General

Malware Config

Signatures

Files

• 412b57c9e83bf404bfacf087f3bf8edee7af584ab303f3222eb22ced5d7e5f54

  .exe windows x86

  5cd3573fdff42464d982a8940c23ad5b

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LoadLibraryA

  GetProcAddress

  VirtualAlloc

  GetModuleHandleA

  MultiByteToWideChar

  lstrlenA

  LocalFree

  WriteConsoleW

  GetStdHandle

  FormatMessageW

  GetLastError

  CloseHandle

  WaitForMultipleObjects

  CreateThread

  lstrcmpW

  lstrcatW

  lstrlenW

  lstrcmpiW

  GetConsoleOutputCP

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  user32

  LoadCursorW

  IsWindow

  GetForegroundWindow

  GetProcessWindowStation

  GetKeyboardType

  GetDialogBaseUnits

  ReleaseCapture

  LoadCursorFromFileA

  GetMessagePos

  GetSysColorBrush

  IsWindowVisible

  GetWindowDC

  DestroyIcon

  GetParent

  VkKeyScanA

  LoadCursorFromFileW

  PaintDesktop

  GetInputState

  IsCharLowerW

  GetKeyState

  ReleaseDC

  GetClassNameA

  DdeInitializeW

  EnumChildWindows

  MenuItemFromPoint

  PostMessageA

  GetAltTabInfoA

  GetPropA

  IsCharAlphaNumericW

  PeekMessageA

  GetFocus

  EmptyClipboard

  SwitchToThisWindow

  RegisterWindowMessageW

  SendMessageCallbackW

  SetWindowsHookA

  SetMenuItemBitmaps

  DdeCreateStringHandleA

  GetKeyboardLayoutNameW

  GetMenuStringA

  UnregisterDeviceNotification

  SetWindowTextA

  IsHungAppWindow

  SetScrollPos

  IsDialogMessage

  DialogBoxParamA

  DrawCaption

  RealGetWindowClassW

  EndMenu

  wvsprintfW

  DdeClientTransaction

  EnumClipboardFormats

  DdeKeepStringHandle

  SetThreadDesktop

  PackDDElParam

  VkKeyScanW

  EndTask

  GetMenuItemCount

  DeregisterShellHookWindow

  CreateIcon

  LoadStringW

  gdi32

  CreateMetaFileW

  PathToRegion

  WidenPath

  CreateMetaFileA

  CreatePatternBrush

  FlattenPath

  StrokePath

  CloseFigure

  SetMetaRgn

  GetGraphicsMode

  GetStockObject

  GetEnhMetaFileBits

  TranslateCharsetInfo

  TextOutA

  StretchDIBits

  StretchBlt

  StartPage

  StartDocA

  SetTextColor

  SetStretchBltMode

  SetMapMode

  SetBkMode

  SetBkColor

  SelectObject

  SelectClipRgn

  MoveToEx

  LineTo

  GetTextMetricsW

  GetTextFaceA

  GetTextExtentPointW

  GetTextExtentPoint32A

  GetTextExtentPoint32W

  GetRgnBox

  GetPaletteEntries

  GetObjectW

  GetNearestPaletteIndex

  GetDeviceCaps

  GetDIBits

  GdiFlush

  EndPage

  EndDoc

  DeleteObject

  DeleteDC

  CreateSolidBrush

  CreateRoundRectRgn

  CreateRectRgnIndirect

  CreateRectRgn

  CreatePen

  CreatePalette

  CreateFontIndirectW

  CreateFontA

  CreateFontW

  CreateDIBitmap

  CreateDIBSection

  CreateDCW

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateBitmap

  CombineRgn

  BitBlt

  UnrealizeObject

  PlayMetaFile

  GetPath

  GdiGetDevmodeForPage

  GdiConvertBitmapV5

  GdiFixUpHandle

  FONTOBJ_pvTrueTypeFontFile

  AddFontResourceExA

  EngPlgBlt

  GetCharABCWidthsI

  GetGlyphOutlineW

  InvertRgn

  GdiCleanCacheDC

  GetCharWidthW

  EngGetPrinterDataFileName

  STROBJ_dwGetCodePage

  CopyMetaFileW

  EngDeleteSemaphore

  ResizePalette

  GetCurrentObject

  SetDIBitsToDevice

  DeleteMetaFile

  GetCharABCWidthsW

  CombineTransform

  Rectangle

  STROBJ_vEnumStart

  GdiArtificialDecrementDriver

  comdlg32

  PrintDlgW

  GetSaveFileNameA

  GetSaveFileNameW

  GetOpenFileNameW

  advapi32

  RegQueryValueExA

  SetSecurityDescriptorDacl

  ReportEventW

  RegisterEventSourceW

  RegUnLoadKeyW

  RegSetValueExA

  RegSetValueExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegOpenKeyExA

  RegOpenKeyExW

  RegLoadKeyW

  RegEnumKeyA

  RegDeleteValueA

  RegCreateKeyExA

  RegCreateKeyExW

  RegCloseKey

  OpenProcessToken

  LookupAccountSidA

  LookupAccountSidW

  InitializeSecurityDescriptor

  GetUserNameA

  GetTokenInformation

  GetLengthSid

  FreeSid

  AllocateAndInitializeSid

  GetUserNameW

  GetKernelObjectSecurity

  StartServiceA

  StartServiceW

  QueryServiceStatus

  OpenServiceA

  OpenServiceW

  OpenSCManagerW

  ControlService

  CloseServiceHandle

  CryptSetProvParam

  CryptGetProvParam

  CryptDestroyHash

  CryptSignHashA

  CryptSetHashParam

  CryptCreateHash

  CryptImportKey

  CryptExportKey

  CryptReleaseContext

  CryptDestroyKey

  CryptGetUserKey

  CryptAcquireContextA

  CryptDecrypt

  shell32

  SHGetFileInfoA

  ShellExecuteExA

  ShellExecuteA

  ShellExecuteW

  Shell_NotifyIconW

  DragQueryFileW

  DragFinish

  SHGetFolderPathA

  SHGetFolderPathW

  SHGetSpecialFolderLocation

  SHGetPathFromIDListA

  SHGetPathFromIDListW

  SHGetMalloc

  ExtractIconEx

  ExtractAssociatedIconExW

  Shell_NotifyIcon

  SHChangeNotify

  ExtractIconA

  ShellExecuteEx

  WOWShellExecute

  DoEnvironmentSubstW

  SHGetFileInfo

  ExtractIconExW

  SHAddToRecentDocs

  SHPathPrepareForWriteW

  ole32

  CoInitialize

  CoCreateInstance

  CoUninitialize

  shlwapi

  StrRStrIA

  StrRChrW

  Sections

  .text

  Size: 261KB - Virtual size: 260KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 512B - Virtual size: 266B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data2

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 140KB - Virtual size: 139KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ