General

Malware Config

Signatures

Files

• 0127b631f8153cab11f6e747068acd58681a796de0e2e02384b2860fe290ecd8

  .zip
• 46.exe

  .exe windows x86

  56fb4fa8d282760970f3890bcd3c55d7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ReadConsoleInputA

  GetProcessHeap

  SetEndOfFile

  SetEnvironmentVariableA

  CompareStringW

  CreateFileW

  IsProcessorFeaturePresent

  CreateFileA

  SetConsoleMode

  GetStringTypeW

  ReadFile

  HeapSize

  CreateProcessA

  WaitForSingleObject

  GetExitCodeProcess

  HeapReAlloc

  HeapAlloc

  SetStdHandle

  SetFilePointer

  WriteConsoleW

  PeekConsoleInputA

  VirtualProtect

  GetStdHandle

  SetConsoleCursorPosition

  GetTimeZoneInformation

  GetCurrentProcessId

  GetTickCount

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  EnterCriticalSection

  LeaveCriticalSection

  GetProcAddress

  GetModuleHandleW

  ExitProcess

  DecodePointer

  GetCommandLineA

  HeapSetInformation

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EncodePointer

  TerminateProcess

  GetCurrentProcess

  GetLastError

  WriteFile

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  SetHandleCount

  GetFileType

  GetStartupInfoW

  Sleep

  HeapFree

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  GetFileAttributesA

  LoadLibraryW

  GetModuleFileNameW

  CloseHandle

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringW

  MultiByteToWideChar

  RtlUnwind

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  HeapCreate

  GetNumberOfConsoleInputEvents

  gdi32

  StrokePath

  CreateEllipticRgn

  EnumEnhMetaFile

  GetTextCharsetInfo

  GetBoundsRect

  rtutils

  TraceGetConsoleW

  TracePrintfExW

  RouterLogEventStringA

  LogErrorA

  shlwapi

  PathRemoveBackslashA

  PathCompactPathExA

  SHRegDeleteEmptyUSKeyA

  PathIsUNCServerShareA

  SHIsLowMemoryMachine

  SHRegDeleteUSValueA

  PathIsPrefixA

  mapi32

  ord144

  ord122

  ord137

  shell32

  ShellHookProc

  ExtractIconW

  mscms

  SetStandardColorSpaceProfileW

  CreateProfileFromLogColorSpaceA

  DisassociateColorProfileFromDeviceA

  EnumColorProfilesA

  imm32

  ImmGetRegisterWordStyleW

  ImmRegisterWordW

  ImmUnlockIMC

  ImmIsIME

  ImmGetCandidateListW

  odbc32

  ord62

  ord106

  ord254

  ord26

  Sections

  .text

  Size: 72KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 66KB - Virtual size: 66KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ