General

Malware Config

Signatures

Files

• 5ab98faf88452985b5e7ac5ccb0ab00b6dd36c95bfe088cf4b5d0f9608d713c7

  .dll windows x86

  bc9eea6f7f9753527c369d8156ff0c59

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  FreeLibrary

  SetEvent

  CloseHandle

  GetLastError

  WaitForSingleObject

  InterlockedIncrement

  InterlockedDecrement

  lstrcmpiW

  GetModuleFileNameW

  EnterCriticalSection

  LeaveCriticalSection

  MultiByteToWideChar

  SizeofResource

  LoadResource

  FindResourceW

  LoadLibraryExW

  GetCommandLineW

  GetCurrentThreadId

  GetCurrentProcessId

  InterlockedExchange

  Sleep

  InterlockedCompareExchange

  GetStartupInfoW

  SetUnhandledExceptionFilter

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  GetProcAddress

  LoadLibraryW

  GetTickCount

  DeleteCriticalSection

  GetModuleHandleW

  OutputDebugStringW

  CreateThread

  ResetEvent

  CreateEventW

  WaitForMultipleObjects

  lstrlenW

  RaiseException

  InitializeCriticalSection

  OpenProcess

  GetACP

  GetLocaleInfoA

  GetThreadLocale

  GetVersionExA

  GetCommandLineA

  GlobalUnlock

  TerminateJobObject

  GetConsoleWindow

  TerminateThread

  GlobalFlags

  GetProcessHeaps

  FatalExit

  AddConsoleAliasW

  IsDBCSLeadByteEx

  SetHandleInformation

  IsValidLanguageGroup

  SetCommState

  LocalFree

  SetFileApisToANSI

  DeleteTimerQueueEx

  FillConsoleOutputCharacterA

  ReplaceFileW

  GetProcessPriorityBoost

  ChangeTimerQueueTimer

  SetFileTime

  CreateSemaphoreA

  SetCommBreak

  RequestDeviceWakeup

  _hread

  GetFileInformationByHandle

  lstrcmpA

  GetCurrencyFormatW

  EnumResourceLanguagesA

  ClearCommBreak

  IsProcessorFeaturePresent

  WaitForMultipleObjectsEx

  InitializeSListHead

  CreateProcessW

  GetModuleHandleA

  VirtualAllocEx

  user32

  SetMenuDefaultItem

  AppendMenuW

  CreatePopupMenu

  LoadBitmapW

  SetRect

  GetWindowRect

  GetClientRect

  GetDC

  UnregisterClassA

  PostMessageW

  SendMessageW

  DestroyIcon

  GetCursorPos

  CharNextW

  PostThreadMessageW

  PtInRect

  ReleaseDC

  IsWindowVisible

  SetTimer

  KillTimer

  GetDesktopWindow

  RegisterWindowMessageW

  GetKeyState

  LoadImageW

  SetForegroundWindow

  IsWindow

  VkKeyScanW

  GetWindowTextLengthW

  IsDialogMessageW

  TrackPopupMenu

  GetScrollRange

  GetActiveWindow

  DrawAnimatedRects

  MapVirtualKeyA

  UnregisterDeviceNotification

  LoadIconA

  CharNextA

  GetMenuContextHelpId

  GetLastActivePopup

  GetWindowTextLengthA

  IsClipboardFormatAvailable

  GetListBoxInfo

  GetInputState

  IsCharLowerW

  IsMenu

  IsCharUpperA

  GetCapture

  CountClipboardFormats

  GetOpenClipboardWindow

  OpenIcon

  CharUpperW

  GetClipboardData

  LoadCursorFromFileW

  GetKeyboardLayout

  CloseWindowStation

  GetClipboardSequenceNumber

  GetMenuCheckMarkDimensions

  IsCharAlphaNumericA

  GetMessageTime

  PaintDesktop

  GetParent

  GetSystemMetrics

  gdi32

  GetTextExtentPoint32W

  GetStockObject

  RealizePalette

  GetEnhMetaFileW

  GetEnhMetaFileBits

  StrokePath

  DeleteEnhMetaFile

  CloseMetaFile

  GetTextCharset

  DeleteObject

  GetStretchBltMode

  CreateSolidBrush

  GetObjectType

  CancelDC

  CreatePatternBrush

  GetColorSpace

  CloseEnhMetaFile

  CreateHalftonePalette

  FlattenPath

  advapi32

  RegQueryInfoKeyW

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  RegNotifyChangeKeyValue

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegEnumKeyExW

  RegOpenKeyA

  shell32

  Shell_NotifyIconW

  ShellExecuteW

  SHGetPathFromIDListA

  DragQueryPoint

  DoEnvironmentSubstA

  SHGetPathFromIDListW

  SHGetPathFromIDList

  SHGetSpecialFolderLocation

  SHGetIconOverlayIndexW

  DuplicateIcon

  DragFinish

  SHBrowseForFolder

  ExtractIconExW

  SHCreateDirectoryExA

  SHGetSpecialFolderPathW

  CommandLineToArgvW

  FindExecutableW

  ExtractAssociatedIconA

  SHFreeNameMappings

  SHIsFileAvailableOffline

  SHBrowseForFolderW

  DragQueryFile

  SHFileOperationA

  SHLoadNonloadedIconOverlayIdentifiers

  SHCreateDirectoryExW

  SHInvokePrinterCommandW

  SHGetDesktopFolder

  ShellHookProc

  SHGetFolderPathW

  ole32

  OleInitialize

  StringFromGUID2

  CoCreateInstance

  CoUninitialize

  CoTaskMemFree

  CoRevokeClassObject

  CoTaskMemRealloc

  CoTaskMemAlloc

  CoRegisterClassObject

  shlwapi

  StrRChrW

  StrRChrA

  StrRChrIA

  StrRChrIW

  StrRStrIW

  StrCmpNA

  Sections

  .text10

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text8

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text7

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text6

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text5

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text4

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text3

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text2

  Size: 512B - Virtual size: 300B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .text

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ