General

Malware Config

Signatures

Files

• 33b62b95281bb0ecbad2523bb99e4853fd516044b8f2b42ef4a1e29903e7bd0f

  .exe windows x86

  8e24fa1c3874857edd3d313e803df173

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_AGGRESIVE_WS_TRIM

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  certcli

  CACloseCA

  CADeleteCA

  CAEnumFirstCA

  CAEnumNextCA

  CACloseCertType

  cmutil

  CmFree

  CmMalloc

  CmMoveMemory

  kernel32

  SetErrorMode

  GetFileAttributesA

  LoadLibraryExA

  GetModuleHandleA

  GetLogicalDriveStringsA

  GetProcAddress

  CreateMailslotW

  GetCommandLineW

  GetLongPathNameA

  CreateFileW

  MoveFileExW

  UnmapViewOfFile

  GetTickCount

  WaitForSingleObject

  CreateSemaphoreA

  advapi32

  LogonUserW

  CryptSignHashW

  InitializeSid

  RegEnumKeyA

  OpenEventLogA

  ClearEventLogW

  RegDeleteValueA

  RegRestoreKeyA

  RegReplaceKeyW

  RegCreateKeyExW

  RegSaveKeyA

  untfs

  Recover

  FormatEx

  Sections

  .text

  Size: 47KB - Virtual size: 46KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 520KB - Virtual size: 520KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ