General

Malware Config

Signatures

Files

• 5d9863fca2751b9cbfa2a57fd83ffe2a

  .exe windows x86

  ac9f9903da25e30d9ef7a4c4a0bac686

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  Process32First

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetClientRect

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  GetDeviceCaps

  advapi32

  AllocateAndInitializeSid

  msvcp140

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

  wininet

  InternetCheckConnectionA

  normaliz

  IdnToAscii

  ws2_32

  listen

  crypt32

  CertFreeCertificateContext

  wldap32

  ord301

  d3d9

  Direct3DCreate9

  d3dx9_43

  D3DXCreateTextureFromFileInMemory

  imm32

  ImmReleaseContext

  vcruntime140

  strstr

  api-ms-win-crt-heap-l1-1-0

  realloc

  api-ms-win-crt-runtime-l1-1-0

  __sys_errlist

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf

  api-ms-win-crt-filesystem-l1-1-0

  remove

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-string-l1-1-0

  tolower

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-convert-l1-1-0

  wcstombs

  api-ms-win-crt-time-l1-1-0

  _gmtime64

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  libcrypto-3

  BIO_new_mem_buf

  libssl-3

  SSL_pending

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  ��k���J�>^�q�a&�[2=���;�X����A���Ֆ|!�uG�if��2�t��\G#��$X5����f.gt/��p�l�N������}+�w�r' .�9p�_�~=x�')�:y1׷�@„��P�.��;�;�p�lN��-�~ c~�~b)l?��[��f��[5�AD������� �$�Py��m��[|gQ��*6A^.� �)���Cٗ�}(3>Ks��x^z��� �o�8'�W��ԟ���x�R���:P���U�d~�H��IԨ�����3����2p>���ˌoF��[��jGǶs`�m dr��� µ���S�h�X�x�o��?��H�Jg��1ou ��.0ܓ
  ��@�G_���` J�uC�k� �nl�Y{���[�{�@r2����D���7n����u�2n/� g�ZU��9����ws�[����$��,�2b��-p����3��F�Y;�RlI�������Z�kZ����B�yXkb�] H�֪�*D"e�ʲ��R$��y�e���M��׿М{+���¾=� D1A�3���O.+��M,I�;?J�{(��z'�NCB[����ؠAy����74}�e�<ލ��+쐝���:c�[֋�p���˃CS�E��u��0��Œ(�S���փ��S��a����,6����xB�N�~��g;G������{���S�vt�DH����#ڙ��'�y���O˸C�� |����<-ʭ{��ܶ}��S�����#/u����}�O�-�<���.��{fd��x�)��A�p/?�x����?��J�Ɨ�&�SM���$�G�ǡ�\��� �ȝ����� �i��>S�Sy�%��>�����P�G��d&UC8/���9x��r���8�P��o����W��Y��X��-��O +�+w�����m}D���eQٟ����}����{�d���p�L�3�����?�Q���^�x��1�� XQͩL}�Vکm����8ƻ1��u��. ��[� V�����c���&����R"O���7E"�et���9��U�g3:���J�^Ls����h�͘���A���������v/��D��_������W9��c�E[���M?N�ݖ?^<�������\#]=zY��û����:qDM� M��x���Ka���X@+!����4�V-������t��I����A�����V�I_�d���EX��<74;�ĵ�&��scڬs���z�̚�Wx�I�J���v�}ҼL�w[���b Xdo�n�n��]�:�aދ�s*�[�����>��n~W@⽑����U����>��mH���N�O̊��~-����x�r1���,v>��f�9 68�}��� +�� ]���E�ʪq���J ��)���(3l���J��,a[S]�bu�AG�H�־�z�>�|[�Ͼg�'��>��wjz`6��
  ��v�L����׺5$��t��6g��s��T��f>��M,i�o/�'�r�M���� �y|�'i�+��m:�%�_.���]1�R
  �8�����&��V%�bD���0��P�l�� q�RP����}'��`�f"Vb�����&�i]K�jBV�i�b>t��q�v�0����{4��xr
  ��̕ �<SE�s�r�Zj�� �. ���"(v��<ٵ�k��0��3U y����^p�Z�t
  ���~�2!����g��t͂o��Q�Be���$��_+i�h�6����Z����������hU ���ܕ�y��H�����B�.�)���:V�`zF��,��Mz��@�T�V���#>1���L��uPY�� q��|{u�܏Y�|�a?�pD�G_>48ntL,���ZC���4�?�IN�_��+��ي&U`�~ �8�$�r�oL&�V�r�H[n9B��|�0
  }��!��qtm(9x� ���s�vL��)��b!��IiR���� l�����A����?�`�4�;��&H���/�m�o�ѻ��s����+���H�;l�L���:���\J�9t�E��w�7�ǒg]%��ܻ�`଀W:�Ο��F�=w���ps���PQ�d�����+��a*�q��dɒ�!�H==��`����X/�?���O�����P���,R����HGN+�塛�l�gw0R@zsɗ32]�jl�Ƅ )�h ��KQ�������?�N�� ������_K�
  ����E~6-W���;}��Nݳ3G�n^(��%��pa�ksb�Z ��}�er@��~������lE���Ei�G����A>�̂Dtg��
  N�C�����^QPr��yK뻭�l�>X�;��ܓ�l�;�W6�+�{ܻ�[0N�*�����������s�K��u�߆�\UKkÈ�ZS*���r���nq9lv�0���t
  ҧ�`�� ��W _�4��K�}X#�լ�������.0���櫵;hcl��-��ݘ�j2(����n{����<���.�n{���df��M���Yu88c������)Î�z�?�qt��eZ�"}��]9�n�c�����\$�`oR��G�V�� ��G5N�Er�r &u���@�<�1c� W��|7#�u:�BM�{����h̦�Ev/�$Y�晢�?_
  <�>���MF+�Dk#y�:{U6̉Ke�kg��W�!���sGv�O���Yn���PI����������2R�[�{�g�b��J�X���7��Z|�P���G𔵠Q���o�)��p�Ȫ�$��������E&<�/`�f�烣���dnP�}�8��JF�M��;rc��P�ԯH��e: �U�`x�o���#��4H[�������cHh��I�Ñ�X�
  �R�M�f$ s�����i���qT��z=q߷�$�).E�������9�g������mk6z�m�i>qN��a)���U���{z�����7[ўv�;�@�3VD�������3�j-�Ok��P�-��#�]��(����Wz���'<�Nc
  T���Cʠ�4���������Rƴ�O�`���X��r�k�T��m�U�r����P;<�2+&�7�G���)C�]�

  Sections

  .text

  Size: - Virtual size: 675KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 222KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 311KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .themida

  Size: 6.1MB - Virtual size: 6.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ