General

Malware Config

Signatures

Files

• 1ed750c65754f8fa905f2e8a6f2dd864f910a2a7b68f080ca946efe22a28b0c4

  .exe windows x86

  73181fd208bc0b14f8f815c89d7b9684

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LCMapStringA

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryExW

  LoadResource

  LocalAlloc

  LocalFree

  LocalLock

  LockResource

  Module32FirstW

  MoveFileExW

  MultiByteToWideChar

  OpenMutexW

  OpenProcess

  OutputDebugStringW

  ProcessIdToSessionId

  QueryDosDeviceW

  QueryPerformanceCounter

  RaiseException

  ReadFile

  ReleaseMutex

  ReleaseSemaphore

  ReplaceFileA

  ResetEvent

  RtlUnwind

  SetDefaultCommConfigW

  SetEnvironmentVariableA

  SetEvent

  SetFilePointer

  SetFilePointerEx

  IsValidLocale

  SetLastError

  SetStdHandle

  SetSystemTime

  SetTimerQueueTimer

  SetUnhandledExceptionFilter

  SizeofResource

  SwitchToFiber

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  TryEnterCriticalSection

  UnhandledExceptionFilter

  VerLanguageNameA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  WriteFileEx

  WriteProfileStringW

  _hwrite

  _lwrite

  lstrcmpiW

  lstrlenW

  IsValidCodePage

  IsProcessorFeaturePresent

  IsDebuggerPresent

  IsBadWritePtr

  InterlockedIncrement

  InterlockedExchange

  InterlockedDecrement

  InitializeCriticalSectionAndSpinCount

  InitializeCriticalSection

  HeapSize

  HeapSetInformation

  HeapReAlloc

  HeapFree

  HeapDestroy

  HeapCreate

  HeapAlloc

  Heap32First

  GlobalWire

  GlobalFree

  GetWindowsDirectoryA

  GetVersionExW

  GetVersionExA

  GetVersion

  GetUserDefaultLCID

  GetTimeZoneInformation

  GetTickCount

  GetThreadTimes

  GetTempPathW

  GetTempFileNameW

  GetTapePosition

  GetSystemTimeAsFileTime

  GetSystemInfo

  GetStringTypeW

  GetStringTypeA

  GetStdHandle

  GetStartupInfoW

  GetStartupInfoA

  GetProcessHeap

  GetProcAddress

  GetPrivateProfileStringW

  GetOEMCP

  GetModuleHandleW

  GetModuleHandleExW

  GetModuleFileNameW

  GetModuleFileNameA

  GetLogicalDriveStringsW

  GetLocaleInfoW

  GetLocaleInfoA

  GetLocalTime

  GetLastError

  GetHandleInformation

  GetFileType

  GetFileAttributesExA

  GetFileAttributesA

  GetEnvironmentStringsW

  GetEnvironmentStrings

  GetCurrentThreadId

  GetCurrentThread

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleMode

  GetConsoleCP

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetACP

  FreeLibrary

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  FlushFileBuffers

  FindResourceW

  FindResourceExW

  FatalAppExitA

  ExpandEnvironmentStringsW

  ExitThread

  ExitProcess

  EraseTape

  EnumSystemLocalesA

  EnterCriticalSection

  EndUpdateResourceW

  EncodePointer

  DuplicateHandle

  DisableThreadLibraryCalls

  DeleteTimerQueueEx

  DeleteFileW

  DeleteCriticalSection

  DecodePointer

  CreateTimerQueueTimer

  CreateTimerQueue

  CreateThread

  CreateSemaphoreW

  CreateProcessW

  CreateProcessA

  CreateMutexW

  CreateHardLinkW

  CreateFileW

  CreateEventW

  ConnectNamedPipe

  CompareStringW

  CompareStringA

  CommConfigDialogA

  CloseHandle

  AllocateUserPhysicalPages

  GetModuleHandleA

  Sleep

  VirtualAllocEx

  SetHandleCount

  LoadLibraryA

  user32

  UnregisterClassA

  TranslateMessage

  TranslateMDISysAccel

  SetWindowPos

  SetLastErrorEx

  SendDlgItemMessageW

  RegisterClassA

  RealGetWindowClass

  PostThreadMessageW

  PostQuitMessage

  PostMessageA

  MessageBoxW

  MessageBoxIndirectA

  LockWorkStation

  LoadStringW

  LoadIconA

  IsWindow

  IsRectEmpty

  IsCharLowerA

  InSendMessageEx

  IMPSetIMEA

  GetUpdateRgn

  GetScrollInfo

  GetMessageW

  GetMessageA

  GetKeyboardState

  GetClassInfoExW

  FrameRect

  EnumDisplayDevicesA

  DispatchMessageW

  DispatchMessageA

  DefWindowProcA

  DefDlgProcA

  DdeClientTransaction

  CreateWindowExA

  CreateIcon

  CharUpperW

  CharNextW

  ChangeClipboardChain

  CallWindowProcA

  GetDoubleClickTime

  CharLowerA

  CopyIcon

  IsCharAlphaNumericA

  GetDialogBaseUnits

  OemKeyScan

  GetMenuContextHelpId

  GetParent

  AnyPopup

  GetKeyboardType

  GetClipboardViewer

  GetTopWindow

  CharLowerW

  GetMessagePos

  GetKeyboardLayout

  LoadCursorA

  IsWindowVisible

  GetDC

  IsCharAlphaNumericW

  GetWindowDC

  GetKBCodePage

  CreatePopupMenu

  GetWindowContextHelpId

  gdi32

  DeleteDC

  GetObjectType

  CreateCompatibleDC

  AddFontResourceA

  UnrealizeObject

  BeginPath

  GetTextColor

  GetSystemPaletteUse

  AbortDoc

  GetStretchBltMode

  DeleteColorSpace

  CreateColorSpaceA

  CreateCompatibleBitmap

  CreateDiscardableBitmap

  CreatePenIndirect

  Ellipse

  EngDeletePalette

  EngDeletePath

  EngGetCurrentCodePage

  EngLineTo

  EngPlgBlt

  EngQueryLocalTime

  EnumFontFamiliesW

  FillPath

  StrokePath

  GdiCleanCacheDC

  GdiCreateLocalMetaFilePict

  GdiEntry16

  GdiRealizationInfo

  GetCharABCWidthsW

  GetGlyphIndicesW

  GetHFONT

  GetStockObject

  GetViewportExtEx

  InvertRgn

  Pie

  PlayMetaFile

  RemoveFontMemResourceEx

  ScaleWindowExtEx

  SelectBrushLocal

  SetBitmapBits

  SetMagicColors

  GdiGetBatchLimit

  SetMapMode

  advapi32

  DuplicateTokenEx

  DeregisterEventSource

  DeleteService

  CreateServiceW

  CreateRestrictedToken

  CreateProcessAsUserW

  CopySid

  ConvertSidToStringSidW

  ControlService

  CloseServiceHandle

  CheckTokenMembership

  AdjustTokenPrivileges

  AddAce

  RegQueryValueExA

  RegOpenKeyA

  StartServiceCtrlDispatcherW

  SetTokenInformation

  SetThreadToken

  SetServiceStatus

  SetSecurityInfo

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  RevertToSelf

  ReportEventW

  RegisterServiceCtrlHandlerW

  RegisterEventSourceW

  RegSetValueExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegCloseKey

  OpenThreadToken

  OpenServiceW

  OpenSCManagerW

  OpenProcessToken

  MakeSelfRelativeSD

  MakeAbsoluteSD

  EqualSid

  GetAclInformation

  GetLengthSid

  GetSecurityDescriptorControl

  GetSecurityDescriptorDacl

  GetSecurityDescriptorGroup

  GetSecurityDescriptorLength

  GetSecurityDescriptorOwner

  GetSecurityDescriptorSacl

  GetSidLengthRequired

  GetSidSubAuthority

  GetTokenInformation

  ImpersonateLoggedOnUser

  InitializeAcl

  InitializeSecurityDescriptor

  InitializeSid

  IsValidSid

  LookupAccountSidW

  LookupPrivilegeValueW

  DuplicateToken

  shell32

  SHQueryRecycleBinA

  SHInvokePrinterCommandA

  SHGetSpecialFolderPathA

  SHGetInstanceExplorer

  SHGetIconOverlayIndexW

  SHFileOperation

  ExtractIconExW

  DragQueryFile

  ole32

  CoRevertToSelf

  CoRevokeClassObject

  CoSuspendClassObjects

  CoTaskMemAlloc

  CoTaskMemFree

  CoTaskMemRealloc

  CoUninitialize

  OleRun

  ProgIDFromCLSID

  StringFromGUID2

  CoReleaseServerProcess

  CoRegisterClassObject

  CoInitializeSecurity

  CoInitialize

  CoImpersonateClient

  CoCreateInstance

  CLSIDFromString

  CoResumeClassObjects

  shlwapi

  PathFileExistsW

  PathIsRelativeW

  PathRemoveExtensionW

  PathRemoveFileSpecW

  PathStripPathW

  StrCmpNIW

  PathAppendW

  Sections

  .text

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 636B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 83KB - Virtual size: 83KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ