General

Malware Config

Signatures

Files

• cc34a4f9ad7cfd91607b8b4a34282dc0be683ce4cfe5c632cad5639999529d56

  .exe windows x64

  85614ad7b23a2780453c1947d2a3d660

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ws2_32

  shutdown

  ntohs

  recv

  select

  WSARecvFrom

  WSASocketW

  WSASend

  WSARecv

  WSAIoctl

  WSADuplicateSocketW

  htons

  getpeername

  FreeAddrInfoW

  GetAddrInfoW

  gethostname

  htonl

  socket

  setsockopt

  listen

  closesocket

  bind

  WSACleanup

  WSAStartup

  getsockopt

  getsockname

  ioctlsocket

  WSAGetLastError

  WSASetLastError

  send

  psapi

  GetProcessMemoryInfo

  iphlpapi

  GetAdaptersAddresses

  userenv

  GetUserProfileDirectoryW

  crypt32

  CertGetCertificateContextProperty

  CertOpenStore

  CertCloseStore

  CertEnumCertificatesInStore

  CertFreeCertificateContext

  CertDuplicateCertificateContext

  CertFindCertificateInStore

  kernel32

  SetConsoleMode

  GetConsoleMode

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  ExpandEnvironmentStringsA

  MultiByteToWideChar

  SetPriorityClass

  GetCurrentProcess

  SetThreadPriority

  GetSystemPowerStatus

  GetCurrentThread

  GetProcAddress

  GetModuleHandleW

  CloseHandle

  FreeConsole

  GetConsoleWindow

  VirtualProtect

  VirtualFree

  VirtualAlloc

  GetLargePageMinimum

  LocalAlloc

  GetLastError

  LocalFree

  FlushInstructionCache

  DeviceIoControl

  GetModuleFileNameW

  CreateFileW

  GetCurrentThreadId

  AddVectoredExceptionHandler

  SetLastError

  GetSystemTime

  SystemTimeToFileTime

  GetModuleHandleExW

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  SwitchToFiber

  DeleteFiber

  CreateFiber

  FindClose

  FindFirstFileW

  FindNextFileW

  WideCharToMultiByte

  GetFileType

  WriteFile

  ConvertFiberToThread

  ConvertThreadToFiber

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  FreeLibrary

  LoadLibraryA

  LoadLibraryW

  GetEnvironmentVariableW

  ReadConsoleA

  ReadConsoleW

  CreateFileA

  DuplicateHandle

  PostQueuedCompletionStatus

  SetEvent

  ResetEvent

  WaitForSingleObject

  CreateEventA

  Sleep

  QueueUserWorkItem

  RegisterWaitForSingleObject

  UnregisterWait

  GetNumberOfConsoleInputEvents

  ReadConsoleInputW

  WriteConsoleW

  FillConsoleOutputCharacterW

  FillConsoleOutputAttribute

  GetConsoleCursorInfo

  SetConsoleCursorInfo

  GetConsoleScreenBufferInfo

  SetConsoleCursorPosition

  SetConsoleTextAttribute

  WriteConsoleInputW

  VerSetConditionMask

  GetEnvironmentStringsW

  GetStdHandle

  SetEnvironmentVariableW

  SetConsoleTitleA

  GetCurrentDirectoryW

  GetTempPathW

  QueryPerformanceFrequency

  InitializeCriticalSection

  GlobalMemoryStatusEx

  GetSystemInfo

  GetVersionExW

  VerifyVersionInfoA

  FileTimeToSystemTime

  CreateDirectoryW

  FlushFileBuffers

  GetDiskFreeSpaceW

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileSizeEx

  GetFinalPathNameByHandleW

  GetFullPathNameW

  ReadFile

  RemoveDirectoryW

  SetFilePointerEx

  SetFileTime

  MapViewOfFile

  FlushViewOfFile

  RtlUnwind

  CreateFileMappingA

  ReOpenFile

  CopyFileW

  MoveFileExW

  CreateHardLinkW

  GetFileInformationByHandleEx

  CreateSymbolicLinkW

  SetConsoleCtrlHandler

  GetLongPathNameW

  GetShortPathNameW

  CreateIoCompletionPort

  ReadDirectoryChangesW

  SetHandleInformation

  CancelIo

  SetFileCompletionNotificationModes

  LoadLibraryExW

  FormatMessageA

  SetErrorMode

  GetQueuedCompletionStatus

  ConnectNamedPipe

  PeekNamedPipe

  CreateNamedPipeW

  CancelIoEx

  CancelSynchronousIo

  SwitchToThread

  TerminateProcess

  GetExitCodeProcess

  UnregisterWaitEx

  LCMapStringW

  DebugBreak

  TryEnterCriticalSection

  InitializeConditionVariable

  WakeConditionVariable

  SleepConditionVariableCS

  ReleaseSemaphore

  ResumeThread

  GetNativeSystemInfo

  CreateSemaphoreA

  GetModuleHandleA

  GetStartupInfoW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  CreateThread

  SignalObjectAndWait

  CreateTimerQueue

  InitializeSListHead

  IsDebuggerPresent

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetNumaHighestNodeNumber

  SetCurrentDirectoryW

  GetThreadTimes

  FreeLibraryAndExitThread

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  GetCommandLineA

  GetCommandLineW

  ExitThread

  GetDriveTypeW

  SystemTimeToTzSpecificLocalTime

  ExitProcess

  SetStdHandle

  GetFileAttributesExW

  SetFileAttributesW

  GetConsoleCP

  HeapReAlloc

  HeapFree

  HeapAlloc

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetTimeZoneInformation

  HeapSize

  SetEndOfFile

  FindFirstFileExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetProcessHeap

  FreeEnvironmentStringsW

  UnmapViewOfFile

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  WaitForSingleObjectEx

  GetExitCodeThread

  EncodePointer

  DecodePointer

  GetCPInfo

  CreateEventW

  GetTickCount

  CompareStringW

  GetLocaleInfoW

  GetStringTypeW

  RtlCaptureContext

  user32

  GetSystemMetrics

  MapVirtualKeyW

  DispatchMessageA

  TranslateMessage

  GetMessageA

  MessageBoxW

  GetUserObjectInformationW

  GetProcessWindowStation

  ShowWindow

  shell32

  SHGetSpecialFolderPathA

  advapi32

  SystemFunction036

  GetUserNameW

  CryptEnumProvidersW

  CryptSignHashW

  CryptDestroyHash

  CryptCreateHash

  CryptDecrypt

  CryptExportKey

  CryptGetUserKey

  CryptGetProvParam

  CryptSetHashParam

  CryptDestroyKey

  CryptReleaseContext

  CryptAcquireContextW

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  CreateServiceW

  QueryServiceStatus

  CloseServiceHandle

  OpenSCManagerW

  QueryServiceConfigA

  DeleteService

  ControlService

  StartServiceW

  OpenServiceW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenProcessToken

  LsaOpenPolicy

  LsaAddAccountRights

  LsaClose

  GetTokenInformation

  bcrypt

  BCryptGenRandom

  Sections

  .text

  Size: 2.9MB - Virtual size: 2.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 68KB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 122KB - Virtual size: 122KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RANDOMX

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _SHA3_25

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _TEXT_CN

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _TEXT_CN

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 148B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ