General

Malware Config

Signatures

Files

• 9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8

  .exe windows x86

  c7175163e95c1bf473464562ee006033

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrlenA

  AllocConsole

  CommConfigDialogA

  GetDefaultCommConfigW

  UpdateResourceA

  SetWaitableTimer

  LoadLibraryExW

  WriteTapemark

  SetConsoleTextAttribute

  GetCommState

  ReadConsoleA

  ZombifyActCtx

  SetDefaultCommConfigW

  GetEnvironmentStringsW

  GetModuleHandleW

  GetConsoleAliasesA

  IsBadReadPtr

  GetConsoleTitleA

  WaitNamedPipeW

  WriteFile

  GetVolumeInformationA

  ReadConsoleInputA

  GetCalendarInfoA

  SetConsoleCP

  DeleteVolumeMountPointW

  GetFileAttributesA

  GetNativeSystemInfo

  GetModuleFileNameW

  CreateActCtxA

  GetDevicePowerState

  VirtualUnlock

  GetStringTypeExA

  VerifyVersionInfoW

  GetLastError

  InterlockedFlushSList

  GetProcAddress

  GetTapeStatus

  CreateConsoleScreenBuffer

  HeapUnlock

  GetAtomNameA

  InterlockedExchangeAdd

  LocalAlloc

  BuildCommDCBAndTimeoutsW

  SetConsoleCtrlHandler

  BeginUpdateResourceA

  HeapLock

  FindAtomA

  SetSystemTime

  DeleteCriticalSection

  GetCPInfoExA

  lstrcpyW

  CopyFileExA

  lstrcpyA

  HeapReAlloc

  CreateMutexW

  lstrcpynW

  PulseEvent

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  RaiseException

  HeapAlloc

  HeapFree

  IsProcessorFeaturePresent

  EncodePointer

  DecodePointer

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCurrentProcess

  RtlUnwind

  ExitProcess

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  SetHandleCount

  GetFileType

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  GetCurrentThread

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  Sleep

  FatalAppExitA

  CloseHandle

  CreateFileA

  HeapSize

  FreeLibrary

  InterlockedExchange

  LoadLibraryW

  GetLocaleInfoW

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  SetStdHandle

  SetFilePointer

  SetEndOfFile

  GetProcessHeap

  MultiByteToWideChar

  ReadFile

  LCMapStringW

  GetStringTypeW

  WriteConsoleW

  CreateFileW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  gdi32

  GetCharWidth32A

  advapi32

  BackupEventLogA

  Sections

  .text

  Size: 3.8MB - Virtual size: 3.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .poh

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pay

  Size: 512B - Virtual size: 1B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 54KB - Virtual size: 53KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ