General

Malware Config

Signatures

Files

• 5741eadfc89a1352c61f1ff0a5c01c06

  .exe windows x86

  2f2316fb946682a102e453a8ae405904

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  recvfrom

  setsockopt

  sendto

  bind

  WSAStartup

  ioctlsocket

  recv

  send

  WSACloseEvent

  WSARecv

  WSASend

  WSAGetLastError

  WSAEnumNetworkEvents

  gethostname

  connect

  inet_ntoa

  inet_addr

  htons

  getsockname

  shutdown

  socket

  closesocket

  gethostbyname

  WSAEventSelect

  WSAGetOverlappedResult

  WSAWaitForMultipleEvents

  getpeername

  accept

  WSACreateEvent

  WSASocketA

  listen

  shlwapi

  PathFileExistsW

  StrCmpNW

  PathMatchSpecW

  PathFindFileNameW

  PathFileExistsA

  StrChrA

  StrStrIA

  StrCmpNIA

  StrStrW

  urlmon

  URLDownloadToFileW

  wininet

  InternetConnectA

  InternetOpenUrlW

  HttpQueryInfoA

  InternetOpenW

  HttpSendRequestA

  HttpAddRequestHeadersA

  HttpOpenRequestA

  InternetReadFile

  InternetOpenUrlA

  InternetOpenA

  InternetCloseHandle

  InternetCrackUrlA

  ntdll

  memcpy

  _chkstk

  _aulldiv

  RtlUnwind

  memmove

  mbstowcs

  RtlTimeToSecondsSince1980

  NtQuerySystemTime

  NtQueryVirtualMemory

  strstr

  isdigit

  isalpha

  _allshl

  _aullshr

  memset

  msvcrt

  rand

  srand

  _vscprintf

  kernel32

  MoveFileW

  CreateProcessW

  GetLocaleInfoA

  DuplicateHandle

  DeleteCriticalSection

  GetThreadPriority

  SetThreadPriority

  GetCurrentThread

  GetCurrentProcess

  InterlockedExchangeAdd

  InterlockedIncrement

  InterlockedExchange

  WaitForSingleObject

  InterlockedDecrement

  GetCurrentProcessId

  HeapSetInformation

  GetProcessHeaps

  GetSystemInfo

  PostQueuedCompletionStatus

  HeapValidate

  HeapCreate

  HeapFree

  HeapAlloc

  HeapReAlloc

  ExpandEnvironmentStringsW

  CreateThread

  DeleteFileA

  CreateMutexA

  MoveFileA

  GetLastError

  CreateEventA

  ExitProcess

  GetQueuedCompletionStatus

  CreateIoCompletionPort

  SetEvent

  GetVolumeInformationW

  SetFileAttributesW

  lstrcpyW

  DeleteFileW

  GetDiskFreeSpaceExW

  FindNextFileW

  lstrcmpiW

  QueryDosDeviceW

  RemoveDirectoryW

  FindClose

  lstrlenA

  GlobalLock

  GetModuleHandleW

  GetTickCount

  GlobalAlloc

  Sleep

  lstrcpynW

  ExitThread

  MultiByteToWideChar

  lstrlenW

  GlobalUnlock

  GetFileSize

  MapViewOfFile

  UnmapViewOfFile

  WriteFile

  InitializeCriticalSection

  LeaveCriticalSection

  CreateFileW

  FlushFileBuffers

  EnterCriticalSection

  CreateFileMappingW

  CloseHandle

  FindFirstFileW

  GetDriveTypeW

  MoveFileExW

  CreateDirectoryW

  GetLogicalDrives

  CopyFileW

  GetModuleFileNameW

  lstrcmpW

  user32

  SendMessageA

  wsprintfW

  IsClipboardFormatAvailable

  RegisterClassExW

  GetWindowLongW

  GetClipboardData

  EmptyClipboard

  ChangeClipboardChain

  SetWindowLongW

  CloseClipboard

  GetMessageA

  FindWindowA

  ShowWindow

  wsprintfA

  SetForegroundWindow

  wvsprintfA

  TranslateMessage

  DefWindowProcA

  RegisterRawInputDevices

  CreateWindowExW

  DispatchMessageA

  OpenClipboard

  SetClipboardData

  SetClipboardViewer

  advapi32

  RegSetValueExW

  CryptGenRandom

  CryptReleaseContext

  CryptAcquireContextW

  RegQueryValueExW

  RegOpenKeyExA

  RegSetValueExA

  RegCloseKey

  RegOpenKeyExW

  shell32

  ShellExecuteW

  ole32

  CoInitializeEx

  CoCreateInstance

  CoInitialize

  CoUninitialize

  oleaut32

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 57KB - Virtual size: 57KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE