General

Malware Config

Signatures

Files

• 4926323bef0d2de7f610aa67f0a56eb99eba50ed4a8aa65728750e9f23537f0e

  .zip
• iexplore.exe

  .exe windows x86

  0df7df2cb1ea3de01d754ccb92d49583

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  AdjustTokenPrivileges

  CryptAcquireContextA

  CryptAcquireContextW

  CryptCreateHash

  CryptDecrypt

  CryptDestroyHash

  CryptDestroyKey

  CryptEnumProvidersW

  CryptExportKey

  CryptGenRandom

  CryptGetProvParam

  CryptGetUserKey

  CryptReleaseContext

  CryptSetHashParam

  CryptSignHashW

  DeregisterEventSource

  GetTokenInformation

  GetUserNameW

  LookupPrivilegeValueW

  LsaAddAccountRights

  LsaClose

  LsaOpenPolicy

  OpenProcessToken

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  RegisterEventSourceW

  ReportEventW

  crypt32

  CertCloseStore

  CertDuplicateCertificateContext

  CertEnumCertificatesInStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertOpenStore

  iphlpapi

  GetAdaptersAddresses

  kernel32

  AddVectoredExceptionHandler

  AssignProcessToJobObject

  CancelIo

  CloseHandle

  ConnectNamedPipe

  ConvertFiberToThread

  ConvertThreadToFiber

  CopyFileW

  CreateDirectoryW

  CreateEventA

  CreateFiber

  CreateFileA

  CreateFileW

  CreateHardLinkW

  CreateIoCompletionPort

  CreateJobObjectW

  CreateNamedPipeA

  CreateNamedPipeW

  CreateProcessW

  CreateSemaphoreA

  CreateSemaphoreW

  CreateToolhelp32Snapshot

  DebugBreak

  DeleteCriticalSection

  DeleteFiber

  DeviceIoControl

  DuplicateHandle

  EnterCriticalSection

  FileTimeToSystemTime

  FillConsoleOutputAttribute

  FillConsoleOutputCharacterW

  FindClose

  FindFirstFileW

  FindNextFileW

  FlushFileBuffers

  FlushInstructionCache

  FormatMessageA

  FormatMessageW

  FreeConsole

  FreeLibrary

  GetConsoleCursorInfo

  GetConsoleMode

  GetConsoleScreenBufferInfo

  GetConsoleTitleW

  GetConsoleWindow

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetEnvironmentVariableW

  GetExitCodeProcess

  GetFileAttributesW

  GetFileInformationByHandle

  GetFileType

  GetHandleInformation

  GetLastError

  GetLongPathNameW

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetNamedPipeHandleStateA

  GetNumberOfConsoleInputEvents

  GetProcAddress

  GetProcessAffinityMask

  GetProcessIoCounters

  GetProcessTimes

  GetQueuedCompletionStatus

  GetShortPathNameW

  GetStartupInfoA

  GetStartupInfoW

  GetStdHandle

  GetSystemInfo

  GetSystemTime

  GetSystemTimeAdjustment

  GetSystemTimeAsFileTime

  GetTempPathW

  GetThreadContext

  GetThreadPriority

  GetThreadTimes

  GetTickCount

  GetVersion

  GlobalMemoryStatusEx

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  IsDBCSLeadByteEx

  IsDebuggerPresent

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryW

  LocalAlloc

  LocalFree

  MoveFileExW

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringA

  PeekNamedPipe

  PostQueuedCompletionStatus

  Process32First

  Process32Next

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserWorkItem

  RaiseException

  ReadConsoleA

  ReadConsoleInputW

  ReadConsoleW

  ReadDirectoryChangesW

  ReadFile

  RegisterWaitForSingleObject

  ReleaseSemaphore

  RemoveDirectoryW

  RemoveVectoredExceptionHandler

  ResetEvent

  ResumeThread

  SetConsoleCtrlHandler

  SetConsoleCursorInfo

  SetConsoleCursorPosition

  SetConsoleMode

  SetConsoleTextAttribute

  SetConsoleTitleW

  SetCurrentDirectoryW

  SetEnvironmentVariableW

  SetErrorMode

  SetEvent

  SetFilePointerEx

  SetFileTime

  SetHandleInformation

  SetInformationJobObject

  SetLastError

  SetNamedPipeHandleState

  SetPriorityClass

  SetProcessAffinityMask

  SetSystemTime

  SetThreadAffinityMask

  SetThreadContext

  SetThreadPriority

  SetUnhandledExceptionFilter

  Sleep

  SuspendThread

  SwitchToFiber

  SwitchToThread

  SystemTimeToFileTime

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  TryEnterCriticalSection

  UnhandledExceptionFilter

  UnregisterWait

  UnregisterWaitEx

  VerSetConditionMask

  VerifyVersionInfoA

  VirtualAlloc

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForMultipleObjects

  WaitForSingleObject

  WaitNamedPipeW

  WideCharToMultiByte

  WriteConsoleInputW

  WriteConsoleW

  WriteFile

  msvcrt

  __argv

  __dllonexit

  __doserrno

  __getmainargs

  __initenv

  __lconv_init

  __mb_cur_max

  __set_app_type

  __setusermatherr

  _acmdln

  _aligned_free

  _aligned_malloc

  _amsg_exit

  _beginthreadex

  _cexit

  _close

  _endthreadex

  _errno

  _close

  _exit

  _fdopen

  _fileno

  _fileno

  _fmode

  _fstat64

  _get_osfhandle

  _initterm

  _iob

  _lock

  _lseeki64

  _onexit

  _open_osfhandle

  _read

  _read

  _setjmp3

  _setmode

  _snwprintf

  _stat

  _strdup

  _strdup

  _stricmp

  _strnicmp

  _ultoa

  _umask

  _unlock

  _vsnprintf

  _vsnwprintf

  _wchmod

  _wcsdup

  _wcsnicmp

  _wcsrev

  _wfopen

  _wmkdir

  _wopen

  _write

  _write

  _wrmdir

  abort

  atoi

  calloc

  exit

  fclose

  feof

  ferror

  fflush

  fgets

  fopen

  fprintf

  fputc

  fputs

  fread

  free

  fseek

  ftell

  fwprintf

  fwrite

  getenv

  gmtime

  islower

  isspace

  isupper

  iswctype

  localeconv

  localtime

  longjmp

  malloc

  memchr

  memcmp

  memcpy

  memmove

  memset

  printf

  qsort

  raise

  rand

  realloc

  setlocale

  setvbuf

  signal

  sprintf

  srand

  sscanf

  strcat

  strchr

  strcmp

  strcoll

  strcpy

  strcspn

  strerror

  strftime

  strlen

  strncmp

  strncpy

  strrchr

  strspn

  strstr

  strtol

  strtoul

  strxfrm

  time

  towlower

  towupper

  vfprintf

  wcschr

  wcscmp

  wcscoll

  wcscpy

  wcsftime

  wcslen

  wcsncmp

  wcsncpy

  wcspbrk

  wcsrchr

  wcsstr

  wcstombs

  wcsxfrm

  psapi

  GetProcessMemoryInfo

  user32

  DispatchMessageA

  GetMessageA

  GetProcessWindowStation

  GetUserObjectInformationW

  MapVirtualKeyW

  MessageBoxW

  SetWinEventHook

  ShowWindow

  TranslateMessage

  userenv

  GetUserProfileDirectoryW

  ws2_32

  FreeAddrInfoW

  GetAddrInfoW

  WSACleanup

  WSADuplicateSocketW

  WSAGetLastError

  WSAIoctl

  WSARecv

  WSARecvFrom

  WSASend

  WSASendTo

  WSASetLastError

  WSASocketW

  WSAStartup

  __WSAFDIsSet

  accept

  bind

  closesocket

  connect

  freeaddrinfo

  getaddrinfo

  gethostbyname

  gethostname

  getnameinfo

  getpeername

  getsockname

  getsockopt

  htonl

  htons

  ioctlsocket

  listen

  ntohs

  recv

  select

  send

  setsockopt

  shutdown

  socket

  Exports

  Exports

  MHD_add_connection

  MHD_add_response_footer

  MHD_add_response_header

  MHD_create_response_for_upgrade

  MHD_create_response_from_buffer

  MHD_create_response_from_callback

  MHD_create_response_from_data

  MHD_create_response_from_fd

  MHD_create_response_from_fd64

  MHD_create_response_from_fd_at_offset

  MHD_create_response_from_fd_at_offset64

  MHD_del_response_header

  MHD_destroy_response

  MHD_free

  MHD_get_connection_info

  MHD_get_connection_values

  MHD_get_daemon_info

  MHD_get_fdset

  MHD_get_fdset2

  MHD_get_reason_phrase_for

  MHD_get_response_header

  MHD_get_response_headers

  MHD_get_timeout

  MHD_get_version

  MHD_http_unescape

  MHD_is_feature_supported

  MHD_lookup_connection_value

  MHD_queue_response

  MHD_quiesce_daemon

  MHD_resume_connection

  MHD_run

  MHD_run_from_select

  MHD_set_connection_option

  MHD_set_connection_value

  MHD_set_panic_func

  MHD_set_response_options

  MHD_start_daemon

  MHD_start_daemon_va

  MHD_stop_daemon

  MHD_suspend_connection

  MHD_upgrade_action

  Sections

  .text

  Size: 4.3MB - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 21KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 542KB - Virtual size: 541KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .eh_fram

  Size: 624KB - Virtual size: 624KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 16KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 119KB - Virtual size: 119KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ