

  GetFullPathNameW

  EncodePointer

  DecodePointer

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WideCharToMultiByte

  MultiByteToWideChar

  GetStringTypeW

  GetLastError

  HeapFree

  RaiseException

  RtlUnwind

  HeapAlloc

  IsProcessorFeaturePresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  Sleep

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetModuleHandleW

  GetProcAddress

  LCMapStringW

  GetLocaleInfoW

  GetUserDefaultLCID

  EnumSystemLocalesW

  IsDebuggerPresent

  GetProcessHeap

  ExitProcess

  GetModuleHandleExW

  GetCurrentThreadId

  GetStdHandle

  GetFileType

  GetModuleFileNameA

  WriteFile

  GetModuleFileNameW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  GetACP

  GetOEMCP

  HeapReAlloc

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  LoadLibraryExW

  user32

  GetMenuItemInfoW

  GetMonitorInfoA

  SetScrollPos

  DefDlgProcA

  GetMonitorInfoW

  mouse_event

  GetIconInfo

  advapi32

  QueryServiceConfigW

  ConvertToAutoInheritPrivateObjectSecurity

  SetSecurityDescriptorSacl

  RegisterServiceCtrlHandlerW

  GetSidLengthRequired

  RegOpenKeyExW

  RegConnectRegistryW

  CreatePrivateObjectSecurity

  NotifyChangeEventLog

  StartServiceA

  RegSaveKeyW

  ObjectDeleteAuditAlarmW

  RegDeleteKeyA

  CreateServiceA

  RegQueryValueExA

  AccessCheckByTypeResultListAndAuditAlarmA

  EnumServicesStatusA

  RegisterEventSourceA

  InitiateSystemShutdownW

  Sections

  .text

  Size: 106KB - Virtual size: 105KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 37KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 61KB - Virtual size: 74.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ