General

Malware Config

Signatures

Files

• 2d2eebc4d408c5f261c8cd130246bca1736376a5b434f422033ff02566354da6

  .exe windows x86

  3bbd7f6ced894d80d7e269bb1114f305

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  PostQuitMessage

  ShutdownBlockReasonCreate

  DefWindowProcA

  MessageBoxW

  AdjustWindowRect

  ShutdownBlockReasonDestroy

  RegisterClassExW

  CreateWindowExW

  CloseWindow

  wsprintfW

  GetForegroundWindow

  GetMessageA

  TranslateMessage

  DispatchMessageA

  ReleaseDC

  EnumChildWindows

  DeferWindowPos

  DestroyWindow

  AnimateWindow

  gdi32

  DeleteObject

  SetPixel

  SelectPalette

  GetDeviceCaps

  SetPaletteEntries

  kernel32

  LocalAlloc

  ReadFile

  CloseHandle

  WriteFile

  DeviceIoControl

  OpenMutexW

  CreateMutexW

  lstrlenA

  VirtualAlloc

  GetModuleHandleA

  LoadLibraryA

  CreateFileW

  WaitForSingleObject

  lstrcpyA

  HeapAlloc

  lstrcatA

  GetProcAddress

  OutputDebugStringW

  GetTickCount

  TlsGetValue

  TlsSetValue

  lstrcatW

  ExitThread

  GetFileSize

  ExitProcess

  VirtualFree

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  GetModuleHandleW

  GetSystemDirectoryW

  CreateProcessW

  GetShortPathNameW

  CreateFileA

  Sleep

  GetCurrentProcessId

  VirtualQuery

  VirtualProtect

  IsBadReadPtr

  FreeLibrary

  lstrcmpA

  UnmapViewOfFile

  lstrcmpiW

  lstrlenW

  lstrcpyW

  MoveFileExW

  FindFirstFileW

  lstrcmpW

  FindNextFileW

  FindClose

  CreateThread

  WaitForMultipleObjects

  GetDriveTypeW

  GetTickCount64

  SetThreadExecutionState

  IsProcessorFeaturePresent

  SetFilePointerEx

  CreateFileMappingW

  MapViewOfFile

  GetCurrentProcess

  LocalFree

  GetUserDefaultUILanguage

  InitializeCriticalSection

  DeleteCriticalSection

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  TerminateThread

  GlobalAlloc

  GlobalFree

  Beep

  GetWindowsDirectoryA

  MoveFileExA

  GetVersionExA

  ExpandEnvironmentStringsW

  GetLastError

  GetFileSizeEx

  advapi32

  EncryptionDisable

  AreAllAccessesGranted

  LookupAccountSidW

  LsaFreeMemory

  CryptDecrypt

  CryptEncrypt

  CryptImportKey

  GetSidSubAuthority

  GetSidSubAuthorityCount

  CryptReleaseContext

  CryptDestroyKey

  LsaCreateTrustedDomainEx

  CryptExportKey

  CryptGenKey

  CryptAcquireContextW

  CryptGenRandom

  LsaClose

  LsaAddAccountRights

  EqualDomainSid

  InitializeSecurityDescriptor

  LsaQueryTrustedDomainInfo

  shell32

  ShellExecuteExW

  SHGetFolderPathW

  secur32

  LsaConnectUntrusted

  netapi32

  DsRoleFreeMemory

  DsRoleGetPrimaryDomainInformation

  shlwapi

  StrStrW

  StrToIntA

  mpr

  WNetCloseEnum

  WNetAddConnection2W

  WNetEnumResourceW

  WNetOpenEnumW

  ws2_32

  WSAGetLastError

  shutdown

  closesocket

  connect

  htons

  inet_pton

  inet_addr

  WSACleanup

  socket

  WSAStartup

  inet_ntoa

  gethostbyname

  recv

  send

  wininet

  HttpOpenRequestA

  InternetReadFile

  InternetCloseHandle

  HttpQueryInfoA

  HttpSendRequestA

  InternetConnectA

  InternetCrackUrlA

  InternetOpenA

  crypt32

  CryptBinaryToStringA

  CryptStringToBinaryA

  ole32

  CoCreateInstance

  CoInitializeEx

  CoUninitialize

  Sections

  .text

  Size: 220KB - Virtual size: 219KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 62KB - Virtual size: 62KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 65KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE