General

Malware Config

Signatures

Files

• 9279baaee26bd0c311ce8f49ad8eb6a2a473994d868d8a0f9725b8b5341819cc

  .exe windows x64

  918bd179b5f5dfbf12fb955c29eaebef

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  ws2_32

  getpeername

  ntohs

  recv

  select

  WSARecvFrom

  WSAIoctl

  WSASend

  shutdown

  WSASocketW

  gethostname

  WSARecv

  FreeAddrInfoW

  GetAddrInfoW

  htonl

  htons

  socket

  setsockopt

  listen

  closesocket

  bind

  WSACleanup

  WSAStartup

  getsockopt

  getsockname

  ioctlsocket

  WSAGetLastError

  WSASetLastError

  send

  psapi

  GetProcessMemoryInfo

  iphlpapi

  GetAdaptersAddresses

  crypt32

  CertFreeCertificateContext

  CertDuplicateCertificateContext

  CertFindCertificateInStore

  CertEnumCertificatesInStore

  CertCloseStore

  CertOpenStore

  CertGetCertificateContextProperty

  kernel32

  FreeLibraryAndExitThread

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  GetThreadTimes

  InterlockedFlushSList

  GetStdHandle

  SetConsoleMode

  GetConsoleMode

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  ExpandEnvironmentStringsA

  MultiByteToWideChar

  SetThreadPriority

  GetCurrentThread

  GetProcAddress

  GetModuleHandleW

  CloseHandle

  FreeConsole

  GetConsoleWindow

  VirtualProtect

  VirtualFree

  GetCurrentProcess

  VirtualAlloc

  GetLargePageMinimum

  LocalAlloc

  GetLastError

  LocalFree

  FlushInstructionCache

  SetLastError

  GetSystemTime

  SystemTimeToFileTime

  GetModuleHandleExW

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  GetCurrentThreadId

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  SwitchToFiber

  DeleteFiber

  CreateFiber

  FindClose

  FindFirstFileW

  FindNextFileW

  WideCharToMultiByte

  GetFileType

  WriteFile

  ConvertFiberToThread

  ConvertThreadToFiber

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  FreeLibrary

  LoadLibraryA

  LoadLibraryW

  GetEnvironmentVariableW

  ReadConsoleA

  ReadConsoleW

  GetConsoleScreenBufferInfo

  SetConsoleTextAttribute

  RegisterWaitForSingleObject

  UnregisterWait

  GetConsoleCursorInfo

  CreateFileW

  DuplicateHandle

  PostQueuedCompletionStatus

  QueueUserWorkItem

  SetConsoleCursorInfo

  FillConsoleOutputCharacterW

  ReadConsoleInputW

  CreateFileA

  WriteConsoleInputW

  FillConsoleOutputAttribute

  WriteConsoleW

  GetNumberOfConsoleInputEvents

  SetConsoleCursorPosition

  CreateDirectoryW

  ReadFile

  GetFileInformationByHandleEx

  GetFileSizeEx

  GetDiskFreeSpaceW

  DeviceIoControl

  RemoveDirectoryW

  QueryDepthSList

  SetFileTime

  ReOpenFile

  CreateHardLinkW

  GetFileAttributesW

  UnmapViewOfFile

  GetFileInformationByHandle

  FlushViewOfFile

  GetSystemInfo

  SetFilePointerEx

  CreateFileMappingA

  MoveFileExW

  CopyFileW

  CreateSymbolicLinkW

  MapViewOfFile

  FlushFileBuffers

  GetLongPathNameW

  GetShortPathNameW

  GetCurrentDirectoryW

  ReadDirectoryChangesW

  CreateIoCompletionPort

  VerifyVersionInfoA

  GetModuleFileNameW

  SetEnvironmentVariableW

  InitializeCriticalSection

  GetVersionExW

  FreeEnvironmentStringsW

  FileTimeToSystemTime

  QueryPerformanceFrequency

  RtlUnwind

  VerSetConditionMask

  GlobalMemoryStatusEx

  GetEnvironmentStringsW

  SetConsoleCtrlHandler

  Sleep

  CancelIo

  SetHandleInformation

  CreateEventA

  SetFileCompletionNotificationModes

  FormatMessageA

  LoadLibraryExW

  SetErrorMode

  GetQueuedCompletionStatus

  GetQueuedCompletionStatusEx

  SetNamedPipeHandleState

  CreateNamedPipeW

  PeekNamedPipe

  WaitForSingleObject

  CancelSynchronousIo

  GetNamedPipeHandleStateA

  CancelIoEx

  SwitchToThread

  ConnectNamedPipe

  TerminateProcess

  UnregisterWaitEx

  LCMapStringW

  GetExitCodeProcess

  SleepConditionVariableCS

  TryEnterCriticalSection

  ReleaseSemaphore

  WakeConditionVariable

  InitializeConditionVariable

  ResumeThread

  SetEvent

  GetNativeSystemInfo

  CreateSemaphoreA

  GetModuleHandleA

  DebugBreak

  GetStartupInfoW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  CreateThread

  SignalObjectAndWait

  CreateTimerQueue

  InitializeSListHead

  IsDebuggerPresent

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  GetCommandLineA

  GetCommandLineW

  ExitThread

  GetDriveTypeW

  SystemTimeToTzSpecificLocalTime

  ExitProcess

  SetStdHandle

  GetConsoleCP

  GetFileAttributesExW

  SetFileAttributesW

  HeapReAlloc

  HeapFree

  HeapAlloc

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetTimeZoneInformation

  HeapSize

  GetFullPathNameW

  SetEndOfFile

  FindFirstFileExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetProcessHeap

  GetFinalPathNameByHandleW

  UnhandledExceptionFilter

  RtlVirtualUnwind

  WaitForSingleObjectEx

  GetExitCodeThread

  CreateEventW

  GetTickCount

  EncodePointer

  DecodePointer

  GetCPInfo

  CompareStringW

  GetLocaleInfoW

  GetStringTypeW

  ResetEvent

  RtlCaptureContext

  RtlLookupFunctionEntry

  user32

  GetSystemMetrics

  GetMessageA

  MapVirtualKeyW

  DispatchMessageA

  TranslateMessage

  MessageBoxW

  GetUserObjectInformationW

  GetProcessWindowStation

  ShowWindow

  shell32

  SHGetSpecialFolderPathA

  advapi32

  CryptAcquireContextA

  CryptGenRandom

  CryptEnumProvidersW

  CryptSignHashW

  CryptDestroyHash

  CryptCreateHash

  CryptDecrypt

  CryptExportKey

  CryptGetUserKey

  CryptGetProvParam

  CryptSetHashParam

  CryptDestroyKey

  CryptReleaseContext

  CryptAcquireContextW

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenProcessToken

  LsaOpenPolicy

  LsaAddAccountRights

  LsaClose

  GetTokenInformation

  bcrypt

  BCryptGenRandom

  Sections

  .text

  Size: 2.9MB - Virtual size: 2.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 860KB - Virtual size: 860KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 273KB - Virtual size: 3.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 124KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RANDOMX

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _TEXT_CN

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _TEXT_CN

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 148B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ