General

Malware Config

Signatures

Files

• 5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e

  .dll windows x86

  4307af9dbf14b4fa0254e155fff876d5

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  lstrcpyW

  lstrcmpW

  WritePrivateProfileStringW

  WinExec

  WideCharToMultiByte

  TerminateProcess

  SearchPathW

  OpenProcess

  LoadLibraryW

  GetWindowsDirectoryW

  GetSystemDirectoryW

  GetProcAddress

  GetPrivateProfileStringW

  GetLastError

  GetFileAttributesW

  GetCurrentProcessId

  GetCurrentProcess

  GetACP

  FreeLibrary

  ExpandEnvironmentStringsW

  ExitProcess

  CloseHandle

  Sleep

  GetLongPathNameW

  GetStartupInfoA

  GetModuleHandleA

  GetProfileIntA

  LoadLibraryA

  lstrcatA

  GetTempPathA

  GlobalUnlock

  GlobalLock

  GlobalFlags

  GlobalFree

  GlobalAlloc

  GetVersion

  GlobalSize

  lstrcmpA

  VirtualAllocEx

  SetErrorMode

  user32

  DestroyAcceleratorTable

  SendMessageCallbackA

  OpenWindowStationA

  DrawTextA

  DlgDirSelectExW

  CheckMenuItem

  SendNotifyMessageW

  EnumDisplayMonitors

  TrackPopupMenu

  DdeUninitialize

  MonitorFromWindow

  IMPGetIMEA

  ToAscii

  GetDesktopWindow

  ExitWindowsEx

  SendNotifyMessageA

  EnumPropsExA

  DialogBoxIndirectParamW

  SetWindowTextA

  SetSystemCursor

  SetThreadDesktop

  TranslateAcceleratorA

  FindWindowW

  GetIconInfo

  ScrollWindow

  EndTask

  DdeNameService

  wsprintfA

  TranslateAccelerator

  GetInputState

  DdeDisconnectList

  SetRectEmpty

  BeginDeferWindowPos

  BroadcastSystemMessageA

  GetClipboardViewer

  DrawStateA

  CreateWindowExA

  GetSystemMenu

  ChangeMenuA

  DefWindowProcA

  PostQuitMessage

  RegisterClassA

  DdeGetData

  DdeCmpStringHandles

  DdePostAdvise

  LoadCursorA

  LoadIconA

  ShowWindow

  GetMessageA

  DispatchMessageA

  TranslateMessage

  PostMessageA

  RegisterWindowMessageA

  DdeCreateDataHandle

  DdeCreateStringHandleA

  DdeFreeStringHandle

  DdeGetLastError

  DdeInitializeA

  DdeDisconnect

  PeekMessageA

  gdi32

  GetStockObject

  StrokePath

  PathToRegion

  advapi32

  OpenProcessToken

  LookupAccountSidW

  GetUserNameW

  GetTokenInformation

  StartServiceW

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  CloseServiceHandle

  RegQueryValueExA

  shell32

  SHGetFileInfoA

  SHGetMalloc

  Shell_NotifyIconW

  SHBrowseForFolder

  SHGetIconOverlayIndexA

  SHEmptyRecycleBinW

  SHChangeNotify

  ExtractIconA

  ExtractIconExW

  CommandLineToArgvW

  SHGetDiskFreeSpaceA

  SHInvokePrinterCommandW

  SHGetIconOverlayIndexW

  SHGetDiskFreeSpaceExW

  DuplicateIcon

  SHGetSpecialFolderLocation

  ole32

  CoCreateInstance

  CoUninitialize

  CoInitialize

  shlwapi

  StrChrA

  StrRChrIA

  StrChrW

  Sections

  .text

  Size: 53KB - Virtual size: 53KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 251KB - Virtual size: 250KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 19KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 162KB - Virtual size: 162KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ