General

Malware Config

Signatures

Files

• 736ed419c85bcf204c3a391aaec1b6804afb067a9996b015b8a0e73abeb84749

  .dll windows x86

  5615766573b5188c8f33402f8974343d

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualAllocEx

  GetModuleHandleW

  InitializeCriticalSection

  DeleteCriticalSection

  WriteFile

  FlushFileBuffers

  DeleteFileW

  GetFileSizeEx

  GetFullPathNameW

  OutputDebugStringA

  FileTimeToSystemTime

  MultiByteToWideChar

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetFileAttributesW

  FindNextFileW

  ExpandEnvironmentStringsW

  SetFilePointerEx

  GetDiskFreeSpaceExW

  FindClose

  GetWindowsDirectoryW

  FindFirstVolumeW

  QueryDosDeviceW

  FindNextVolumeW

  GetVolumePathNamesForVolumeNameW

  FindVolumeClose

  GlobalMemoryStatusEx

  GetSystemTimes

  QueryPerformanceCounter

  GetEnvironmentStringsW

  GetOEMCP

  IsValidCodePage

  ReadFile

  GetProcAddress

  LocalFree

  GetCurrentProcess

  GetProcessHeap

  HeapAlloc

  HeapFree

  GetLongPathNameW

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  HeapSize

  GetFileTime

  CloseHandle

  WaitForSingleObjectEx

  SetEvent

  CreateEventA

  CreateFileW

  OpenProcess

  WideCharToMultiByte

  GetLastError

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  SetStdHandle

  WriteConsoleW

  ReadConsoleW

  FindFirstFileExW

  FormatMessageW

  EncodePointer

  DecodePointer

  RaiseException

  GetStringTypeW

  QueryPerformanceFrequency

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  FormatMessageA

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  FreeLibrary

  LoadLibraryExA

  InitializeSListHead

  RtlCaptureContext

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  InterlockedPushEntrySList

  LoadLibraryExW

  HeapReAlloc

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameW

  GetStdHandle

  GetCommandLineA

  GetCommandLineW

  GetACP

  GetFileType

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetConsoleCP

  GetConsoleMode

  SetThreadAffinityMask

  ScrollConsoleScreenBufferW

  BuildCommDCBW

  TryEnterCriticalSection

  FillConsoleOutputAttribute

  ReadDirectoryChangesW

  SetConsoleOutputCP

  GetEnvironmentVariableA

  WriteProfileSectionA

  SetHandleCount

  ReleaseSemaphore

  CreateProcessA

  IsSystemResumeAutomatic

  LocalHandle

  SetProcessAffinityMask

  LoadLibraryW

  LoadLibraryA

  LocalAlloc

  GetTickCount

  GetModuleHandleA

  RtlUnwind

  GetStartupInfoA

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  user32

  CountClipboardFormats

  GetListBoxInfo

  GetCapture

  ShowCaret

  PaintDesktop

  GetDesktopWindow

  IsCharAlphaNumericW

  GetShellWindow

  CreatePopupMenu

  IsCharAlphaW

  GetDoubleClickTime

  IsCharUpperW

  GetForegroundWindow

  CharUpperW

  OemKeyScan

  GetCaretBlinkTime

  GetMenuContextHelpId

  IsCharLowerA

  VkKeyScanW

  IsClipboardFormatAvailable

  LoadIconA

  GetOpenClipboardWindow

  GetLastActivePopup

  GetClassInfoExW

  RegisterClassExW

  GetPropW

  EnumDisplayDevicesW

  IsDlgButtonChecked

  SendMessageTimeoutA

  EnumDesktopsW

  SetWindowTextA

  LookupIconIdFromDirectory

  SetWindowsHookExA

  GetSysColor

  EnumDesktopWindows

  ChangeDisplaySettingsExA

  CreateIconFromResourceEx

  gdi32

  GetStockObject

  BeginPath

  DeleteDC

  GetLayout

  CreateMetaFileW

  EndPage

  CloseEnhMetaFile

  CreateSolidBrush

  SaveDC

  GetStretchBltMode

  PathToRegion

  GetTextCharset

  GetBoundsRect

  GdiIsMetaPrintDC

  GdiEntry12

  advapi32

  RegOpenKeyA

  CryptReleaseContext

  CryptGenRandom

  CryptAcquireContextW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  shell32

  SHGetFolderPathW

  SHPathPrepareForWriteA

  ShellHookProc

  SHGetSpecialFolderPathW

  ExtractIconA

  SHCreateProcessAsUserW

  SHGetSettings

  SHGetSpecialFolderLocation

  SHQueryRecycleBinW

  ExtractAssociatedIconExW

  SHGetSpecialFolderPathA

  ole32

  CoInitializeEx

  CoUninitialize

  shlwapi

  PathFindFileNameW

  StrStrW

  StrRChrW

  Sections

  .text

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text3

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text2

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 573B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 860B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ