General

Malware Config

Signatures

Files

• ae32afd2b186415adad6cf452334a8daf1e2a5f918772dc8b178629b0bc5921b

  .exe windows x86

  d46241f8ac1e688b9e6ceed427a5f369

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  HeapCreate

  HeapDestroy

  HeapAlloc

  WaitForSingleObject

  CreateEventA

  GetCurrentProcess

  GetSystemTime

  GetLocalTime

  GetTickCount

  WaitForMultipleObjects

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GetTimeZoneInformation

  GetDateFormatA

  MultiByteToWideChar

  WideCharToMultiByte

  GetACP

  GetSystemDefaultLangID

  K32QueryWorkingSet

  ReadFile

  SetEndOfFile

  CreateFileW

  WriteConsoleW

  RemoveDirectoryA

  FlushFileBuffers

  SetStdHandle

  GetStringTypeW

  OutputDebugStringW

  HeapReAlloc

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  QueryPerformanceCounter

  GetModuleFileNameA

  GetFileType

  GetProcessHeap

  GetCurrentThreadId

  GetCurrentThread

  GetConsoleMode

  GetConsoleCP

  CloseHandle

  GetFileSizeEx

  GetFileAttributesA

  FindVolumeClose

  FindNextVolumeW

  FindFirstVolumeW

  SetFilePointerEx

  CompareFileTime

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  LoadLibraryExW

  FreeLibrary

  SetConsoleCtrlHandler

  GetModuleFileNameW

  WriteFile

  GetStdHandle

  ReadConsoleW

  FatalAppExitA

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  IsDebuggerPresent

  IsProcessorFeaturePresent

  ExitProcess

  GetModuleHandleExW

  GetProcAddress

  AreFileApisANSI

  RaiseException

  RtlUnwind

  GetCommandLineA

  HeapFree

  HeapSize

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  Sleep

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetModuleHandleW

  CreateSemaphoreW

  EnterCriticalSection

  LeaveCriticalSection

  user32

  SendMessageA

  IsHungAppWindow

  PtInRect

  GetAncestor

  ArrangeIconicWindows

  GetWindow

  GetLastActivePopup

  GetWindowThreadProcessId

  EnumWindows

  GetShellWindow

  SetParent

  GetDesktopWindow

  IsChild

  SetClassWord

  GetWindowLongA

  GetProcessDefaultLayout

  GetCaretBlinkTime

  GetCursorPos

  GetWindowTextA

  UpdateWindow

  GetMenuItemRect

  GetMenuItemInfoA

  GetSystemMetrics

  IsWindowUnicode

  KillTimer

  GetQueueStatus

  GetClipboardFormatNameA

  IsZoomed

  BringWindowToTop

  IsWindowVisible

  advapi32

  GetNamedSecurityInfoA

  RegOpenKeyExA

  RegCloseKey

  GetSidLengthRequired

  GetSidIdentifierAuthority

  ConvertStringSidToSidA

  shell32

  SHBindToParent

  SHGetFolderLocation

  ole32

  StringFromCLSID

  CoTaskMemFree

  CoInitialize

  oleaut32

  LoadTypeLi

  VariantInit

  SysAllocStringLen

  VariantChangeType

  Sections

  .text

  Size: 267KB - Virtual size: 267KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 262KB - Virtual size: 261KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ