General

Malware Config

Signatures

Files

• 356bff6966ca7136a8486089c17205ba4b50fcc7f60655d82103dedce4473e55

  .exe windows x86

  3922fbdab190bf08abe42681ca4d85ff

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LocalFree

  CreateThread

  FlushFileBuffers

  WriteConsoleW

  SetStdHandle

  LCMapStringW

  LoadLibraryW

  OutputDebugStringW

  LoadLibraryExW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  GetFileType

  GetStringTypeW

  Sleep

  GetCPInfo

  GetOEMCP

  GetACP

  CreateWaitableTimerA

  RtlUnwind

  HeapSize

  HeapReAlloc

  GetModuleHandleW

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetModuleFileNameW

  WriteFile

  GetStdHandle

  GetModuleHandleExW

  ExitProcess

  IsDebuggerPresent

  GetCommandLineA

  EncodePointer

  VirtualProtect

  GetSystemInfo

  DecodePointer

  VirtualFree

  IsProcessorFeaturePresent

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  InterlockedCompareExchange

  GetProcessHeap

  HeapFree

  HeapAlloc

  GetCurrentProcessId

  CloseHandle

  CreateToolhelp32Snapshot

  Module32NextW

  Module32FirstW

  GetProfileStringA

  VirtualAlloc

  VirtualUnlock

  CreateFileW

  SetSystemPowerState

  FormatMessageW

  GetConsoleWindow

  GetCompressedFileSizeW

  SetThreadExecutionState

  SetConsoleScreenBufferSize

  WaitForSingleObject

  SetWaitableTimer

  VirtualQuery

  FillConsoleOutputCharacterA

  GetComputerNameA

  GetFullPathNameW

  DebugBreak

  GetVersionExA

  OutputDebugStringA

  FindResourceW

  lstrlenA

  DeleteCriticalSection

  LoadLibraryExA

  GetModuleHandleA

  GlobalHandle

  LockResource

  GlobalFree

  GetProcAddress

  lstrcmpiA

  IsDBCSLeadByte

  SizeofResource

  InterlockedDecrement

  InterlockedIncrement

  LoadResource

  FreeLibrary

  FindResourceA

  GetCurrentThreadId

  lstrcmpA

  GetModuleFileNameA

  EnterCriticalSection

  SetLastError

  GetLastError

  RaiseException

  FlushInstructionCache

  GlobalUnlock

  MultiByteToWideChar

  MulDiv

  LeaveCriticalSection

  InitializeCriticalSectionAndSpinCount

  WideCharToMultiByte

  GlobalAlloc

  GlobalLock

  GetCurrentProcess

  IsValidCodePage

  user32

  DefWindowProcA

  EndDialog

  GetDlgItem

  IsWindow

  ReleaseCapture

  RedrawWindow

  MapWindowPoints

  CallWindowProcA

  LoadCursorA

  GetWindow

  MoveWindow

  GetDesktopWindow

  GetSysColor

  SetWindowTextA

  SetWindowPos

  KillTimer

  SendDlgItemMessageA

  PostQuitMessage

  MapDialogRect

  SetTimer

  InsertMenuA

  CreatePopupMenu

  SetClassLongA

  GetKeyState

  LoadStringA

  MessageBeep

  IsWindowEnabled

  DrawEdge

  PtInRect

  GetCapture

  DrawFocusRect

  MonitorFromWindow

  ReleaseDC

  CreateWindowExA

  GetWindowLongA

  GetWindowTextW

  TrackPopupMenuEx

  GetWindowWord

  CreateAcceleratorTableA

  InvalidateRect

  SetWindowLongA

  GetWindowTextA

  GetDC

  GetMonitorInfoA

  IsDialogMessageA

  InflateRect

  DrawTextExW

  wsprintfA

  HideCaret

  SetCursor

  SetWindowContextHelpId

  GetMenu

  CheckMenuRadioItem

  GetMenuItemInfoA

  GetActiveWindow

  SetMenuDefaultItem

  AdjustWindowRectEx

  SystemParametersInfoA

  GetSystemMetrics

  IsWindowVisible

  LoadImageA

  UpdateWindow

  EnableWindow

  SetMenuItemInfoA

  GetDlgCtrlID

  DialogBoxParamA

  SetDlgItemTextA

  GetMessageA

  TranslateMessage

  CreateDialogIndirectParamA

  PeekMessageA

  ShowWindow

  DispatchMessageA

  EndPaint

  ClientToScreen

  DestroyWindow

  GetClassNameA

  DestroyAcceleratorTable

  ScreenToClient

  GetWindowRect

  RegisterClassExA

  FillRect

  IsChild

  GetClassInfoExA

  SetCapture

  GetFocus

  GetParent

  InvalidateRgn

  CharNextA

  GetClientRect

  SetFocus

  GetWindowTextLengthA

  SendMessageA

  RegisterWindowMessageA

  BeginPaint

  UnregisterClassA

  gdi32

  CreateCompatibleBitmap

  GetObjectA

  GetStockObject

  CreatePen

  GetTextExtentPoint32A

  MoveToEx

  SetTextJustification

  SaveDC

  GetMapMode

  CreateCompatibleDC

  SetMapMode

  CombineRgn

  SetBkMode

  SetPixel

  SetBkColor

  GetCurrentObject

  CreateFontIndirectA

  CreateFontA

  SetTextColor

  StartPage

  SelectObject

  DeleteObject

  GetDeviceCaps

  DeleteDC

  BitBlt

  TextOutA

  Rectangle

  RestoreDC

  CreateSolidBrush

  SetTextAlign

  LineTo

  advapi32

  RegCloseKey

  CryptGenKey

  CryptGenRandom

  LsaClose

  CryptAcquireContextA

  RegSetValueExA

  RegDeleteValueA

  RegOpenKeyExA

  RegCreateKeyExA

  RegEnumKeyExA

  RegDeleteKeyA

  RegQueryInfoKeyW

  shell32

  SHGetPathFromIDListA

  ShellExecuteA

  ole32

  CoTaskMemFree

  CoCreateInstance

  OleLockRunning

  CoInitialize

  CoTaskMemRealloc

  CLSIDFromProgID

  CoTaskMemAlloc

  CoGetClassObject

  CoUninitialize

  OleUninitialize

  OleInitialize

  StringFromGUID2

  CreateStreamOnHGlobal

  CLSIDFromString

  oleaut32

  LoadTypeLi

  VariantInit

  SysStringLen

  SysAllocStringLen

  VariantClear

  SafeArrayDestroy

  SafeArrayAccessData

  SafeArrayCreateVector

  OleLoadPicturePath

  DispCallFunc

  VarUI4FromStr

  LoadRegTypeLi

  SysFreeString

  OleCreateFontIndirect

  VarBstrCat

  SysAllocString

  odbc32

  ord41

  psapi

  GetPerformanceInfo

  comctl32

  ImageList_GetIconSize

  ImageList_LoadImageA

  _TrackMouseEvent

  ImageList_Destroy

  ImageList_Draw

  InitCommonControlsEx

  CreateToolbarEx

  urlmon

  FaultInIEFeature

  HlinkGoBack

  GetClassFileOrMime

  netapi32

  NetLocalGroupAddMember

  NetUserAdd

  msi

  ord165

  ord159

  ord160

  ord163

  ord162

  avifil32

  AVIStreamWrite

  rpcrt4

  UuidToStringW

  UuidCreate

  imm32

  ImmReleaseContext

  ImmGetConversionStatus

  ImmGetDefaultIMEWnd

  Sections

  .text

  Size: 189KB - Virtual size: 189KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 55KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 155KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ