General

Malware Config

Signatures

Files

• a68c787b086956574b6479e01431ef96356b15724eaaa872ca6825d6dd8edf22

  .exe windows x86

  d748c6d9508268b9d33551560e303422

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  TryEnterCriticalSection

  lstrlenA

  CommConfigDialogA

  GetDefaultCommConfigW

  LoadLibraryExW

  WriteTapemark

  SetConsoleTextAttribute

  GetCommState

  ReadConsoleA

  WaitNamedPipeA

  ZombifyActCtx

  SetDefaultCommConfigW

  GetEnvironmentStringsW

  CancelWaitableTimer

  SetTapeParameters

  GetModuleHandleW

  GetConsoleAliasesA

  GetConsoleTitleA

  WriteFile

  GetPriorityClass

  GetEnvironmentStrings

  GetVolumeInformationA

  ReadConsoleInputA

  GetCalendarInfoA

  SetConsoleCP

  DeleteVolumeMountPointW

  GetStringTypeExW

  GetNativeSystemInfo

  lstrcpynW

  GetModuleFileNameW

  CreateActCtxA

  VerifyVersionInfoW

  ReleaseActCtx

  InterlockedFlushSList

  GetProcAddress

  CreateConsoleScreenBuffer

  BeginUpdateResourceW

  HeapUnlock

  GetAtomNameA

  InterlockedExchangeAdd

  LocalAlloc

  BuildCommDCBAndTimeoutsW

  SetConsoleCtrlHandler

  LockResource

  VirtualLock

  HeapLock

  SetConsoleWindowInfo

  FindAtomA

  SetSystemTime

  RequestDeviceWakeup

  GetCPInfoExA

  lstrcpyW

  CopyFileExA

  lstrcpyA

  HeapReAlloc

  CreateMutexW

  GetFileAttributesA

  PulseEvent

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  EncodePointer

  DecodePointer

  IsProcessorFeaturePresent

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCurrentProcess

  RtlUnwind

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  SetHandleCount

  GetFileType

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  GetCurrentThread

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  RaiseException

  Sleep

  HeapFree

  FatalAppExitA

  CloseHandle

  CreateFileA

  FreeLibrary

  InterlockedExchange

  LoadLibraryW

  GetLocaleInfoW

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  SetStdHandle

  SetFilePointer

  SetEndOfFile

  GetProcessHeap

  MultiByteToWideChar

  ReadFile

  HeapSize

  LCMapStringW

  GetStringTypeW

  WriteConsoleW

  CreateFileW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  gdi32

  GetCharWidth32A

  advapi32

  BackupEventLogA

  Sections

  .text

  Size: 3.8MB - Virtual size: 3.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .yax

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .mehafin

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ