General

Malware Config

Signatures

Files

• 2669cc7a683bf026bc102ad9eb3ae67eb15da3a9919646dfd033f3e748cfe2f3

  .exe windows x86

  0ecfc9ad0fc1ca2be3ed6630e3929f6b

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  FreeLibrary

  GetModuleHandleW

  GetProcAddress

  LocalFree

  FormatMessageW

  LoadLibraryW

  K32GetModuleInformation

  GetCurrentDirectoryW

  CreateFileW

  SetLastError

  WaitForSingleObject

  CreateRemoteThread

  GetVersionExW

  VirtualAllocEx

  VirtualFreeEx

  VirtualProtectEx

  ReadProcessMemory

  WriteProcessMemory

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  ReadConsoleW

  SetStdHandle

  VirtualQuery

  GetFileAttributesExW

  OpenProcess

  GetCurrentProcess

  GetLastError

  VirtualProtect

  CloseHandle

  CreateProcessA

  GetExitCodeProcess

  GetTimeZoneInformation

  SetFilePointerEx

  ReadFile

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  InterlockedIncrement

  InterlockedDecrement

  WideCharToMultiByte

  MultiByteToWideChar

  GetStringTypeW

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  Sleep

  InterlockedExchange

  EncodePointer

  DecodePointer

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetModuleFileNameW

  GetModuleHandleExW

  HeapValidate

  GetSystemInfo

  RaiseException

  RtlUnwind

  GetCommandLineW

  InitializeCriticalSectionAndSpinCount

  FatalAppExitA

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  CreateSemaphoreW

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetStdHandle

  WriteFile

  ExitProcess

  AreFileApisANSI

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCurrentThread

  GetCurrentThreadId

  SetConsoleCtrlHandler

  OutputDebugStringW

  WaitForSingleObjectEx

  CreateThread

  LoadLibraryExW

  GetFileType

  OutputDebugStringA

  WriteConsoleW

  HeapFree

  HeapReAlloc

  HeapSize

  HeapQueryInformation

  GetModuleFileNameA

  HeapAlloc

  GetProcessHeap

  lstrlenA

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableA

  user32

  TranslateMessage

  GetMessageW

  DispatchMessageW

  advapi32

  IsTextUnicode

  AdjustTokenPrivileges

  OpenProcessToken

  LookupPrivilegeValueW

  secur32

  LsaFreeReturnBuffer

  LsaEnumerateLogonSessions

  LsaGetLogonSessionData

  shlwapi

  PathIsRelativeW

  PathCombineW

  PathCanonicalizeW

  Sections

  .textbss

  Size: - Virtual size: 433KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 911KB - Virtual size: 910KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 159KB - Virtual size: 158KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 63KB - Virtual size: 64KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  mfdskon

  Size: - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE