General

Malware Config

Signatures

Files

• 03568cf423fd658b3799b3cd687e4d537f3788bec138352c252434ef8fc041bd

  .exe windows x86

  7127463e4161bd2854914c62725bc419

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersionExA

  GetVersion

  TlsGetValue

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  SetWindowPos

  gdi32

  DeleteDC

  comdlg32

  GetOpenFileNameW

  advapi32

  RegOpenKeyExW

  shell32

  ShellExecuteW

  ole32

  CoUninitialize

  imagehlp

  ImageNtHeader

  comctl32

  _TrackMouseEvent

  iphlpapi

  GetAdaptersInfo

  winmm

  waveOutGetDevCapsW

  wininet

  InternetOpenW

  imm32

  ImmSetCompositionWindow

  oleaut32

  SysFreeString

  gdiplus

  GdipSetPixelOffsetMode

  Exports

  Exports

  * ��2 �ڨ�w8�z�uJk_����NҊF^5,Ә��-��y*Ьd����DwG�7버����=���I]����|�n]‚a����$�Ok����WK=am�f��+���bb!����V��6†^�����i�U}����:xv�x�?�a�Cd$A#�N$�J�#x����-����@�����C��B ���ޛ���!�D���*�f뽫|�ny�>w�����}ʻ�]����#T�) ټeD��:)W9�Ig���ة�/$ J��p��N6N�� J'�,䒌 ��'��@��a��F7�Ɋz��;�s^k�� t���F��� ��<p����uW�>q�q+TպEK��n՛�������L�d+���̂yZ"�0�.Em��#�c%[fQ&ƭ<Ⱔy'l�����.�0(�\S(� ���֋RXbO�0 ]{���5�����w�܃L��o��0�aK��6�'@(F�eh�S&���F��˫��"�<��3^��t������k�Bxo�ʽ(W�����?�T��-7=�eq����P{_d�C��G ���y��(X��S�����n��ڮ�:�6p�*��sU������G�8^0��#3�І�o#� � ��c͙ ��w����=ڜG���3�Rmr� ^�S���L���K�V�)�--�S� T�e�k��b���b��W%���nK����q�
  #@�i����0����;qi����O d?�+�{��,z7�V�YSY wb+�[��P��؀д�Т����Q��@��Na �* ϕ���'|@l�Y�U��]9�p5�Y_�Y�Z΍3���g PM�5d�~�?[����]W:�~P�,��Z���� 08P_�uš�1mO,�;���RI�r&x�7ׂe��f�������õ�j~�c�;��4���3~yϫ���5��� ����`<^���0���U�,��W`(=�g�����O�X��|��������I ��)"�����$5J�����o�NkzM�Q���qjqx��.��}�v�O�K������M����/��F�DNM�6۳4�c�N����09� ��!,��ϚZJ�����q��J�|$*#5��G�R#8�w�3��>��v��,CMb'�䒸���� pN�5<��N8ԖG�t�B4%��]_#����[�X���$�ĈT+p��1�ψ]$����X�Ո$�(>n�TlFq�F�S�}xn��W!Y�B(���t���1�����9��;���h�B�E�u��_�P� ��Y�_:����)��= Æ
  9_,ZW�1N����`.<��IU���qr��(����tJ*����4��]~E�8�����םxd���x��������&IP$V��VV`�%!��xrJ������8w~yO�B�P����n�L�7�(C������������.vc��"~)�"�W]T�N� KR���zQ"������
  �rg�ݮ��&��v�Zt��U�׿$�05_�G���Z�
  �cK�_"�7a�m �jln�%�-t!qp~BP�@���ӕ�����d����{+� ����I�xß?��j�� ^��|�����FO�]]%Owa#����H������*����(PVq�$ha2JW�ā{�M_�)���:1��\�ܧ3o=������"j����|ĩ�П�#��Ǻ�d���:��d���F���'�i��Y\�a9���O73S�/{��mݦ���{��<Y;>�m:m:� ���e�,�܍�����~H�lR�+�Ζ׺)��)b�f���I�YU`�M��v�v#Ҥ��ň�C�+<��`�?��� �Mm�PT`�ޤ�#�N�>�B����n���Y_�햊�#EM�."_�D�sP�u!3��3�Gq@�M"���^�D�6=��E�K@���-=Y��7Aۅ~��jq�����ͯ�X�}h�9�to^��&v���F�myUJ��$WC%w��Qj���㟝&�x��ͷ��zL-ڼW<��f�.ξ��N�2�> ��3M�Ҥ� E��>�(¹�kѾ�O.;E�$:�RYi{kI+�V�#^�oQ�w~��0 �PK��`r���e;����r�i�1��~�X{�kT���BQ�� �&𲹵�7�� ��w��X
  ̢��PS+N�(ǜ5�q�!{i�aw���^\\4p�oJ�ʤ;���GV߁|�o��vC�����-��jۤMf&W��2#��4T�ֹ�0��k�*Z#�9��B�pK��k8�6��~qbg������֧ �� @re"�_��cmo&ۦ��
  �O�����BL�G̥����Q��*�ۆ�V81�'9�1�ii�Qu�%�<���xZ.\���,6�6S���/>�u�]���y�~���Gx�kF���–����"ܽ����Erm�6Za�L��
  ���M�M->(�%_X�3e����"!����Y�r��ij��S�"C��ly�'��������_|A��J}��qfR������j8�>�ę%
  U�� ����:Y�_G��|Z��-�qURc��
  ��K��8��pGa���1�B��Vd�f��j�Eˎ5L�$B���G�e_����ҸDW,'h] ,zxm�іA���Xݿ���g�r��`�a��mt�tت����s퉠ya�(;ȷ�QOv���2���g�1��_�B�K�s�Ɣ������9�%�^,}��)5�8W�G5$�@�@*ְJ��۟7�rw!��g�ّ�8d�7-��~k�9�ey��=�6o���X�"��럶�����������%R�!_��%����
  q�|}r�嚓�j4ɱ�������1�7�� 7Ձ���ǒ��LiI�\�w �:F_r�\E#P~vpU�.���Q?�����?
  :��T�,���"V��qf2,�����3�U�
  �Bb�!� �f����
  �-Fu �p$v~i͇ �(ėGh2ۥO�����'�lȄ����|�ͻA����
  �u�U�-z���Gߴ+���p3��0�dGP�j�,��h;��W��O-����U�� �~�{�m���k40)ZæR�X��e)`%��w��f�W�c�

  Sections

  .text

  Size: - Virtual size: 664KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 107KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 2.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 368B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 20KB - Virtual size: 963KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ