General

Malware Config

Signatures

Files

• 0b2da1d6b98306bf204f7c061976afe3d460af1da864c104bb1b6f9d0997fddb

  .zip
• R010982210.exe

  .exe windows x86

  8dba14b5415c4a8fd9aa97530cb9d1a2

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetProcAddress

  LoadLibraryA

  VirtualProtect

  comdlg32

  GetFileTitleW

  CommDlgExtendedError

  ReplaceTextW

  PageSetupDlgA

  GetSaveFileNameA

  mapi32

  ord23

  ord183

  ord201

  ord53

  winmm

  waveOutPrepareHeader

  joyGetDevCapsA

  DefDriverProc

  midiStreamPause

  mmioInstallIOProcA

  waveOutMessage

  pdh

  PdhIsRealTimeQuery

  PdhGetRawCounterValue

  PdhEnumObjectsW

  PdhGetFormattedCounterArrayW

  shell32

  ExtractIconExW

  SHGetFileInfoW

  DragQueryFileA

  shlwapi

  SHDeleteValueA

  StrCmpIW

  SHRegGetUSValueA

  PathIsRelativeA

  StrRChrW

  SHSetValueW

  PathIsSystemFolderA

  StrCmpNIA

  StrRChrIW

  SHRegEnumUSKeyA

  crypt32

  CertNameToStrA

  CertVerifyCRLTimeValidity

  CertSerializeCTLStoreElement

  CryptEnumOIDFunction

  user32

  MessageBoxW

  SetWindowsHookW

  IsChild

  EnumThreadWindows

  SetDeskWallpaper

  MenuItemFromPoint

  DrawTextExA

  CharToOemBuffA

  IsDlgButtonChecked

  wsprintfW

  Sections

  .text

  Size: 87KB - Virtual size: 87KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 427KB - Virtual size: 427KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ