General

Malware Config

Signatures

Files

• 4e66d9a60ce3829e27aa07f9b8485dd6fe1cb58f147c87e0b5517d7a2a02a8ce

  .exe windows x86

  a7a250dd09673edfb5ae75ca724fd755

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  LoadLibraryA

  FreeLibrary

  CreateProcessA

  GetModuleFileNameA

  LocalFree

  GetStartupInfoA

  lstrlenA

  GetProcAddress

  GetModuleHandleA

  GetFileAttributesA

  GetFullPathNameA

  GetLastError

  SetLastError

  lstrlenW

  OutputDebugStringA

  GlobalFree

  lstrcpynA

  InterlockedDecrement

  MultiByteToWideChar

  ExitProcess

  HeapAlloc

  GetProcessHeap

  ActivateActCtx

  WideCharToMultiByte

  VirtualProtect

  GetVersion

  GlobalAlloc

  AreFileApisANSI

  lstrcpyA

  CreateMutexA

  user32

  IsWindowUnicode

  IsWindowVisible

  PtInRect

  GetSystemMenu

  IsZoomed

  SetCapture

  GetWindowRect

  GetDlgCtrlID

  DrawTextA

  GetParent

  SetWindowTextA

  GetForegroundWindow

  DefWindowProcA

  GetSystemMetrics

  TabbedTextOutA

  GetWindowTextA

  ReleaseCapture

  EnableWindow

  FillRect

  SetRect

  OffsetRect

  IsWindow

  GrayStringA

  GetDoubleClickTime

  SendMessageA

  SetForegroundWindow

  UpdateWindow

  EnumChildWindows

  gdi32

  AnimatePalette

  AddFontMemResourceEx

  AbortDoc

  BitBlt

  CreateFontIndirectA

  CreatePolygonRgn

  SetPixel

  GetObjectA

  DPtoLP

  PtVisible

  GetTextColor

  Polyline

  TextOutA

  PtInRegion

  CreateRectRgn

  RectVisible

  LPtoDP

  CreatePalette

  CombineRgn

  SetRectRgn

  advapi32

  CryptDeriveKey

  RegSetValueExA

  EqualSid

  RegQueryValueExA

  RegCloseKey

  RegEnumValueA

  CryptDecrypt

  LsaClose

  CryptAcquireContextA

  RegCreateKeyExA

  IsTextUnicode

  RegDeleteKeyW

  CryptHashData

  CryptEncrypt

  RegDeleteValueA

  LsaFreeMemory

  LsaOpenPolicy

  RegOpenKeyExA

  RegOpenCurrentUser

  RegEnumKeyW

  RegQueryValueExW

  CryptCreateHash

  CryptReleaseContext

  RegEnumValueW

  RegCreateKeyExW

  FreeSid

  RegOpenKeyExW

  RegDeleteValueW

  RegSetValueExW

  CryptDestroyKey

  CryptDestroyHash

  RegOpenKeyW

  shell32

  ShellExecuteA

  SHGetPathFromIDListA

  SHGetDesktopFolder

  SHGetMalloc

  ole32

  CLSIDFromProgID

  CoCreateInstance

  CoUninitialize

  CoTaskMemFree

  CoTaskMemAlloc

  StringFromCLSID

  CoInitialize

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  version

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  VerQueryValueA

  oledlg

  OleUIBusyW

  msvcrt

  _CIcos

  _onexit

  _except_handler3

  __setusermatherr

  _splitpath

  __p__commode

  _vsnprintf

  __CxxFrameHandler

  _setmbcp

  _XcptFilter

  _mbscmp

  exit

  _strdup

  _adjust_fdiv

  __dllonexit

  __set_app_type

  free

  _mbsicmp

  ?terminate@@YAXXZ

  __p__fmode

  ??1type_info@@UAE@XZ

  _exit

  _CxxThrowException

  _acmdln

  _controlfp

  _initterm

  __getmainargs

  Sections

  .text

  Size: 59KB - Virtual size: 58KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 18KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 51KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ