General

Malware Config

Signatures

Files

• 0d024688303f338fdc705461d6271b2663409b211b76ed00e38739af6c22c386

  .exe windows x86

  16e39b9167443de929a10256e4ae12d0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WriteConsoleInputW

  lstrlenA

  TlsGetValue

  SetLocalTime

  GetDefaultCommConfigW

  BuildCommDCBAndTimeoutsA

  FreeLibrary

  LoadResource

  SetWaitableTimer

  SetUnhandledExceptionFilter

  ZombifyActCtx

  GlobalSize

  SetEnvironmentVariableW

  HeapFree

  GetProfileSectionA

  WaitForSingleObject

  ConnectNamedPipe

  CallNamedPipeW

  GetProcessPriorityBoost

  CreateNamedPipeW

  VirtualFree

  EnumTimeFormatsA

  WriteFile

  GetCommandLineA

  TzSpecificLocalTimeToSystemTime

  GetPriorityClass

  GlobalAlloc

  LoadLibraryW

  GetConsoleMode

  GetPrivateProfileStructW

  SetVolumeMountPointA

  DeleteVolumeMountPointW

  SetConsoleCursorPosition

  GetFileAttributesW

  SetTimeZoneInformation

  GlobalMemoryStatus

  TerminateProcess

  GetConsoleFontSize

  GetBinaryTypeW

  GetOverlappedResult

  GetACP

  DeactivateActCtx

  CreateJobObjectA

  VerifyVersionInfoW

  GetHandleInformation

  GetLastError

  GetCurrentDirectoryW

  LocalLock

  MoveFileW

  SetComputerNameA

  EnterCriticalSection

  GetLocalTime

  OpenMutexA

  LocalAlloc

  BuildCommDCBAndTimeoutsW

  GetCommMask

  GetOEMCP

  CreateIoCompletionPort

  LoadLibraryExA

  DebugBreakProcess

  CreateMutexA

  VirtualProtect

  ScrollConsoleScreenBufferA

  GetVersionExA

  GetSystemTime

  GetVolumeInformationW

  lstrcpyA

  SetSystemPowerState

  LocalUnlock

  InterlockedIncrement

  InterlockedDecrement

  Sleep

  InitializeCriticalSection

  DeleteCriticalSection

  LeaveCriticalSection

  DeleteFileA

  GetStartupInfoW

  UnhandledExceptionFilter

  GetModuleFileNameW

  HeapValidate

  IsBadReadPtr

  RaiseException

  RtlUnwind

  SetHandleCount

  GetStdHandle

  GetFileType

  GetStartupInfoA

  GetCurrentProcess

  IsDebuggerPresent

  SetStdHandle

  WideCharToMultiByte

  GetConsoleCP

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetModuleHandleW

  GetProcAddress

  ExitProcess

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  HeapDestroy

  HeapCreate

  GetModuleFileNameA

  FlushFileBuffers

  DebugBreak

  OutputDebugStringA

  WriteConsoleW

  OutputDebugStringW

  HeapAlloc

  HeapSize

  HeapReAlloc

  VirtualAlloc

  GetCPInfo

  IsValidCodePage

  InitializeCriticalSectionAndSpinCount

  MultiByteToWideChar

  WriteConsoleA

  GetConsoleOutputCP

  SetFilePointer

  LoadLibraryA

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  ReadFile

  CreateFileA

  CloseHandle

  GetModuleHandleA

  user32

  GetAncestor

  GetWindowInfo

  advapi32

  RevertToSelf

  Exports

  Exports

  _go@4

  _kir@8

  Sections

  .text

  Size: 158KB - Virtual size: 158KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4.2MB - Virtual size: 8.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 28KB - Virtual size: 788KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ