General

Malware Config

Signatures

Files

• f28ce294538fb56d8aff8077b149541bea56d8166d84c6e79cd0d9903f566b30

  .exe windows x86

  a8c9b20f0f2c56df805cccacf74baafe

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  ExtractIconA

  FindExecutableA

  FindExecutableW

  ExtractIconExA

  ole32

  StgOpenStorage

  user32

  GetWindowRgn

  GetTitleBarInfo

  EnumThreadWindows

  LockWorkStation

  GetMenuItemInfoA

  GetWindowInfo

  FindWindowExA

  GetUpdateRect

  DrawIconEx

  SetClipboardViewer

  GetMenuContextHelpId

  GetClipboardViewer

  LockWindowUpdate

  GetWindowLongW

  GetProcessDefaultLayout

  LoadIconA

  GetCapture

  PostMessageA

  GetCursorPos

  DestroyCaret

  IsRectEmpty

  IsWindowUnicode

  FreeDDElParam

  DrawIcon

  LoadImageA

  GetCursorInfo

  GetOpenClipboardWindow

  LockSetForegroundWindow

  LoadMenuA

  EndMenu

  FindWindowExW

  DeleteMenu

  GetClipboardSequenceNumber

  DestroyCursor

  GetWindowThreadProcessId

  DestroyAcceleratorTable

  powrprof

  GetCurrentPowerPolicies

  advapi32

  DeleteService

  LookupPrivilegeNameW

  InitiateSystemShutdownA

  LookupAccountSidW

  GetUserNameA

  GetServiceDisplayNameA

  GetEventLogInformation

  LookupPrivilegeDisplayNameA

  GetSecurityDescriptorOwner

  LogonUserA

  GetSidSubAuthorityCount

  IsWellKnownSid

  GetWindowsAccountDomainSid

  EnumServicesStatusA

  FindFirstFreeAce

  GetFileSecurityA

  winspool.drv

  GetPrinterDriverDirectoryW

  GetPrinterDriverDirectoryA

  WritePrinter

  GetPrintProcessorDirectoryW

  DeletePrinterConnectionW

  ntdll

  RtlUnwind

  toupper

  towupper

  kernel32

  SetFilePointer

  LeaveCriticalSection

  EnterCriticalSection

  OutputDebugStringA

  GetOEMCP

  GetACP

  GetCPInfo

  GetCurrentProcessId

  InitializeCriticalSection

  HeapAlloc

  Sleep

  VirtualAlloc

  HeapReAlloc

  LCMapStringA

  MultiByteToWideChar

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  GetTickCount

  QueryPerformanceCounter

  HeapFree

  VirtualFree

  HeapCreate

  HeapDestroy

  GetCurrentThreadId

  InterlockedDecrement

  FindFirstFileW

  LocalAlloc

  FindFirstFileExA

  GetCurrentConsoleFont

  GetPrivateProfileSectionNamesW

  GetFileTime

  GetUserDefaultLangID

  LocalFree

  GetCommandLineW

  GetSystemTimeAdjustment

  GetStringTypeExA

  LoadLibraryW

  WriteProfileStringA

  GlobalFindAtomW

  EnumTimeFormatsA

  VirtualLock

  GetFileAttributesExW

  LoadLibraryExA

  FindNextVolumeMountPointW

  GetExitCodeThread

  DebugActiveProcess

  GlobalGetAtomNameW

  GetCommMask

  GetThreadContext

  GetCommProperties

  GetProcAddress

  IsValidLanguageGroup

  GetFileSize

  GetConsoleCursorInfo

  IsValidLocale

  GetDiskFreeSpaceA

  VirtualProtectEx

  GetVolumePathNamesForVolumeNameW

  GetPrivateProfileStructA

  LocalSize

  GenerateConsoleCtrlEvent

  GetLogicalDriveStringsW

  DeleteFileA

  LocalFileTimeToFileTime

  lstrcpynW

  GetPrivateProfileIntW

  GetCurrentProcess

  GetUserDefaultLCID

  IsProcessorFeaturePresent

  GetDriveTypeA

  DeleteTimerQueueEx

  GetSystemDefaultUILanguage

  GetProfileSectionW

  GetModuleHandleA

  SetLastError

  InterlockedIncrement

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  GetModuleHandleW

  DeleteCriticalSection

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  WideCharToMultiByte

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  UnhandledExceptionFilter

  TerminateProcess

  VirtualProtect

  GetSystemInfo

  VirtualQuery

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CloseHandle

  CreateFileA

  Module32NextW

  GetModuleFileNameA

  GetStdHandle

  GetCommandLineA

  GetVersionExA

  GetLastError

  GetSystemTimeAsFileTime

  SetUnhandledExceptionFilter

  ExitProcess

  WriteFile

  mscms

  GetColorProfileHeader

  shlwapi

  UrlIsNoHistoryW

  StrRetToStrW

  rpcrt4

  RpcBindingFromStringBindingA

  oleaut32

  LoadTypeLibEx

  GetRecordInfoFromGuids

  secur32

  EnumerateSecurityPackagesW

  version

  GetFileVersionInfoSizeA

  pdh

  PdhGetLogFileSize

  comdlg32

  GetSaveFileNameA

  FindTextA

  gdi32

  GetSystemPaletteEntries

  FrameRgn

  GetObjectType

  ExtEscape

  GetViewportExtEx

  EqualRgn

  GetBitmapDimensionEx

  GetClipRgn

  GetCharWidthW

  GetOutlineTextMetricsW

  FillPath

  ExtSelectClipRgn

  GetTextExtentPointA

  GetDeviceCaps

  GetStretchBltMode

  GetMiterLimit

  GetTextMetricsW

  Sections

  .text

  Size: 67KB - Virtual size: 66KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 56KB - Virtual size: 74KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  FLn

  Size: 293KB - Virtual size: 293KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  h5x

  Size: 128KB - Virtual size: 129KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  K=t08PP

  Size: 155KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ