General

Malware Config

Signatures

Files

• 68c10d8335d8515cc952b60337da2d61f4d20f6e4309764d2a08c728657fca27

  .exe windows x86

  f66ed58d46d00a30090733bf9cff71ba

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateProcess

  InitializeCriticalSectionAndSpinCount

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  HeapSize

  RtlUnwind

  RaiseException

  GetSystemTimeAsFileTime

  ReadFile

  LeaveCriticalSection

  EnterCriticalSection

  HeapFree

  MultiByteToWideChar

  GetProcAddress

  DeleteCriticalSection

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  LoadLibraryExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  GetProcessHeap

  GetFileType

  SetFilePointerEx

  GetConsoleMode

  ReadConsoleW

  DeleteFileW

  MoveFileExW

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LCMapStringW

  HeapReAlloc

  OutputDebugStringW

  GetStringTypeW

  FlushFileBuffers

  GetConsoleCP

  SetStdHandle

  WriteConsoleW

  CreateFileW

  SetEndOfFile

  GetConsoleWindow

  WideCharToMultiByte

  FindFirstFileA

  CreateFileA

  OutputDebugStringA

  GetModuleHandleA

  GetModuleFileNameA

  LoadLibraryW

  LoadLibraryA

  lstrlenA

  lstrcmpA

  AreFileApisANSI

  GetModuleHandleExW

  ExitProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  DecodePointer

  EncodePointer

  FormatMessageA

  GetTickCount

  CloseHandle

  Sleep

  SetLastError

  GetLastError

  GetCurrentThreadId

  CreateThread

  GetCurrentProcessId

  GetCurrentProcess

  OpenProcess

  HeapAlloc

  LocalFree

  LocalAlloc

  GetCommandLineA

  user32

  IsWindowEnabled

  EnableWindow

  SetCapture

  GetDlgCtrlID

  GetSystemMetrics

  SetMenu

  DrawMenuBar

  SetThreadDesktop

  CreateMenu

  CreatePopupMenu

  TranslateMessage

  DispatchMessageA

  PeekMessageA

  SendMessageA

  DefWindowProcA

  PostQuitMessage

  GetDlgItemTextA

  SetDlgItemTextA

  SetProcessWindowStation

  CheckMenuItem

  EnableMenuItem

  AppendMenuA

  TrackPopupMenu

  InsertMenuItemA

  DrawIcon

  UpdateWindow

  RegisterClassA

  CreateWindowExA

  ShowWindow

  MoveWindow

  EnumDesktopsA

  GetDlgItem

  LoadIconA

  EndDialog

  OpenDesktopA

  wsprintfA

  GetSystemMenu

  GetWindowInfo

  LoadStringA

  GetDC

  LoadCursorA

  LoadBitmapA

  GetWindowThreadProcessId

  GetTopWindow

  SetWindowLongA

  GetWindowLongA

  PtInRect

  OffsetRect

  InflateRect

  SetRect

  FillRect

  MapWindowPoints

  GetCursorPos

  MessageBoxW

  MessageBoxA

  GetWindowRect

  GetWindowTextLengthA

  GetWindowTextA

  SetWindowTextA

  InvalidateRect

  GetUpdateRect

  EndPaint

  BeginPaint

  ReleaseDC

  SetWindowPos

  gdi32

  ExtTextOutA

  TextOutA

  SetAbortProc

  GetTextMetricsA

  PlayEnhMetaFile

  GetEnhMetaFileHeader

  GetEnhMetaFileA

  DeleteEnhMetaFile

  SetTextAlign

  SetTextColor

  SetBkMode

  SetDCPenColor

  SetDCBrushColor

  SelectObject

  RestoreDC

  GetStockObject

  GetDeviceCaps

  DeleteObject

  DeleteDC

  CreateSolidBrush

  CreatePen

  CreateFontIndirectA

  CreateCompatibleDC

  CreateCompatibleBitmap

  BitBlt

  comdlg32

  ChooseFontA

  ChooseColorA

  advapi32

  GetUserNameW

  GetSidSubAuthority

  GetSidSubAuthorityCount

  GetLengthSid

  InitializeAcl

  InitializeSecurityDescriptor

  DuplicateToken

  AllocateAndInitializeSid

  EqualSid

  AdjustTokenPrivileges

  GetTokenInformation

  OpenProcessToken

  LookupAccountNameA

  LookupPrivilegeValueA

  GetUserNameA

  ConvertStringSidToSidA

  GetNamedSecurityInfoA

  OpenSCManagerA

  CryptAcquireContextA

  GetCurrentHwProfileA

  ImpersonateLoggedOnUser

  LogonUserA

  GetSidIdentifierAuthority

  shell32

  SHGetDesktopFolder

  SHGetMalloc

  SHCreateDirectoryExA

  SHGetFolderPathA

  SHChangeNotify

  SHFileOperationA

  ole32

  StringFromCLSID

  CoCreateInstance

  CoTaskMemFree

  StgOpenStorage

  CoInitializeSecurity

  CoCreateGuid

  CoInitializeEx

  CLSIDFromProgID

  oleaut32

  SysAllocString

  SafeArrayPutElement

  SafeArrayCreateVector

  VariantClear

  CreateErrorInfo

  ws2_32

  __WSAFDIsSet

  accept

  bind

  closesocket

  getsockopt

  htons

  listen

  recv

  select

  socket

  WSAStartup

  WSACleanup

  WSAGetLastError

  WSASocketA

  netapi32

  NetUserGetInfo

  NetUserModalsGet

  NetApiBufferFree

  NetShareGetInfo

  msi

  ord5

  msacm32

  acmDriverOpen

  winscard

  SCardEstablishContext

  SCardListReadersA

  crypt32

  CertOpenSystemStoreA

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertEnumCertificateContextProperties

  shlwapi

  UrlHashA

  UrlCombineW

  UrlCompareW

  UrlGetPartA

  PathRemoveFileSpecA

  UrlEscapeW

  StrDupA

  StrFormatByteSizeW

  StrTrimA

  StrRetToBufA

  PathAppendA

  UrlGetLocationA

  comctl32

  ImageList_DragEnter

  ImageList_BeginDrag

  ImageList_LoadImageA

  ord17

  ImageList_Create

  ImageList_Destroy

  ImageList_ReplaceIcon

  ImageList_GetBkColor

  ImageList_Draw

  pdh

  PdhCollectQueryData

  secur32

  AcceptSecurityContext

  AcquireCredentialsHandleA

  winhttp

  WinHttpOpen

  uxtheme

  GetThemeSysColor

  DrawThemeBackground

  CloseThemeData

  OpenThemeData

  authz

  AuthzInitializeContextFromSid

  AuthzAccessCheck

  Sections

  .text

  Size: 114KB - Virtual size: 113KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 53KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 165KB - Virtual size: 165KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ