General

Malware Config

Signatures

Files

• 3316277e7a7f52c5947328ac52fad225295b8c17ddc71bcd0d03cdac6d292894

  .exe windows x86

  73a02fe1ac361a541df5e4b784daccef

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSACleanup

  version

  GetFileVersionInfoSizeW

  winmm

  mciSendStringW

  comctl32

  ImageList_DragMove

  mpr

  WNetGetConnectionW

  wininet

  InternetCloseHandle

  psapi

  GetProcessMemoryInfo

  iphlpapi

  IcmpCloseHandle

  userenv

  DestroyEnvironmentBlock

  uxtheme

  IsThemeActive

  kernel32

  GetVersionExW

  WriteProcessMemory

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  MessageBeep

  gdi32

  SetBkMode

  comdlg32

  GetOpenFileNameW

  advapi32

  RegSetValueExW

  shell32

  SHCreateShellItem

  ole32

  OleInitialize

  oleaut32

  RegisterTypeLi

  Exports

  Exports

  K�� ��v�K����������1}�X�{�2�w<D)J� ���P�"��EY�>�g@�y4���|Ą��Hr� @�th�v�4G���q�ѐ߷���X%��gANG�eJN؃�h���^ڟ4�J�Ah�@�1��v[���7w�xfY���3U�W4����E���$��*����'(<�}��������]�V���(ŵF\߽�5�%�ik��u�`��K�7Y*���>0�X3������N]
  �;�gW2P�7G(",W���<��yY�nO8Ÿ�Hu��W�:��G���ӷ��H����/U�M�A��ӓ1��Ug�8�@iV�ȉQ��#!����|��=�#3�+=���|!r->��t���Ȏ��N� d��!��8H�S�4i���_Xr�!��e�U�G�U:��M阌)E�W_�����S�XP���k����C�����Ƒb����\�؍ �f������E�V+p�$Fo�7����ģ���"-��`Ÿ ��X�� �ȿ�����/�]����Zbo�fjۺ�?�������i�8m��VQ�q\��v�y{c���( u<���gj�Z�sֱ�S&��Ǔr�y^�$��}���I��}R=50g#�H˘�4���D�p�:7'P�|�X��@�H�3�SD��B���S)q:��)F}26ػ�%�j���r�&�R���N�� �b�Mn��pV�\��9� ��<���P�ƚ5�3��o�J���+��8 ݊��A�v�ݫ�`�/�����>����F ǧm
  ��q�e
  �� Pv���Ӗy�*z ^,%�8���'�Y���do꨻Iy���.�b��}�`���y��Q���k���Zg��H�fN+����?K�w8v�F��@��I�6��ߐ q���v�-�r2�#7D�<�j���#��Tp5�v?��O��NFh��J'#B��t�B�E;HtG]��u�:ZՌ4���H~�I���T�i2a)9�SC����̘&����}�3ӣ��3��1�{#�����/,�h)T��z:�ٝ����J�iAR������$׽�Nv^I�J�F���,���ߣ1�� �&8, �Į��mCF},'��o��|��b�9��zl�R)�murئ����@j;���@�C������4�H �>t���{��=����.��:%���ȼ�HEZ��bIT�7����W�M��E:_�_J;�*Bp.�Z ��fp�B{��j��ҁ��A,z%�E}���³���0eSۦ ���dKq�%�P���1�G�����N��dx���c���k��-�1�*X�[]�݉X���KI���S��v�ã�=��'$@|�e@3^_ +a��;ֈ�?}䝖��Ű(+�/�v����D��yl2�b$/$���eD��{:���<�?X�&�F��k R(x��i��'0�]U7LH�(Q���s0��]�����ׁ����ɓ̔�zW�d�-�:���C�ń2��
  #dkO 2��f&�6=����4#0���aW�>1�E�w
  �����Ng\�6@Ƈ���Xg�x�6J�ą����;tc7�zSDNi��p�e����m�����в�o ��:����b������,yUe�?�� ݉?��Pk����1��mp��m��J5z{y���fG˂��j�)�Ф J�<��N!�rm���{�J4� �C�U�����H{^\ť>q����+�%>_a�}��������v;�4Q,�}k��t�U��"Lo�I((�_��b�@�#�b�7:S'��n2��&�8@9�팲!O>@�PX��Kt���Ujzl<Ḏ�*�Z1@��dWy� ����:�{� ��ʶ��'!��gz'9V2i�¹\��6�g_U���"�E!�Q<��3��;�8+�aoY�-�����Dk6T�i�?Q�}lY�vpD��`�*���H����w���Yϫ�zuL��W%s��H����!����==�M9`����L�m�pX�.s��������!؅����!�tr�~ L�������e����)�u��S�,5E�|�p�b��d%&~�[͚���%m���w$��)->="�[W�*�P��C����v��+�g+Ʃ�%/&xK�^��&�CJ�Ȣ��_����j���������S��_r��-�2������4/ (�h��j�����H}Q�m�'�iAY���Lj�b�3���Ϡ�����;G� 8l�����S�@Y�&���8�fh���Ҡx�����8'O_D����ܗ�*�"Bk�t����xH�62��wH&/c�O��m�z�]���]'Ν>�ҟ�����K�,�U����@�S�N=�.�,H���}�Hx-l��ϋ�1f��!�v<��R9��h+��?͘`�A��y��O�J�Ƚ�)�>K��#>�@)M;��V��׆S������xm�f��J�7�edmΛ���5�n�wr �X ��������>G�Ȥ�!N�,���C��%ƒ���l�9����8�����@&I�e��v��dmaX0��X|��S:;��{l1@�iF�I�a n8dn�����H��Za!�N][;a��������k��؋�I���<�լ��d=$�N�u] E�7�lF'��ۄm��m���m��"�/�.�-�� (y���� yl��.*Pa�y���8�%~/�(���#`�T�v��r�9�C!�.����W�P_�.��:��Y�����=�~t{�gnب��
  2&I.F�ũ�jZ�|�a��&L� ~nw*1D�r�Y�+�C���d}ZK��֑�(K���Wc�"w��3aiT�t�I�D�*��00�Xt�ԥA ݙ���@��/�����|#
  w�Sv�� Ȼ�� G��G��%8�<�EW���|];�rۣ����?q��?�Z���ZNs����zN����S�����tZ;d=:�f���Hǀ@�p��3���z(��ov<����X׵p,�Y�1e�-c���*�1���(�켆)�!:�=qS���)�sW_��w��p�� �,��)r-�I =�̯m�-Xb6�������aR�v6�I���Ǯ�{��2'm�����l��c���]P��ӅK2\f��w�"ɓ�<6y�B�:���[�B��s/��W�K�,

  Sections

  .text

  Size: - Virtual size: 567KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 191KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 15.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 16.1MB - Virtual size: 16.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 416B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ