General

Malware Config

Signatures

Files

• 305153b14416391a42cd06338729048cc5a4163bb3a014422745beb5e6572811

  .exe windows x86

  1fff74b5b44a5a23a6111f12269ad026

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCPInfo

  IsProcessorFeaturePresent

  HeapReAlloc

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCurrentProcess

  HeapCreate

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  SetLastError

  GetCurrentThreadId

  SetHandleCount

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  GetFileType

  ExitProcess

  WriteFile

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  ReadFile

  SetFilePointer

  GetModuleFileNameW

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTickCount

  GetSystemTimeAsFileTime

  IsValidCodePage

  GetStringTypeW

  HeapSize

  GetUserDefaultLCID

  GetLocaleInfoA

  MultiByteToWideChar

  IsValidLocale

  WriteConsoleW

  SetStdHandle

  CreateFileW

  LoadLibraryA

  GetLastError

  lstrlenA

  MulDiv

  LoadLibraryW

  CreateNamedPipeA

  ConnectNamedPipe

  GetProcAddress

  GetCurrentThread

  CloseHandle

  GetProcessHeap

  DecodePointer

  EncodePointer

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  Sleep

  InterlockedDecrement

  InterlockedIncrement

  LCMapStringW

  WideCharToMultiByte

  GetStartupInfoW

  HeapSetInformation

  RtlUnwind

  HeapAlloc

  HeapFree

  CreateFileA

  DeviceIoControl

  lstrcmpiA

  GetSystemDirectoryA

  CreateEventA

  WaitForSingleObject

  GetOEMCP

  GetACP

  lstrcpyA

  LocalAlloc

  GetCurrentProcessId

  RaiseException

  EnumSystemLocalesA

  GetCommandLineA

  GetModuleHandleA

  GetLocaleInfoW

  SetEndOfFile

  user32

  FindWindowExA

  GetDlgItemTextA

  FindWindowA

  LoadIconA

  GetSystemMetrics

  UpdateWindow

  InvalidateRect

  SetCapture

  PtInRect

  GetWindowInfo

  ShowWindow

  GetTopWindow

  IsWindowVisible

  GetWindowThreadProcessId

  GetWindow

  GetKeyboardLayout

  DrawTextA

  FreeDDElParam

  GetAncestor

  GetAsyncKeyState

  LoadCursorA

  SetRect

  GetMessagePos

  ScreenToClient

  LoadStringA

  GetClientRect

  CreateWindowExW

  GetScrollInfo

  SetScrollInfo

  SetCaretPos

  GetMenu

  CheckMenuRadioItem

  SetClassLongA

  GetDesktopWindow

  BeginDeferWindowPos

  EndDeferWindowPos

  wsprintfA

  SetWindowTextA

  SystemParametersInfoA

  CreateMenu

  CreatePopupMenu

  SendMessageA

  GetWindowRect

  IsWindow

  RedrawWindow

  GetDC

  ReleaseDC

  SetScrollRange

  BeginPaint

  LoadBitmapA

  GetDlgItem

  GetWindowLongA

  CreateWindowExA

  InflateRect

  gdi32

  TextOutA

  CreateBitmap

  CreatePatternBrush

  SetBrushOrgEx

  SetTextColor

  SetBkColor

  PatBlt

  DeleteObject

  CreateFontIndirectA

  Ellipse

  StartDocA

  StartPage

  CreateRectRgn

  EndPage

  EndDoc

  GetTextCharset

  TranslateCharsetInfo

  GetCurrentObject

  GetPaletteEntries

  GdiFlush

  BitBlt

  AddFontMemResourceEx

  RemoveFontMemResourceEx

  GetDeviceCaps

  SetMapMode

  SetWindowExtEx

  SetViewportExtEx

  CreateCompatibleDC

  SelectClipRgn

  GetClipRgn

  GetClipBox

  SelectObject

  MoveToEx

  LineTo

  CreateICA

  DeleteDC

  CreatePen

  CreateSolidBrush

  comdlg32

  ChooseColorA

  PrintDlgA

  GetFileTitleA

  advapi32

  CryptDestroyKey

  SetSecurityDescriptorOwner

  ConvertStringSidToSidA

  InitializeSecurityDescriptor

  AllocateAndInitializeSid

  RegCloseKey

  RegSetValueExA

  RegCreateKeyExA

  CryptEncrypt

  CryptReleaseContext

  CryptDestroyHash

  CryptGetHashParam

  CryptSetHashParam

  CryptDeriveKey

  CryptHashData

  SetSecurityDescriptorDacl

  ImpersonateNamedPipeClient

  OpenThreadToken

  CryptAcquireContextA

  CryptCreateHash

  SetNamedSecurityInfoA

  shell32

  SHCreateDirectoryExA

  SHGetFolderPathA

  DragAcceptFiles

  ole32

  CoCreateInstance

  CreateStreamOnHGlobal

  CreateItemMoniker

  GetRunningObjectTable

  GetHGlobalFromStream

  oleaut32

  OleCreatePictureIndirect

  odbc32

  ord51

  ord46

  ws2_32

  WSACreateEvent

  WSAGetLastError

  psapi

  EnumPageFilesA

  avifil32

  AVIMakeCompressedStream

  AVIStreamSetFormat

  AVIStreamRelease

  msimg32

  GradientFill

  winmm

  mmioClose

  iphlpapi

  GetIfEntry

  GetIfTable

  shlwapi

  StrToIntExA

  PathAppendA

  comctl32

  ImageList_LoadImageA

  ord6

  ImageList_SetOverlayImage

  ImageList_Add

  ord17

  ImageList_Create

  ImageList_Draw

  ImageList_ReplaceIcon

  ImageList_GetImageCount

  ImageList_GetImageInfo

  opengl32

  wglSetLayerPaletteEntries

  imm32

  ImmGetContext

  ImmGetDescriptionA

  ImmReleaseContext

  ImmGetDefaultIMEWnd

  urlmon

  URLDownloadToCacheFileA

  ntdsapi

  DsUnBindA

  Sections

  .text

  Size: 104KB - Virtual size: 103KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 209KB - Virtual size: 208KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ