General

Malware Config

Signatures

Files

• 30505e6aa6a549462dbce448912969cf1681023710797d2bb0e76246e436deb8

  .exe windows x86

  a70f1b68005a354d5a35c361a6473c74

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LocalReAlloc

  Module32First

  Module32Next

  MoveFileExA

  MoveFileWithProgressW

  MulDiv

  MultiByteToWideChar

  OutputDebugStringA

  ProcessIdToSessionId

  QueryPerformanceCounter

  QueryPerformanceFrequency

  RaiseException

  ReadFile

  ReleaseMutex

  RemoveDirectoryA

  RemoveDirectoryW

  RtlMoveMemory

  RtlUnwind

  SetCommState

  SetEndOfFile

  SetEnvironmentVariableA

  SetFilePointer

  SetHandleCount

  SetHandleInformation

  SetProcessPriorityBoost

  SetStdHandle

  SetThreadContext

  SetUnhandledExceptionFilter

  SetVolumeLabelA

  SizeofResource

  Sleep

  LocalFree

  UnhandledExceptionFilter

  VirtualFree

  VirtualProtect

  VirtualQuery

  WaitForDebugEvent

  WideCharToMultiByte

  WriteFile

  WritePrivateProfileSectionA

  lstrcmpW

  lstrcmpiW

  lstrcpyW

  lstrcpynA

  lstrcpynW

  lstrlenA

  lstrlenW

  IsValidCodePage

  InitializeCriticalSectionAndSpinCount

  SetLastError

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  DeleteCriticalSection

  LocalAlloc

  LoadLibraryW

  LoadLibraryA

  LeaveCriticalSection

  LCMapStringW

  LCMapStringA

  IsDebuggerPresent

  IsBadWritePtr

  IsBadReadPtr

  IsBadCodePtr

  InterlockedIncrement

  InterlockedExchange

  InterlockedDecrement

  HeapSize

  HeapReAlloc

  HeapFree

  HeapDestroy

  HeapCreate

  HeapAlloc

  GetVersionExA

  GetVersion

  GetTimeZoneInformation

  GetTickCount

  GetThreadPriority

  GetSystemTimeAsFileTime

  GetSystemPowerStatus

  GetSystemInfo

  GetStringTypeW

  GetStringTypeA

  GetStdHandle

  GetStartupInfoA

  GetProfileStringW

  GetProcAddress

  GetOEMCP

  GetModuleHandleW

  GetModuleFileNameA

  GetLocaleInfoW

  GetLocaleInfoA

  GetLastError

  GetFullPathNameW

  GetFullPathNameA

  GetFileType

  GetEnvironmentStringsW

  GetEnvironmentStrings

  GetDriveTypeW

  GetDriveTypeA

  GetCurrentThreadId

  GetCurrentProcessId

  GetCurrentProcess

  GetCurrentDirectoryW

  GetCurrentDirectoryA

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetACP

  FreeLibrary

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  FormatMessageW

  FormatMessageA

  FlushFileBuffers

  FindNextFileW

  FindNextFileA

  FindFirstFileW

  FindFirstFileA

  FindClose

  FillConsoleOutputCharacterA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  ExitProcess

  EnumSystemLocalesW

  EnterCriticalSection

  DnsHostnameToComputerNameA

  DeleteTimerQueue

  DeleteFileW

  DeleteFileA

  DebugBreak

  CreateMutexA

  CreateJobObjectW

  CreateFileA

  CreateDirectoryA

  CopyFileA

  CompareStringW

  CompareStringA

  CompareFileTime

  CloseHandle

  AssignProcessToJobObject

  GetModuleHandleA

  SetErrorMode

  TerminateProcess

  VirtualAlloc

  user32

  GetMessageA

  GetForegroundWindow

  GetFocus

  GetDC

  GetCursorPos

  GetClientRect

  GetAsyncKeyState

  ExcludeUpdateRgn

  EnumDisplaySettingsA

  DrawMenuBar

  DrawFrame

  DispatchMessageA

  DestroyWindow

  DeleteMenu

  GetWindow

  CreateWindowExW

  CreateWindowExA

  ClipCursor

  ClientToScreen

  ChangeDisplaySettingsA

  CallMsgFilterA

  BroadcastSystemMessage

  AdjustWindowRect

  LoadIconA

  CopyIcon

  CreatePopupMenu

  GetMessageTime

  GetActiveWindow

  GetParent

  GetMenuCheckMarkDimensions

  GetWindowInfo

  GetWindowRect

  InsertMenuA

  IsDialogMessageA

  LoadAcceleratorsA

  LoadCursorA

  LoadStringW

  MessageBeep

  MessageBoxA

  MessageBoxW

  MonitorFromWindow

  PeekMessageA

  PostQuitMessage

  PostThreadMessageA

  PtInRect

  RedrawWindow

  RegisterClassA

  ReleaseCapture

  SendIMEMessageExW

  SendMessageA

  SetCapture

  SetCursor

  SetCursorPos

  SetDeskWallpaper

  SetFocus

  SetRect

  SetUserObjectInformationW

  SetWindowLongA

  SetWindowPos

  ShowCursor

  ShowWindow

  ToAscii

  TranslateAcceleratorA

  TranslateMessage

  UpdateWindow

  wsprintfW

  DefWindowProcA

  GetSystemMetrics

  CharNextA

  LoadCursorFromFileW

  GetMenuItemCount

  GetTopWindow

  GetDialogBaseUnits

  InSendMessage

  GetKBCodePage

  GetMessagePos

  GetKeyboardLayout

  ShowCaret

  CharLowerA

  GetClipboardViewer

  CharUpperW

  GetClipboardSequenceNumber

  GetNextDlgTabItem

  gdi32

  GetOutlineTextMetricsW

  GetPath

  GetROP2

  GetRasterizerCaps

  GetStockObject

  PATHOBJ_vGetBounds

  STROBJ_bEnumPositionsOnly

  ScaleViewportExtEx

  ScaleWindowExtEx

  GetLayout

  SetBkMode

  SetBoundsRect

  SetColorSpace

  SetICMProfileA

  SetPolyFillMode

  SetTextColor

  SetWinMetaFileBits

  StartDocW

  cGetTTFFromFOT

  GetGraphicsMode

  GetKerningPairs

  GetFontLanguageInfo

  GetDeviceCaps

  GetCharABCWidthsFloatA

  GetBoundsRect

  GetBkColor

  GdiValidateHandle

  GdiPlayEMF

  GdiEntry7

  GdiEntry6

  GdiConvertFont

  GetColorSpace

  CreateHalftonePalette

  RealizePalette

  DeleteColorSpace

  WidenPath

  EndPath

  FillPath

  FlattenPath

  GetTextAlign

  Chord

  CreateColorSpaceA

  CreateDIBitmap

  CreateMetaFileW

  EngAcquireSemaphore

  EngPlgBlt

  EngReleaseSemaphore

  EnumFontsW

  ExtCreatePen

  ExtEscape

  ExtTextOutA

  ExtTextOutW

  SetArcDirection

  FillRgn

  FONTOBJ_pvTrueTypeFontFile

  comdlg32

  GetOpenFileNameA

  advapi32

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  SetSecurityDescriptorControl

  SetEntriesInAclW

  RegSetValueExA

  RegDeleteValueA

  RegCreateKeyExA

  RegCloseKey

  OpenServiceW

  OpenSCManagerW

  MakeSelfRelativeSD

  IsValidSecurityDescriptor

  IsValidAcl

  InitializeSecurityDescriptor

  GetUserNameW

  GetSecurityDescriptorSacl

  GetSecurityDescriptorOwner

  GetSecurityDescriptorLength

  GetSecurityDescriptorGroup

  GetSecurityDescriptorDacl

  GetAclInformation

  GetAce

  FreeSid

  EqualSid

  CloseServiceHandle

  ChangeServiceConfig2W

  BuildExplicitAccessWithNameW

  AllocateAndInitializeSid

  RegOpenKeyExW

  RegQueryValueExA

  SetSecurityDescriptorSacl

  shell32

  SHFreeNameMappings

  Shell_NotifyIconA

  ShellExecuteExA

  ShellExecuteEx

  DoEnvironmentSubstA

  DoEnvironmentSubstW

  DragQueryFileA

  DragQueryFileW

  DragQueryPoint

  DuplicateIcon

  ExtractAssociatedIconExW

  ExtractAssociatedIconW

  ExtractIconA

  ExtractIconExW

  SHAddToRecentDocs

  SHCreateDirectoryExA

  SHEmptyRecycleBinA

  WOWShellExecute

  SHGetDataFromIDListA

  SHGetDiskFreeSpaceA

  SHGetDiskFreeSpaceExW

  SHGetFileInfoA

  SHGetFileInfoW

  SHGetFolderPathA

  SHGetFolderPathW

  SHGetIconOverlayIndexA

  SHGetIconOverlayIndexW

  SHGetPathFromIDListW

  SHGetSpecialFolderPathA

  SHLoadInProc

  SHQueryRecycleBinA

  ShellExecuteA

  shlwapi

  StrCmpNA

  StrRChrA

  StrChrIW

  StrStrW

  Sections

  .text

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ