General

Malware Config

Signatures

Files

• cbc065cb14668460b06a147068ccbfdc53aa34e6b2640f41d18df5a0ad6072f0

  .exe windows x86

  289dbde92a9c284da6ca49029a81ca47

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetTickCount

  GetCommandLineW

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  GetModuleHandleW

  GetFileSize

  ReadFile

  SetFilePointer

  CreateFileW

  OutputDebugStringA

  GlobalAlloc

  GlobalSize

  GlobalLock

  GlobalUnlock

  IsBadStringPtrW

  GetCurrentProcessId

  WinExec

  InterlockedIncrement

  SetEvent

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  SetLastError

  GetCurrentThreadId

  FindResourceExW

  FindResourceW

  SizeofResource

  LoadResource

  LockResource

  RegisterWaitForSingleObject

  CloseHandle

  DeleteCriticalSection

  lstrcmpA

  DeviceIoControl

  GetVersionExW

  GetSystemWindowsDirectoryW

  FreeResource

  Sleep

  InterlockedCompareExchange

  GetLocalTime

  WriteConsoleW

  SetFilePointerEx

  ReadConsoleW

  GetConsoleMode

  GetConsoleCP

  SetStdHandle

  WaitForSingleObjectEx

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  FindFirstFileExW

  FindFirstFileExA

  FindClose

  GetTimeZoneInformation

  GetCurrentDirectoryW

  InitializeCriticalSectionAndSpinCount

  SetConsoleCtrlHandler

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetFileType

  GetCurrentThread

  GetACP

  GetCurrentProcess

  GetModuleFileNameA

  ExitProcess

  GetFullPathNameA

  GetFullPathNameW

  GetDriveTypeW

  GetModuleHandleExW

  FreeLibraryAndExitThread

  ResumeThread

  ExitThread

  CreateThread

  LoadLibraryExW

  InterlockedFlushSList

  RtlUnwind

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  InterlockedDecrement

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  CreateFileMappingW

  UnmapViewOfFile

  MapViewOfFile

  DosDateTimeToFileTime

  FileTimeToDosDateTime

  LocalFileTimeToFileTime

  FileTimeToLocalFileTime

  SystemTimeToFileTime

  GetSystemTime

  SetFileTime

  InterlockedExchange

  GetModuleFileNameW

  LoadLibraryW

  GetProcAddress

  WideCharToMultiByte

  MultiByteToWideChar

  GetTempFileNameW

  GetTempPathW

  CreateMutexW

  ReleaseMutex

  FreeLibrary

  CreateEventW

  WaitForMultipleObjects

  GetLastError

  RaiseException

  OpenProcess

  GetProcessHeap

  HeapSize

  HeapFree

  HeapReAlloc

  GetFileTime

  SetEndOfFile

  FlushFileBuffers

  WriteFile

  FormatMessageA

  TryEnterCriticalSection

  InterlockedExchangeAdd

  LoadLibraryExA

  VirtualFree

  VirtualAlloc

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  OutputDebugStringW

  InitializeSListHead

  QueryPerformanceCounter

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetStringTypeW

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetCPInfo

  GetSystemTimeAsFileTime

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  SwitchToThread

  EncodePointer

  FormatMessageW

  TerminateProcess

  GetStdHandle

  ResetEvent

  WaitForSingleObject

  HeapAlloc

  HeapDestroy

  SetCurrentDirectoryW

  DecodePointer

  user32

  SendMessageTimeoutW

  PostMessageW

  DefWindowProcW

  CallWindowProcW

  RegisterClassExW

  GetClassInfoExW

  CreateWindowExW

  IsWindow

  DestroyWindow

  SetTimer

  KillTimer

  RegisterWindowMessageW

  GetWindowThreadProcessId

  SendMessageW

  UnregisterClassW

  SetWindowTextW

  GetAncestor

  GetMonitorInfoW

  MonitorFromRect

  SetWindowPlacement

  GetWindowPlacement

  LoadStringW

  GetKeyState

  GetWindow

  DeregisterShellHookWindow

  RegisterShellHookWindow

  IsRectEmpty

  AdjustWindowRectEx

  RemovePropW

  GetPropW

  SetPropW

  GetForegroundWindow

  UpdateWindow

  SetMenu

  LoadIconW

  SetClassLongW

  PtInRect

  FrameRect

  WindowFromPoint

  ClientToScreen

  GetCursorPos

  SetCursor

  GetWindowRect

  GetClientRect

  EndPaint

  BeginPaint

  ReleaseDC

  GetDC

  GetSystemMetrics

  ReleaseCapture

  SetCapture

  GetCapture

  SetFocus

  UpdateLayeredWindow

  GetDoubleClickTime

  ReplyMessage

  GetMessageTime

  GetMessagePos

  TrackMouseEvent

  ScreenToClient

  RegisterClipboardFormatW

  IsDialogMessageW

  TranslateAcceleratorW

  LoadAcceleratorsW

  PostQuitMessage

  DispatchMessageW

  TranslateMessage

  GetMessageW

  SetParent

  IsWindowVisible

  SetWindowPos

  ShowWindow

  CallNextHookEx

  UnhookWindowsHookEx

  SetWindowsHookExW

  LoadCursorW

  FindWindowW

  SetWindowLongW

  GetWindowLongW

  gdi32

  GetStockObject

  GetDeviceCaps

  CreateSolidBrush

  SwapBuffers

  CreateDIBSection

  SetPixelFormat

  DeleteDC

  CreateCompatibleDC

  ChoosePixelFormat

  SelectObject

  GetTextExtentPoint32W

  DeleteObject

  advapi32

  CryptReleaseContext

  RegSetValueExW

  RegCreateKeyExW

  GetTokenInformation

  RegQueryValueExW

  RegOpenKeyExW

  CheckTokenMembership

  FreeSid

  AllocateAndInitializeSid

  RegCloseKey

  OpenProcessToken

  CryptAcquireContextW

  RegEnumKeyExW

  CryptDestroyKey

  CryptSetKeyParam

  CryptGenRandom

  CryptImportKey

  CryptEncrypt

  CryptDecrypt

  CryptContextAddRef

  shell32

  SHGetSpecialFolderPathW

  DragQueryFileW

  ord165

  DragFinish

  SHGetFolderPathW

  ole32

  CoInitialize

  CoUninitialize

  StringFromGUID2

  CoCreateGuid

  CoTaskMemFree

  RevokeDragDrop

  RegisterDragDrop

  ReleaseStgMedium

  DoDragDrop

  CoTaskMemAlloc

  oleaut32

  SysAllocStringLen

  SysFreeString

  SysStringLen

  shlwapi

  StrStrIA

  StrCmpNIW

  PathIsDirectoryW

  StrStrIW

  StrTrimA

  StrTrimW

  PathFileExistsW

  PathCombineW

  PathRemoveFileSpecW

  PathFindFileNameW

  PathFindFileNameA

  PathFindExtensionW

  PathFindExtensionA

  PathCompactPathW

  PathAppendW

  StrCmpIW

  opengl32

  glPixelStorei

  glPopAttrib

  glPopMatrix

  glPushAttrib

  glPushMatrix

  glRotatef

  glTexEnvf

  glTexImage2D

  glTexParameteri

  glTexSubImage2D

  glMatrixMode

  glVertex2i

  glViewport

  wglCreateContext

  wglDeleteContext

  wglMakeCurrent

  glColor4f

  glDeleteTextures

  glColor3f

  glLoadIdentity

  glLineWidth

  glOrtho

  glBegin

  glBindTexture

  glVertex2f

  glClearColor

  glClear

  glHint

  glGenTextures

  glEnd

  glEnable

  glDrawArrays

  glInterleavedArrays

  glBlendFunc

  glDisable

  libcef

  cef_post_data_create

  cef_response_create

  cef_v8stack_trace_get_current

  cef_zip_reader_create

  cef_print_settings_create

  cef_post_data_element_create

  cef_end_tracing

  cef_string_list_copy

  cef_request_create

  cef_string_multimap_free

  cef_string_multimap_alloc

  cef_get_current_platform_thread_id

  cef_time_to_timet

  cef_string_list_free

  cef_string_utf16_cmp

  cef_string_utf16_to_utf8

  cef_string_utf8_to_utf16

  cef_string_utf16_clear

  cef_string_utf8_clear

  cef_string_utf16_set

  cef_string_userfree_utf16_free

  cef_string_list_alloc

  cef_visit_web_plugin_info

  cef_refresh_web_plugins

  cef_add_web_plugin_path

  cef_add_web_plugin_directory

  cef_remove_web_plugin_path

  cef_unregister_internal_web_plugin

  cef_force_web_plugin_shutdown

  cef_register_web_plugin_crash

  cef_is_web_plugin_unstable

  cef_currently_on

  cef_post_task

  cef_post_delayed_task

  cef_register_extension

  cef_register_scheme_handler_factory

  cef_clear_scheme_handler_factories

  cef_execute_process

  cef_initialize

  cef_shutdown

  cef_do_message_loop_work

  cef_run_message_loop

  cef_quit_message_loop

  cef_set_osmodal_loop

  cef_enable_highdpi_support

  cef_get_geolocation

  cef_add_cross_origin_whitelist_entry

  cef_remove_cross_origin_whitelist_entry

  cef_clear_cross_origin_whitelist

  cef_parse_url

  cef_create_url

  cef_format_url_for_security_display

  cef_get_mime_type

  cef_get_extensions_for_mime_type

  cef_base64encode

  cef_base64decode

  cef_uriencode

  cef_uridecode

  cef_parse_csscolor

  cef_parse_json

  cef_parse_jsonand_return_error

  cef_write_json

  cef_get_path

  cef_task_runner_get_for_thread

  cef_begin_tracing

  cef_launch_process

  cef_now_from_system_trace_time

  cef_api_hash

  cef_string_map_alloc

  cef_string_map_free

  cef_command_line_create

  cef_command_line_get_global

  cef_browser_host_create_browser

  cef_browser_host_create_browser_sync

  cef_log

  cef_string_wide_to_utf8

  cef_stream_reader_create_for_file

  cef_stream_reader_create_for_data

  cef_stream_reader_create_for_handler

  cef_cookie_manager_get_global_manager

  cef_cookie_manager_create_manager

  cef_process_message_create

  cef_stream_writer_create_for_file

  cef_stream_writer_create_for_handler

  cef_drag_data_create

  cef_request_context_get_global_context

  cef_request_context_create_context

  create_context_shared

  cef_v8context_get_current_context

  cef_v8context_get_entered_context

  cef_v8context_in_context

  cef_v8value_create_undefined

  cef_v8value_create_null

  cef_v8value_create_bool

  cef_v8value_create_int

  cef_v8value_create_uint

  cef_v8value_create_double

  cef_v8value_create_date

  cef_v8value_create_string

  cef_v8value_create_object

  cef_v8value_create_array

  cef_v8value_create_function

  cef_binary_value_create

  cef_value_create

  cef_string_list_size

  cef_string_list_value

  cef_string_list_append

  cef_string_map_size

  cef_string_map_key

  cef_string_map_value

  cef_string_map_append

  cef_string_multimap_size

  cef_string_multimap_key

  cef_string_multimap_value

  cef_string_multimap_append

  cef_list_value_create

  cef_dictionary_value_create

  cef_task_runner_get_for_current_thread

  crypt32

  CryptBinaryToStringW

  CryptBinaryToStringA

  CryptStringToBinaryA

  CryptStringToBinaryW

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  wininet

  InternetGetConnectedState

  iphlpapi

  GetAdaptersInfo

  urlmon

  URLDownloadToCacheFileW

  URLDownloadToFileW

  Sections

  .text

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 270KB - Virtual size: 270KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 26KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 260B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 1024B - Virtual size: 777B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ