General

Malware Config

Signatures

Files

• 61d06bf851691930e040bb472f567fa64a973936bd43fe325096e33b4bc48334

  .exe windows x86

  987ec4575403498712c7fe95313113ad

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  resutils

  ResUtilGetBinaryValue

  ClusWorkerStart

  ResUtilDupString

  ClusWorkerTerminate

  cfgmgr32

  CM_Add_Empty_Log_Conf

  CMP_Report_LogOn

  CMP_Init_Detection

  CM_Add_Range

  advapi32

  ReadEventLogA

  RegUnLoadKeyW

  RegRestoreKeyW

  RegCreateKeyExW

  RegLoadKeyW

  OpenEventLogA

  RegOpenKeyA

  RegSaveKeyA

  LogonUserA

  RegEnumKeyA

  RegDeleteValueW

  kernel32

  LeaveCriticalSection

  LoadLibraryExA

  CreateFileA

  OpenFileMappingW

  lstrcpy

  GetDateFormatW

  GetCommandLineA

  GetModuleHandleA

  GetEnvironmentVariableW

  GetCurrentThread

  WaitForSingleObject

  lstrcmp

  CreateMutexA

  CreateMailslotA

  GetProcAddress

  GetSystemDirectoryA

  user32

  LoadMenuW

  GetDlgItemTextW

  GetPropA

  DrawStateA

  LoadBitmapW

  SetFocus

  CharToOemA

  FindWindowW

  InsertMenuW

  LoadCursorA

  wsprintfW

  DialogBoxParamW

  IsCharLowerA

  CreateWindowExA

  PeekMessageA

  comsvcs

  RecycleSurrogate

  SafeRef

  Sections

  .text

  Size: 119KB - Virtual size: 118KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 673B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ