General

Malware Config

Signatures

Files

• 0e050ac9dfbd5ed0138aba25ea910e360904ffe5409a47d1dc757841c97abfa0

  .exe windows x86

  9cb27144f5dd2abfbd7b2de3cae7916b

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  WinExec

  TerminateProcess

  Sleep

  OutputDebugStringW

  OpenProcess

  LoadLibraryW

  LeaveCriticalSection

  InitializeCriticalSection

  GetWindowsDirectoryW

  GetVersionExW

  GetTickCount

  GetTempPathW

  GetSystemInfo

  GetSystemDirectoryW

  GetProcAddress

  GetLastError

  GetCurrentProcessId

  GetCurrentProcess

  FreeLibrary

  EnterCriticalSection

  DeleteCriticalSection

  CreateMutexW

  CloseHandle

  ProcessIdToSessionId

  InterlockedDecrement

  GlobalFindAtomW

  PeekConsoleInputA

  QueryDosDeviceA

  GetCommState

  WriteProfileStringW

  Beep

  ReadConsoleOutputW

  _lread

  VerSetConditionMask

  FindNextFileW

  WideCharToMultiByte

  FormatMessageW

  SetLastError

  lstrcmpW

  FindVolumeClose

  FindFirstVolumeW

  GetDriveTypeW

  FindNextVolumeW

  FileTimeToSystemTime

  SetSystemTime

  WaitForMultipleObjects

  OpenEventW

  ReleaseMutex

  OpenMutexW

  UnmapViewOfFile

  CreateFileMappingW

  OpenFileMappingW

  MapViewOfFile

  GetCurrentThread

  CancelWaitableTimer

  CreateWaitableTimerW

  WaitForMultipleObjectsEx

  LocalAlloc

  lstrlenW

  GetComputerNameExW

  SetEvent

  WaitForSingleObject

  CreateEventW

  GetCommandLineW

  LocalFree

  UnhandledExceptionFilter

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  QueryPerformanceCounter

  GetModuleHandleA

  SetUnhandledExceptionFilter

  OutputDebugStringA

  InterlockedCompareExchange

  TlsGetValue

  TlsSetValue

  InterlockedExchange

  RaiseException

  LoadLibraryA

  GetOverlappedResult

  CancelIo

  ReadFile

  WriteFile

  ResetEvent

  CompareFileTime

  CreateFileW

  WaitNamedPipeW

  ConnectNamedPipe

  CreateNamedPipeW

  GetVersion

  VirtualQuery

  VirtualAlloc

  VirtualProtect

  GetProcessHeap

  HeapFree

  SetWaitableTimer

  HeapAlloc

  DeviceIoControl

  user32

  SetForegroundWindow

  PostMessageW

  GetForegroundWindow

  FindWindowW

  SetTimer

  GetDoubleClickTime

  GetSystemMetrics

  GetCursorPos

  UserHandleGrantAccess

  MsgWaitForMultipleObjects

  CharUpperBuffW

  SendMessageCallbackW

  GetClipboardOwner

  LoadStringA

  SetThreadDesktop

  DefMDIChildProcW

  RegisterDeviceNotificationA

  PeekMessageA

  CreateDialogParamA

  SetWindowPos

  GetWindowRect

  RegisterClipboardFormatW

  CreateMenu

  SetDoubleClickTime

  ShowOwnedPopups

  MsgWaitForMultipleObjectsEx

  EnableWindow

  ChangeClipboardChain

  IsIconic

  OemKeyScan

  GetScrollRange

  CloseClipboard

  EnumWindowStationsW

  DdeClientTransaction

  SetScrollInfo

  GetMenuItemInfoW

  TranslateMessage

  SetWindowTextA

  ExitWindowsEx

  LoadIconW

  LoadCursorFromFileW

  CharLowerA

  LoadIconA

  GetMenuContextHelpId

  GetMessagePos

  CharNextW

  GetKeyState

  GetShellWindow

  GetWindowContextHelpId

  GetQueueStatus

  CreatePopupMenu

  DestroyWindow

  CloseDesktop

  EndMenu

  IsWindowVisible

  GetListBoxInfo

  IsCharAlphaW

  GetFocus

  GetWindowDC

  CharUpperA

  GetDC

  OpenIcon

  GetAsyncKeyState

  GetClipboardViewer

  GetThreadDesktop

  GetClipboardData

  IsGUIThread

  gdi32

  GetGlyphOutlineW

  SetPaletteEntries

  GetCharacterPlacementW

  SetAbortProc

  DeviceCapabilitiesExA

  GdiEntry6

  PolylineTo

  CLIPOBJ_bEnum

  EngCreateBitmap

  DeviceCapabilitiesExW

  EnumFontFamiliesExW

  GdiIsMetaPrintDC

  EngTextOut

  STROBJ_vEnumStart

  GetAspectRatioFilterEx

  GdiTransparentBlt

  GdiFixUpHandle

  Rectangle

  SelectFontLocal

  FONTOBJ_pfdg

  OffsetRgn

  GetViewportOrgEx

  SetDCBrushColor

  QueryFontAssocStatus

  RemoveFontResourceA

  RemoveFontResourceExA

  bInitSystemAndFontsDirectoriesW

  GetBrushOrgEx

  GdiQueryFonts

  GetStockObject

  AddFontResourceW

  GetDCPenColor

  EndPath

  CreateCompatibleDC

  DeleteObject

  CloseEnhMetaFile

  WidenPath

  GetBkColor

  GetLayout

  DeleteColorSpace

  GetFontLanguageInfo

  AbortPath

  CloseMetaFile

  GetBkMode

  advapi32

  RevertToSelf

  OpenProcessToken

  LookupAccountSidW

  ImpersonateLoggedOnUser

  GetUserNameW

  GetTokenInformation

  RegOpenKeyExW

  RegCloseKey

  RegCreateKeyExW

  RegSetValueExW

  RegDeleteValueW

  RegEnumValueW

  CloseServiceHandle

  OpenServiceW

  OpenSCManagerW

  QueryServiceStatus

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenThreadToken

  RegisterServiceCtrlHandlerW

  InitiateSystemShutdownExW

  ImpersonateSelf

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegQueryValueExW

  GetTraceEnableLevel

  GetTraceLoggerHandle

  UnregisterTraceGuids

  TraceEvent

  RegisterTraceGuidsW

  SetServiceStatus

  StartServiceCtrlDispatcherW

  RegQueryValueExA

  shell32

  ShellExecuteW

  SHGetSpecialFolderPathW

  ord680

  SHLoadInProc

  SHGetDiskFreeSpaceExA

  SHPathPrepareForWriteW

  ShellExecuteExA

  SHBrowseForFolder

  SHGetSpecialFolderLocation

  SHGetFileInfoW

  SHCreateDirectoryExW

  SHLoadNonloadedIconOverlayIdentifiers

  ExtractAssociatedIconW

  DragQueryPoint

  SHQueryRecycleBinA

  SHFreeNameMappings

  SHEmptyRecycleBinA

  SHCreateProcessAsUserW

  SHInvokePrinterCommandA

  SHInvokePrinterCommandW

  FindExecutableW

  CommandLineToArgvW

  DoEnvironmentSubstA

  DragQueryFileAorW

  SHGetFileInfo

  ShellExecuteExW

  ole32

  CoTaskMemFree

  CLSIDFromString

  CoCreateInstance

  CoUninitialize

  CoInitialize

  CoInitializeSecurity

  CoTaskMemAlloc

  CoSetProxyBlanket

  CoInitializeEx

  shlwapi

  StrCmpNA

  StrRChrIW

  StrRChrIA

  StrChrW

  Sections

  .text

  Size: 486KB - Virtual size: 485KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 65KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 117KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ