General

Malware Config

Signatures

Files

• 953367b0ce6b0ebf5dda2477828e5a7750b072700d9c96c29136f152d0c3f489

  .exe windows x86

  a01b1928b5861a39111d113e95090703

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SystemTimeToFileTime

  MultiByteToWideChar

  WideCharToMultiByte

  GetProcAddress

  LoadLibraryW

  GetShortPathNameA

  SetCurrentDirectoryW

  GetTempPathA

  GetLastError

  HeapAlloc

  GetProcessHeap

  Sleep

  GetTickCount

  FreeLibrary

  LoadResource

  DosDateTimeToFileTime

  SizeofResource

  FindResourceW

  LocalAlloc

  WinExec

  GetComputerNameW

  GetModuleFileNameA

  GetCurrentProcessId

  OpenProcess

  GetPrivateProfileStringW

  CopyFileW

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetCurrentProcess

  DuplicateHandle

  CloseHandle

  WriteFile

  SetFileTime

  ReadFile

  SetFilePointer

  GetFileType

  CreateFileW

  CreateDirectoryW

  LockResource

  GetCurrentDirectoryW

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  GetTimeZoneInformation

  GetFileSizeEx

  GetConsoleCP

  SetFilePointerEx

  ReadConsoleW

  GetConsoleMode

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetCommandLineW

  GetCommandLineA

  AreFileApisANSI

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  WaitForSingleObject

  GetFileAttributesW

  GetCurrentThreadId

  UnmapViewOfFile

  HeapValidate

  HeapSize

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  LoadLibraryA

  WaitForSingleObjectEx

  DeleteFileA

  DeleteFileW

  HeapReAlloc

  GetSystemInfo

  HeapCompact

  HeapDestroy

  UnlockFile

  LocalFree

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  FlushFileBuffers

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  SetEvent

  ResetEvent

  CreateEventW

  GetModuleHandleW

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  EncodePointer

  DecodePointer

  SetLastError

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetCPInfo

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  RaiseException

  RtlUnwind

  LoadLibraryExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  GetModuleFileNameW

  GetStdHandle

  WriteConsoleW

  advapi32

  AdjustTokenPrivileges

  OpenProcessToken

  LookupAccountNameW

  LookupPrivilegeValueW

  shell32

  ShellExecuteExA

  wininet

  InternetGetCookieExA

  netapi32

  Netbios

  Sections

  .text

  Size: 1020KB - Virtual size: 1020KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 1024B - Virtual size: 598B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .gtkstar

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 179KB - Virtual size: 179KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gtkstar

  Size: 512B - Virtual size: 80B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 121KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ