General

Malware Config

Signatures

Files

• db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506

  .exe windows x86

  64cf01d55fbb458113b127e1e60a4707

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CopyFileA

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  advapi32

  RegSetValueExW

  shell32

  ShellExecuteExA

  winhttp

  WinHttpSetOption

  user32

  GetProcessWindowStation

  GetUserObjectInformationW

  Sections

  .text

  Size: - Virtual size: 400KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 96KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 1.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 453KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ