General

Malware Config

Signatures

Files

• 5174578092599093cad0ec486fc0387458889935ded18c981fbd52998723bca2

  .exe windows x86

  fe3a8a84f96a5de23f516a0ee4e0688a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcpynA

  GetDefaultCommConfigW

  BuildCommDCBAndTimeoutsA

  HeapAlloc

  LoadLibraryExW

  WriteTapemark

  ReadConsoleA

  WaitNamedPipeA

  ZombifyActCtx

  GetSystemWindowsDirectoryW

  GetEnvironmentStringsW

  CancelWaitableTimer

  SetTapeParameters

  GetModuleHandleW

  GetTickCount

  WriteFile

  CreateActCtxW

  GetPriorityClass

  GetEnvironmentStrings

  GetVolumeInformationA

  ReadConsoleInputA

  GetCalendarInfoW

  SetConsoleCP

  DeleteVolumeMountPointW

  GetStringTypeExW

  GetFileAttributesA

  GetModuleFileNameW

  CommConfigDialogA

  GetConsoleAliasesW

  ReleaseActCtx

  InterlockedFlushSList

  GetProcAddress

  CreateConsoleScreenBuffer

  BeginUpdateResourceW

  ResetEvent

  GetAtomNameA

  InterlockedExchangeAdd

  LocalAlloc

  SetConsoleCtrlHandler

  LockResource

  VirtualLock

  SetConsoleWindowInfo

  FindAtomA

  FoldStringW

  SetSystemTime

  RequestDeviceWakeup

  GetConsoleTitleW

  GetCPInfoExA

  GetWindowsDirectoryW

  lstrcpyW

  CopyFileExA

  FreeLibrary

  GetStringTypeW

  lstrlenA

  TryEnterCriticalSection

  HeapReAlloc

  GetNativeSystemInfo

  CreateMutexW

  SetDefaultCommConfigA

  VerifyVersionInfoW

  InterlockedIncrement

  InterlockedDecrement

  EncodePointer

  DecodePointer

  Sleep

  InterlockedExchange

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  GetLastError

  HeapFree

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  RaiseException

  RtlUnwind

  WideCharToMultiByte

  LCMapStringW

  MultiByteToWideChar

  GetCPInfo

  IsProcessorFeaturePresent

  HeapCreate

  HeapDestroy

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  SetLastError

  GetCurrentThreadId

  GetCurrentThread

  SetUnhandledExceptionFilter

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetLocaleInfoW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  HeapSize

  FatalAppExitA

  GetACP

  GetOEMCP

  IsValidCodePage

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  LoadLibraryW

  user32

  GetAncestor

  advapi32

  DeregisterEventSource

  CloseEventLog

  BackupEventLogW

  NotifyChangeEventLog

  RegQueryValueExW

  GetSidSubAuthorityCount

  Sections

  .text

  Size: 492KB - Virtual size: 492KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rokun

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .nexukay

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ