General

Malware Config

Signatures

Files

• 13140000.exe

  .exe windows x86

  f00e9662f410244a50158d29a8e78a29

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  DeleteFileA

  GetModuleFileNameA

  lstrlenA

  SetLastError

  HeapAlloc

  GetProcessHeap

  HeapFree

  GetShortPathNameA

  CreateDirectoryA

  GetFileInformationByHandle

  GetSystemDirectoryA

  LocalFree

  Process32Next

  lstrcmpiA

  Process32First

  GetModuleHandleA

  GetLastError

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  Process32NextW

  Module32FirstW

  Process32FirstW

  VirtualAlloc

  VirtualProtect

  VirtualFree

  IsBadReadPtr

  FreeLibrary

  GetProcAddress

  GetStartupInfoA

  MoveFileW

  GetCurrentProcessId

  CreateDirectoryW

  DeleteFileW

  WriteFile

  GetComputerNameW

  GetLocaleInfoA

  SetFilePointer

  FileTimeToSystemTime

  FindNextFileW

  GetLogicalDriveStringsA

  GetDriveTypeA

  FindNextFileA

  ExitThread

  ReadFile

  GetCurrentProcess

  CreateFileW

  CreateFileA

  GetFileSize

  FindFirstFileW

  FindFirstFileA

  FindClose

  GetSystemTime

  GetDateFormatA

  ExitProcess

  LoadLibraryA

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetVersionExA

  WideCharToMultiByte

  MultiByteToWideChar

  OpenProcess

  TerminateProcess

  TerminateThread

  CreateThread

  GetTickCount

  CloseHandle

  Sleep

  CreateMutexA

  WaitForSingleObject

  CreateToolhelp32Snapshot

  user32

  GetForegroundWindow

  GetActiveWindow

  SetCursorPos

  mouse_event

  GetWindowTextW

  GetWindowPlacement

  IsWindowVisible

  EnumWindows

  ShowWindow

  SendMessageA

  ExitWindowsEx

  GetLastInputInfo

  wsprintfA

  GetDC

  ReleaseDC

  gdi32

  BitBlt

  SelectObject

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateDIBSection

  GetDeviceCaps

  CreateDCA

  DeleteObject

  GetDIBits

  SelectPalette

  GetStockObject

  GetObjectA

  DeleteDC

  RealizePalette

  advapi32

  OpenProcessToken

  GetTokenInformation

  AllocateAndInitializeSid

  EqualSid

  FreeSid

  RegOpenKeyExA

  RegDeleteValueA

  RegOpenKeyA

  RegQueryValueExA

  RegCreateKeyExA

  RegSetValueExA

  RegCloseKey

  GetUserNameW

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  GetSecurityInfo

  GetUserNameA

  SetEntriesInAclA

  SetSecurityInfo

  GetLengthSid

  GetSidSubAuthorityCount

  CopySid

  IsValidSid

  GetSidIdentifierAuthority

  GetSidSubAuthority

  shell32

  SHFileOperationW

  SHGetSpecialFolderPathA

  StrStrIA

  ShellExecuteA

  ShellExecuteExA

  SHFileOperationA

  ShellExecuteW

  ws2_32

  shutdown

  closesocket

  inet_addr

  __WSAFDIsSet

  recv

  gethostbyname

  select

  send

  WSACleanup

  connect

  socket

  htons

  WSAStartup

  getsockname

  msvcrt

  _strcmpi

  srand

  free

  realloc

  fopen

  printf

  fread

  fclose

  strstr

  swprintf

  wcscmp

  wcslen

  memcpy

  strcat

  strncpy

  ??3@YAXPAX@Z

  malloc

  ??2@YAPAXI@Z

  __CxxFrameHandler

  memset

  strcpy

  strtok

  strcmp

  wcscpy

  sprintf

  _stricmp

  rand

  atoi

  clock

  strlen

  avicap32

  capGetDriverDescriptionW

  wininet

  InternetOpenUrlA

  InternetCloseHandle

  InternetReadFile

  InternetOpenA

  shlwapi

  PathFindFileNameA

  SHDeleteKeyA

  mpr

  WNetEnumResourceW

  WNetOpenEnumW

  WNetCloseEnum

  Sections

  .text

  Size: 88KB - Virtual size: 88KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10.2MB - Virtual size: 10.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE