General

Malware Config

Signatures

Files

• 3ae1719fce6e7807d26c7df9195ec7d8518c2c551744770be5a951efc800416e

  .exe windows x86

  139bb4eeb5381cbba87c701d050d6d34

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetStdHandle

  HeapSize

  RtlUnwind

  FlushFileBuffers

  HeapReAlloc

  GetConsoleMode

  GetConsoleCP

  SetFilePointer

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetTickCount

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetStringTypeW

  DeleteCriticalSection

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetModuleFileNameW

  WriteFile

  HeapCreate

  WriteConsoleW

  LCMapStringW

  WideCharToMultiByte

  GetCurrentThreadId

  SetLastError

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  GetOEMCP

  GetACP

  lstrcpyW

  LocalFree

  FileTimeToLocalFileTime

  CloseHandle

  GetVersionExA

  GetCPInfoExA

  OutputDebugStringA

  lstrcatW

  GetModuleHandleA

  FindFirstVolumeMountPointA

  GetModuleFileNameA

  GetSystemInfo

  LocalAlloc

  LoadLibraryA

  GetLocalTime

  GlobalFree

  FindVolumeMountPointClose

  GetProcAddress

  GetCurrentDirectoryW

  GetLastError

  GetLogicalDriveStringsA

  GetStdHandle

  lstrlenW

  lstrcatA

  MulDiv

  EnumSystemCodePagesA

  Sleep

  LoadLibraryW

  GlobalAlloc

  GetEnvironmentStrings

  GetVolumeNameForVolumeMountPointA

  TzSpecificLocalTimeToSystemTime

  FindNextVolumeMountPointA

  GetCurrentThread

  InterlockedDecrement

  InterlockedIncrement

  GetCPInfo

  TerminateProcess

  EncodePointer

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RaiseException

  GetStartupInfoW

  HeapSetInformation

  GetCommandLineA

  DecodePointer

  ExitProcess

  GetModuleHandleW

  LeaveCriticalSection

  EnterCriticalSection

  HeapAlloc

  HeapFree

  MultiByteToWideChar

  FreeEnvironmentStringsA

  GlobalLock

  GetCurrentProcess

  LoadLibraryExW

  FreeLibrary

  lstrcmpA

  GetFileSize

  CreateFileA

  ReadFile

  GetTimeZoneInformation

  IsValidCodePage

  FileTimeToSystemTime

  GetComputerNameA

  IsProcessorFeaturePresent

  CreateFileW

  user32

  GetDlgItem

  ReleaseDC

  GetWindowLongA

  MessageBoxA

  SetWindowLongA

  SetRect

  DefWindowProcA

  GetSysColor

  LoadCursorA

  GetDlgItemTextA

  DestroyIcon

  TrackPopupMenuEx

  OffsetRect

  InflateRect

  SetSysColors

  GetDC

  GetIconInfo

  CreateIconIndirect

  GetCursorPos

  LoadImageA

  DrawMenuBar

  DestroyWindow

  GetUpdateRgn

  SetTimer

  GetWindowRect

  InsertMenuItemA

  RegisterClassExA

  DrawTextA

  GetKeyState

  SetForegroundWindow

  LoadStringA

  LoadIconA

  wsprintfA

  DrawIcon

  GetWindowTextLengthA

  SendMessageA

  RegisterWindowMessageA

  BeginPaint

  wsprintfW

  InsertMenuItemW

  gdi32

  PolyDraw

  CreatePolygonRgn

  BitBlt

  SetTextColor

  CreateFontA

  GetDeviceCaps

  GetRgnBox

  CreateDCA

  GetRegionData

  DeleteObject

  SelectObject

  CreateSolidBrush

  CreateCompatibleDC

  CombineRgn

  CreateCompatibleBitmap

  OffsetRgn

  ExtCreateRegion

  CombineTransform

  PolyBezierTo

  CreateRectRgn

  Polyline

  CreatePen

  PolyBezier

  GetPixel

  comdlg32

  ChooseFontA

  FindTextA

  advapi32

  GetUserNameW

  OpenProcessToken

  AllocateAndInitializeSid

  GetTokenInformation

  LsaClose

  OpenThreadToken

  shell32

  SHGetPathFromIDListA

  ole32

  CreateStreamOnHGlobal

  CoInitializeSecurity

  CoInitialize

  CoInitializeEx

  CoCreateInstance

  oleaut32

  VariantInit

  RevokeActiveObject

  OleLoadPicture

  OleSavePictureFile

  wininet

  InternetConnectA

  InternetOpenA

  ws2_32

  WSAStartup

  netapi32

  NetUserAdd

  NetLocalGroupAddMember

  psapi

  GetProcessMemoryInfo

  GetModuleInformation

  winmm

  mmioWrite

  mmioOpenA

  waveOutGetNumDevs

  mmioCreateChunk

  mmioClose

  crypt32

  CryptDecodeObject

  cryptui

  CryptUIWizImport

  iphlpapi

  IcmpCreateFile

  shlwapi

  StrStrIW

  StrToIntA

  PathAppendA

  StrChrA

  comctl32

  ImageList_Create

  ImageList_ReplaceIcon

  FlatSB_SetScrollRange

  FlatSB_ShowScrollBar

  ord17

  activeds

  ord3

  urlmon

  ObtainUserAgentString

  snmpapi

  SnmpUtilIdsToA

  quartz

  AMGetErrorTextW

  Sections

  .text

  Size: 112KB - Virtual size: 111KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 203KB - Virtual size: 202KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ