General

Malware Config

Signatures

Files

• 11e12e20e3688dfd70b7a29b38a2e58f964b891b5fb89c6896c8c0a73c40021d

  .exe windows x86

  769f5e1d8b295ec38cd77651613001f3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  OpenSemaphoreW

  LoadLibraryA

  GetModuleFileNameW

  GetModuleHandleA

  GetProcessShutdownParameters

  GetFirmwareEnvironmentVariableW

  FindResourceExA

  EnumResourceTypesW

  EndUpdateResourceA

  GetProfileStringW

  WritePrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  GetTempFileNameA

  GetCurrentDirectoryW

  GetDiskFreeSpaceW

  CreateDirectoryExA

  DefineDosDeviceW

  GetFileAttributesExW

  DeleteFileA

  CopyFileA

  lstrlenA

  BuildCommDCBAndTimeoutsA

  CommConfigDialogA

  GetDefaultCommConfigW

  MapUserPhysicalPages

  OpenJobObjectW

  IsProcessInJob

  ReleaseActCtx

  GetNumaHighestNodeNumber

  GetCPInfo

  GetCalendarInfoW

  SetCalendarInfoA

  EnumDateFormatsW

  GetUserDefaultLangID

  PeekConsoleInputW

  AllocConsole

  CreateFileW

  CloseHandle

  WriteConsoleW

  SetStdHandle

  lstrcmpW

  GetMailslotInfo

  PeekNamedPipe

  GetSystemTimes

  SetCommTimeouts

  GetCommTimeouts

  GetFileTime

  DeviceIoControl

  GetStdHandle

  GetFileSize

  LockFileEx

  GetExitCodeThread

  UnhandledExceptionFilter

  GetEnvironmentStringsW

  GetProcessTimes

  HeapWalk

  GetProcAddress

  HeapReAlloc

  HeapDestroy

  VirtualProtect

  GlobalMemoryStatusEx

  GlobalLock

  GlobalAlloc

  IsBadStringPtrW

  WideCharToMultiByte

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  MultiByteToWideChar

  GetStringTypeW

  GetLastError

  HeapFree

  RaiseException

  RtlUnwind

  GetCommandLineA

  HeapAlloc

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  Sleep

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetModuleHandleW

  IsProcessorFeaturePresent

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  ExitProcess

  GetModuleHandleExW

  HeapSize

  GetProcessHeap

  IsDebuggerPresent

  GetCurrentThreadId

  GetFileType

  GetModuleFileNameA

  WriteFile

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  FreeEnvironmentStringsW

  IsValidCodePage

  GetACP

  GetOEMCP

  LoadLibraryExW

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  OutputDebugStringW

  FlushFileBuffers

  ReadFile

  ReadConsoleW

  user32

  DlgDirListA

  DialogBoxParamA

  GetMonitorInfoW

  advapi32

  RegOpenKeyExA

  RegisterServiceCtrlHandlerA

  QueryServiceConfigW

  ControlService

  RegQueryValueExW

  RegQueryValueExA

  RegQueryValueW

  RegEnumValueW

  RegCreateKeyW

  RegCloseKey

  LookupPrivilegeValueA

  SetKernelObjectSecurity

  SetPrivateObjectSecurity

  SetSecurityDescriptorControl

  AddAuditAccessAceEx

  GetAce

  AreAnyAccessesGranted

  GetSidIdentifierAuthority

  ObjectCloseAuditAlarmW

  ObjectPrivilegeAuditAlarmW

  OpenThreadToken

  RegisterEventSourceW

  ClearEventLogA

  Sections

  .text

  Size: 119KB - Virtual size: 118KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 36.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 44KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ