General

Malware Config

Signatures

Files

• 670145b34ab8de90239590d0a76a6c8989fc586c051a5b84042a0dee029c49b7

  .zip
• winlogon.exe

  .exe windows x86

  17ad1051188b70b0c515d0dd4d7ae68b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ResumeThread

  CreateProcessA

  GetThreadContext

  SetThreadContext

  VirtualAlloc

  VirtualFree

  VirtualAllocEx

  ReadProcessMemory

  WriteProcessMemory

  GetModuleFileNameA

  TerminateProcess

  GetProcAddress

  LoadResource

  LockResource

  SizeofResource

  FindResourceW

  MultiByteToWideChar

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  Sleep

  CloseHandle

  GetModuleHandleA

  CreateDirectoryW

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  WideCharToMultiByte

  GetStringTypeW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetModuleFileNameW

  GetModuleHandleExW

  HeapValidate

  GetSystemInfo

  RaiseException

  GetLastError

  LoadLibraryExW

  RtlUnwind

  GetCommandLineW

  FatalAppExitA

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  GetCurrentProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetTickCount

  GetModuleHandleW

  CreateSemaphoreW

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetStdHandle

  WriteFile

  ExitProcess

  AreFileApisANSI

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  GetFileType

  ReadFile

  SetFilePointerEx

  SetConsoleCtrlHandler

  OutputDebugStringW

  WaitForSingleObjectEx

  CreateThread

  OutputDebugStringA

  WriteConsoleW

  IsValidCodePage

  GetACP

  GetOEMCP

  HeapFree

  HeapReAlloc

  HeapSize

  HeapQueryInformation

  GetCurrentThread

  GetCurrentThreadId

  HeapAlloc

  GetProcessHeap

  VirtualQuery

  FreeLibrary

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetTimeZoneInformation

  SetEnvironmentVariableA

  SetStdHandle

  ReadConsoleW

  CreateFileW

  SetEndOfFile

  advapi32

  RegCreateKeyExW

  RegCloseKey

  RegSetValueExW

  Sections

  .textbss

  Size: - Virtual size: 416KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 881KB - Virtual size: 881KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 150KB - Virtual size: 150KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4.5MB - Virtual size: 4.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ