General

Malware Config

Signatures

Files

• b2da3dde57be906997e05ae0c488c94d8d4a8434d11c284d6ff748b1096d8ed4

  .exe windows x86

  948c85e2086993e4c021b4e756c3fe9c

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAlloc

  GetModuleHandleW

  ExitProcess

  SetFilePointer

  FileTimeToDosDateTime

  FileTimeToLocalFileTime

  SetErrorMode

  SetCurrentDirectoryA

  GetModuleFileNameA

  CloseHandle

  CreateThread

  LocalFree

  FormatMessageA

  LocalAlloc

  GetCurrentProcess

  GetProcAddress

  GetModuleHandleA

  GetLastError

  CreateMutexA

  GetVersionExA

  GetVersion

  LoadLibraryA

  DeleteCriticalSection

  WaitForSingleObject

  lstrlenA

  lstrcmpiA

  LeaveCriticalSection

  GetFileAttributesA

  CreateFileA

  GetCurrentDirectoryA

  InitializeCriticalSection

  lstrcpyA

  HeapFree

  HeapAlloc

  SetLastError

  GetDiskFreeSpaceA

  CopyFileA

  CreateDirectoryA

  GetSystemDirectoryA

  GetWindowsDirectoryA

  GetEnvironmentVariableA

  lstrcpynA

  DeleteFileA

  SetFileAttributesA

  lstrcatA

  WideCharToMultiByte

  lstrlenW

  MultiByteToWideChar

  GetDriveTypeA

  ExpandEnvironmentStringsA

  FreeLibrary

  LoadLibraryExA

  DeviceIoControl

  TerminateProcess

  OpenProcess

  FindClose

  FindNextFileA

  FindFirstFileA

  CreateProcessA

  lstrcmpA

  SetEvent

  CreateEventA

  ResetEvent

  WriteFile

  SetCommState

  GetCommState

  SetCommTimeouts

  ReadFile

  ExitThread

  WaitForMultipleObjects

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoA

  GetProcessHeap

  DebugBreak

  IsDBCSLeadByte

  UnmapViewOfFile

  OpenFileMappingA

  CreateFileMappingA

  MapViewOfFile

  GetTempFileNameA

  GetTempPathA

  EnterCriticalSection

  GetFileInformationByHandle

  UnregisterWaitEx

  GetCompressedFileSizeA

  VerSetConditionMask

  WritePrivateProfileStructW

  SetConsoleTextAttribute

  ReadProcessMemory

  CreateConsoleScreenBuffer

  FlushInstructionCache

  CompareStringA

  GetSystemDefaultLangID

  SizeofResource

  LoadResource

  FindResourceA

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  LCMapStringW

  LCMapStringA

  OutputDebugStringA

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  Sleep

  HeapSize

  HeapCreate

  HeapDestroy

  GetStdHandle

  GetStringTypeW

  GetStringTypeA

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  IsDebuggerPresent

  GetCommandLineA

  VirtualQuery

  GetSystemInfo

  VirtualProtect

  HeapReAlloc

  RtlUnwind

  GetThreadLocale

  GetLocaleInfoA

  GetACP

  InterlockedExchange

  VirtualFree

  IsProcessorFeaturePresent

  InterlockedIncrement

  GetFileSize

  InterlockedDecrement

  RaiseException

  CreateRemoteThread

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  InterlockedCompareExchange

  user32

  LoadIconW

  LoadCursorFromFileW

  GetAsyncKeyState

  GetForegroundWindow

  GetKeyboardLayout

  GetDC

  GetSystemMetrics

  GetDlgCtrlID

  GetListBoxInfo

  GetThreadDesktop

  ShowCaret

  DestroyWindow

  GetClipboardViewer

  GetTopWindow

  CharLowerA

  LoadIconA

  GetClientRect

  CopyRect

  IsWindow

  InvalidateRect

  GetSysColor

  SendDlgItemMessageA

  SetFocus

  SetWindowLongA

  RedrawWindow

  LoadImageA

  EnumChildWindows

  GetWindowLongA

  GetWindowRect

  ScreenToClient

  SetWindowPos

  ShowWindow

  SystemParametersInfoA

  ReleaseDC

  wsprintfA

  GetParent

  PostMessageA

  DialogBoxParamA

  EnableWindow

  EndDialog

  GetDlgItem

  SetTimer

  FindWindowA

  RegisterClassExA

  LoadStringA

  MessageBoxA

  CreateWindowExA

  GetMessageA

  TranslateMessage

  DispatchMessageA

  SendMessageA

  SetForegroundWindow

  EnumThreadWindows

  PostQuitMessage

  DefWindowProcA

  ExitWindowsEx

  GetWindowModuleFileNameA

  DdeAbandonTransaction

  GetCursor

  DdeFreeStringHandle

  RemovePropA

  DlgDirSelectComboBoxExW

  DrawMenuBar

  PaintDesktop

  RegisterClassExW

  CascadeChildWindows

  SendMessageTimeoutA

  UnhookWindowsHookEx

  SetClassLongA

  GetLastInputInfo

  RegisterDeviceNotificationW

  CloseWindowStation

  DdeClientTransaction

  ToAsciiEx

  GetTabbedTextExtentA

  DdeAddData

  GetClipboardData

  CreateDialogIndirectParamW

  VkKeyScanW

  SetSystemCursor

  SetWindowTextA

  UpdateLayeredWindow

  CheckMenuRadioItem

  AppendMenuW

  UnpackDDElParam

  LoadAcceleratorsA

  SetWindowsHookExW

  DlgDirListComboBoxA

  CreateDesktopA

  DeleteMenu

  WaitForInputIdle

  CharNextA

  GetWindowTextA

  GetWindowTextLengthA

  GetDlgItemTextA

  CallWindowProcA

  CreateDialogParamA

  PeekMessageA

  GetFocus

  GetCapture

  ReleaseCapture

  EndPaint

  BeginPaint

  GetCursorPos

  SetCursor

  DrawFocusRect

  FillRect

  PtInRect

  UnregisterClassA

  SetCapture

  IsWindowEnabled

  UpdateWindow

  GetClassNameA

  LoadCursorA

  SetRectEmpty

  IsDialogMessageA

  OffsetRect

  DrawTextA

  GetWindow

  MapWindowPoints

  SetDlgItemTextA

  gdi32

  GetStockObject

  UnrealizeObject

  CreateMetaFileA

  CreatePatternBrush

  GetPolyFillMode

  DeleteDC

  FillPath

  GetDeviceCaps

  CreateFontIndirectA

  AddFontResourceA

  GetCharacterPlacementA

  GetRgnBox

  DeleteEnhMetaFile

  EnumFontFamiliesExW

  UpdateICMRegKeyA

  GetTextExtentPointW

  GdiIsMetaPrintDC

  GetObjectW

  Polygon

  SetTextColor

  SetBkMode

  SelectObject

  GetObjectA

  DeleteObject

  comdlg32

  GetOpenFileNameA

  advapi32

  RegOpenKeyA

  RegQueryValueExA

  LookupPrivilegeValueA

  OpenProcessToken

  LookupAccountSidA

  GetTokenInformation

  FreeSid

  EqualSid

  AllocateAndInitializeSid

  RegCloseKey

  RegEnumKeyA

  RegQueryValueA

  RegEnumKeyExA

  RegSetValueExA

  AdjustTokenPrivileges

  RegOpenKeyExA

  RegDeleteKeyA

  RegQueryInfoKeyA

  RegCreateKeyExA

  RegDeleteValueA

  shell32

  SHGetPathFromIDListA

  SHGetMalloc

  SHGetDesktopFolder

  SHGetFileInfoA

  SHBrowseForFolderA

  SHGetSpecialFolderLocation

  DragQueryFileAorW

  SHIsFileAvailableOffline

  DragFinish

  WOWShellExecute

  SHGetFileInfo

  SHEmptyRecycleBinW

  SHFormatDrive

  SHFileOperationW

  SHCreateProcessAsUserW

  SHGetSettings

  ShellExecuteW

  ExtractIconExA

  SHGetIconOverlayIndexW

  ShellExecuteEx

  SHGetPathFromIDList

  ShellExecuteA

  ole32

  OleUninitialize

  OleInitialize

  CoInitialize

  CoTaskMemAlloc

  CoTaskMemFree

  CoCreateInstance

  CLSIDFromString

  CoUninitialize

  CoTaskMemRealloc

  shlwapi

  StrChrIA

  SHGetValueA

  PathIsDirectoryA

  StrDupA

  PathCombineA

  StrCmpNIA

  PathIsRootA

  PathAppendA

  StrCmpNW

  StrStrW

  StrChrIW

  StrStrA

  StrRChrW

  StrRChrA

  PathFileExistsA

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  Sections

  .text

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 201B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 131KB - Virtual size: 131KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ