General

Malware Config

Signatures

Files

• 40e70983e6885ea29dd46403272ffbff012456f7f9987f66ef91420c7cdfb9cf

  .exe windows x86

  e60104312d638d293e60844b4df939a0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrlenA

  AllocConsole

  CommConfigDialogA

  UpdateResourceA

  SetWaitableTimer

  WriteTapemark

  SetConsoleTextAttribute

  GetCommState

  ZombifyActCtx

  SetDefaultCommConfigW

  GetEnvironmentStringsW

  SetTapeParameters

  GetModuleHandleW

  GetTickCount

  GetConsoleAliasesA

  IsBadReadPtr

  GetConsoleTitleA

  WaitNamedPipeW

  WriteFile

  QueryActCtxW

  GetVolumeInformationA

  LoadLibraryW

  ReadConsoleInputA

  GetCalendarInfoA

  WriteConsoleOutputA

  SetConsoleCP

  GetFileAttributesA

  HeapCompact

  GetModuleFileNameW

  GetTimeZoneInformation

  CreateActCtxA

  GetDevicePowerState

  VirtualUnlock

  GetStringTypeExA

  VerifyVersionInfoW

  InterlockedFlushSList

  GetProcAddress

  AttachConsole

  GetTapeStatus

  CreateConsoleScreenBuffer

  HeapUnlock

  InterlockedExchangeAdd

  LocalAlloc

  BuildCommDCBAndTimeoutsW

  SetConsoleCtrlHandler

  HeapLock

  FindAtomA

  SetSystemTime

  LoadLibraryExA

  DeleteCriticalSection

  GetCPInfoExA

  lstrcpyW

  CopyFileExA

  lstrcpyA

  HeapReAlloc

  CreateMutexW

  lstrcpynW

  PulseEvent

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  EncodePointer

  DecodePointer

  IsProcessorFeaturePresent

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCurrentProcess

  RtlUnwind

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  SetHandleCount

  GetFileType

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  GetCurrentThread

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  RaiseException

  Sleep

  HeapFree

  FatalAppExitA

  CloseHandle

  CreateFileA

  FreeLibrary

  InterlockedExchange

  GetLocaleInfoW

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  SetStdHandle

  SetFilePointer

  SetEndOfFile

  GetProcessHeap

  MultiByteToWideChar

  ReadFile

  HeapSize

  LCMapStringW

  GetStringTypeW

  WriteConsoleW

  CreateFileW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  gdi32

  GetCharWidth32A

  advapi32

  BackupEventLogA

  Sections

  .text

  Size: 3.8MB - Virtual size: 3.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .yifa

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 54KB - Virtual size: 53KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ