General

Malware Config

Signatures

Files

• d87a03777335208a45a9355dd33f7c9e5e2111a32ff33afdbee95770fe195496

  .exe windows x86

  ca6a4080dcb7bc91768b58e624f84ec7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  VirtualFree

  VirtualAlloc

  WriteConsoleW

  CloseHandle

  CreateFileW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  HeapReAlloc

  HeapSize

  GetProcessHeap

  LCMapStringW

  GetStringTypeW

  GetFileType

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  HeapFree

  HeapAlloc

  GetACP

  GetModuleHandleExW

  ExitProcess

  WideCharToMultiByte

  MultiByteToWideChar

  GetModuleFileNameW

  WriteFile

  GetStdHandle

  RaiseException

  LoadLibraryExW

  GetProcAddress

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  GetLastError

  RtlUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  DecodePointer

  ws2_32

  WSAIsBlocking

  closesocket

  WSAEventSelect

  WSAAsyncGetProtoByName

  recv

  WSASetLastError

  WSAInstallServiceClassW

  bind

  WSACreateEvent

  ntohl

  WSAAsyncGetHostByAddr

  getsockname

  WSADuplicateSocketA

  WSAAsyncGetProtoByNumber

  WSAProviderConfigChange

  WSAIoctl

  setsockopt

  WSAWaitForMultipleEvents

  getsockopt

  gethostname

  recvfrom

  WSAAsyncSelect

  WSAAsyncGetServByName

  WSACancelAsyncRequest

  sendto

  getprotobynumber

  select

  socket

  listen

  gethostbyaddr

  loadperf

  UnloadPerfCounterTextStringsW

  LoadPerfCounterTextStringsA

  UnloadPerfCounterTextStringsA

  LoadPerfCounterTextStringsW

  wsock32

  ord1111

  ord1106

  ord1105

  ord1117

  MigrateWinsockConfiguration

  ord1142

  ord1116

  ole32

  OleLoadFromStream

  CoUninitialize

  HMETAFILE_UserFree

  CoReleaseServerProcess

  CoInitialize

  OleCreateFromFile

  MkParseDisplayName

  CoSetProxyBlanket

  HkOleRegisterObject

  MonikerCommonPrefixWith

  CreateClassMoniker

  CoInitializeWOW

  WriteFmtUserTypeStg

  OleConvertIStorageToOLESTREAMEx

  FreePropVariantArray

  CoGetMalloc

  CreateGenericComposite

  StgIsStorageFile

  CoBuildVersion

  PropStgNameToFmtId

  CoTestCancel

  Sections

  .text

  Size: 201KB - Virtual size: 200KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 504KB - Virtual size: 504KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ