General

Malware Config

Signatures

Files

• 2d3538b68e1ae29ca4860e72a3767e51392c6ea40c6fac5b3da6479b5aef7aba

  .exe windows x86

  4eadfec2f0763fd2f2082a665e604fce

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  sprintf

  wcscpy

  wcscat

  wcslen

  wcscmp

  _snprintf

  floor

  strncpy

  atoi

  _strnicmp

  _iob

  strtoul

  _vsnprintf

  fprintf

  free

  malloc

  perror

  memmove

  _stricmp

  _wcsicmp

  rand

  wcsrchr

  _snwprintf

  wcsncat

  wcschr

  wcsstr

  _c_exit

  _exit

  _XcptFilter

  _cexit

  __initenv

  __getmainargs

  _initterm

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  __set_app_type

  _except_handler3

  _controlfp

  _ftol

  exit

  advapi32

  RegisterServiceCtrlHandlerExA

  SetServiceStatus

  AllocateAndInitializeSid

  GetLengthSid

  InitializeAcl

  AddAccessAllowedAce

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  FreeSid

  RegNotifyChangeKeyValue

  RegQueryValueExW

  RegSetValueExA

  RegCloseKey

  CryptAcquireContextA

  CryptGenRandom

  CryptReleaseContext

  OpenSCManagerA

  OpenServiceA

  QueryServiceStatus

  CloseServiceHandle

  RegOpenKeyExA

  RegQueryValueExA

  ReportEventA

  RegisterEventSourceA

  StartServiceCtrlDispatcherA

  kernel32

  IsBadWritePtr

  InterlockedExchangeAdd

  InterlockedDecrement

  OpenProcess

  CreateFileA

  ReadFile

  GetStdHandle

  WriteFile

  IsBadReadPtr

  GetLocalTime

  SystemTimeToFileTime

  UnmapViewOfFile

  CreateSemaphoreA

  CreateFileMappingA

  MapViewOfFile

  WaitForMultipleObjects

  GetTickCount

  WaitForSingleObject

  DeleteCriticalSection

  FormatMessageA

  LocalFree

  CreateEventA

  InitializeCriticalSection

  ResetEvent

  SetProcessWorkingSetSize

  GetCurrentProcess

  GetSystemTime

  HeapDestroy

  HeapCreate

  CreateDirectoryW

  CompareFileTime

  GetFileAttributesExW

  SetFilePointer

  CreateFileW

  WideCharToMultiByte

  LoadLibraryExW

  GetSystemDirectoryW

  GetVersionExA

  HeapSize

  OpenEventA

  FlushViewOfFile

  ReleaseSemaphore

  GetModuleHandleA

  LocalAlloc

  OpenFileMappingA

  CloseHandle

  ExitProcess

  HeapAlloc

  HeapFree

  FreeLibrary

  GetProcAddress

  GetLastError

  MultiByteToWideChar

  ExpandEnvironmentStringsW

  SetEvent

  LeaveCriticalSection

  EnterCriticalSection

  CreateThread

  ntdll

  DbgBreakPoint

  RtlRandomEx

  DbgPrint

  rpcrt4

  NdrServerCall2

  RpcAsyncCompleteCall

  UuidCreate

  RpcServerUnregisterIfEx

  RpcServerListen

  RpcServerRegisterIf

  RpcServerUseProtseqEpA

  RpcServerRegisterAuthInfoA

  RpcAsyncAbortCall

  RpcServerTestCancel

  RpcRevertToSelfEx

  RpcImpersonateClient

  RpcMgmtWaitServerListen

  RpcMgmtStopServerListening

  NdrAsyncServerCall

  secur32

  GetUserNameExA

  user32

  DefWindowProcA

  PostQuitMessage

  DispatchMessageA

  GetMessageA

  CreateWindowExA

  RegisterClassA

  ws2_32

  WSACreateEvent

  WSAWaitForMultipleEvents

  ntohs

  ntohl

  htons

  htonl

  inet_ntoa

  closesocket

  WSACloseEvent

  setsockopt

  WSAGetLastError

  WSAIoctl

  WSACleanup

  WSCEnumProtocols

  WSAStartup

  WSASocketW

  bind

  sendto

  recvfrom

  socket

  WSAEnumNetworkEvents

  WSAEventSelect

  Sections

  .text

  Size: 124KB - Virtual size: 123KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 138KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 976B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ