General

Malware Config

Signatures

Files

• new.exe

  .exe windows x64

  a89befaa1980c64db95ace11e421e81f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  urlmon

  URLDownloadToFileA

  kernel32

  FreeLibrary

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  RegOpenKeyW

  shell32

  ShellExecuteA

  msvcp140

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ntdll

  NtQuerySystemInformation

  psapi

  GetModuleInformation

  normaliz

  IdnToAscii

  wldap32

  ord217

  crypt32

  CertCreateCertificateChainEngine

  ws2_32

  ntohl

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  api-ms-win-crt-stdio-l1-1-0

  fread

  api-ms-win-crt-heap-l1-1-0

  realloc

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-filesystem-l1-1-0

  _stat64

  api-ms-win-crt-string-l1-1-0

  strncpy

  api-ms-win-crt-time-l1-1-0

  _localtime64_s

  api-ms-win-crt-runtime-l1-1-0

  terminate

  api-ms-win-crt-convert-l1-1-0

  strtod

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  q������JBUGNŇ���B @i���ij��K�E�CE�>2�n�E�IsM��H���Z��1 /<�B�����s���5�/pn�؍�q�s���.>��@S/YZe�{������.��;&�����&V]����F�o}����{|z��Ś�I���|nE�{����M@HT�<W�s����H�8�&�2��s\V�ٴw�u>��7���/���N�q�R���o�X38$����}Ad�\R��櫐��8�rIl�����ʔ��`�
  6����ޗ�,)Z���2c2��惚�l�8����U9�B
  �Y#�m>Y��Kۤq{4Q����0��R~���/7<'2�OO|�_E��4}��
  �b��@AaZh�-���5��?e�.<�O��ކ�)���q��@֒k���;值�Vua9qgQ�5�Oy����i%P�-�ړ�p��W���y�5G��}7�D1�o�+݉5�v"˶�7G�2�@���Dt�R��G=)ډ����ˊ@� f$nO̙,烐���b3d�0������:Tͻ� �ܽ&��f�&�_��0=�)�➕�}#!��2Y�ŵ5Nu�D7;*���;���\��R����1v��� ����u_d2�Ɠ�:��A
  �����ck�ew:,j�\�����؛Z� W����{˫ A���sE��,I��:��Uw�2V�o%4ɻ�/����m�p�*��u�v Vq3ҿu��$tf��E�$�E���-ReG�q G�a�z���S�sҡ���*y{�@�R.�h.[s��bS@����J��d��x�̟� ��]J\����]�,"�lj��lT������ЅC�YВ1T5��Xn��5X5��I��,�\I�L>��Ju�a3�X�����;92�% N#��w!F�E�;8,Rf,�Nj#n���P����`^�[����:�/K��Z�f�xO5��3�������^,P^f��7���t����9Z(��8���?����D�X�:F?� V0���C�,�t��ӭ�۷�v��*���~�~*������t�d��C��2�e���h ���ɢH���m&�T��‡��<DY�+~}.��e+�>@c���YwZ��+�������=Q3Œ7$�Q� �03;1��&п��� �����H��k��eP�ܾ�{�Ium��G����(,��`p?Ns�������c�����)�A�!h�6oq�v����h�O�]���1�+d�d1������t6�U�l�!��q��ӛ���X�"<�9���$ӳ\���&�^W�����#���m!���_{QP��ЦQ����O���I��Oك]�
  %�~g{0�ih��*DjT��^��`h�
  ��Ð;�FN�e���Rr� � ν� 5WÉ��E%3_�-hb����9V ��()�����_;����漉iw�;��]����/����b��Ԟ�O$:�>�s�;% �)Ԟ4K����S�t������j.��P�d�a 5:r2 9">,O�?Fڲ�fW#j<���� @<�yВ-�%�3g.�b�7�w��YioX�O*U�tA�߭
  [�u áe"�v���rIt-(א�g@q-=h�<��qS��K���p�,A�G`�n�����C
  ��׸$�)@���h1)m��hi��`�I���f����Ri�����ʊ��Lvn}��,��w��;X��4t�����DO�~�!��P���AXHPz=8�Rʌ̞8���b��E�*"5��ux @�JH�4\��y�P@��5���ԡ���8��Y��8݊@�{G�[�pK�:$���"��2e�m�GHp�Kږd�GNO�f����u���» ��j6D�Vۆ�c<�lm�y�!�:B����8/9`��K;5>��դ��K��6�ꉶ���x���JMm�'�����f��-����v˴MR���W�>q�Z��v4[䡔cQA ��U�OZF� ̹b�oB�:�6�#���/Z���^\*_<��{��?��#X#�&����})���Ćk������y�g�J���U IͣE�m����!Շ�~�̳�{��B�rM7���#>֏�X�ki�Rz�˟F{|�/�&�ny��:��� �1�T����'
  ��̊��/���u7��Ρ�d����R�� ��<,<'�z�>P�G�=�E��'�&Ea�q��]���;5�=��m�#��d�*���.KT|G�L��(He�H��e��C?T���v���{O�;x%��'Qy������ f���>LAW�i�w�NR�>tf�ewvC�G��ѣ~f��}����';�?-.�0:����]���N^8Ѵ����>[9]�O���X3p$�r��J�Yf��`ɽݣbC��]�) D�j�(�k�]�0��w�>�d�[��&�$A����� B}��GUp<
  6ُ��r��ww@�L�)��wT�(�.I{U@"^�5�z*�w{��$����A�:������ԯ}O�ɝe�'E�NnІ&�H�5C��I�Q ���鈙��[Ԍ2����R�ܤ� /�f���x�^�(`[�ƹ'Է/��,�e�L�|i^-�P��zC�^$'��S��K���C�Ǘ3Оż��F˭
  ﱘ���n�rq=f-"�����Q��Be���)�PD#U�(ڐG�{N,�������~#��h�6�����^���˫���(N:�I���<�c& �Y �Y������U��N3��Δi�٬�4� �y(�1Q�5�ԏv���^�C��h�K�VKɥ����H�d�Q|�Bz���57t�"t
  �;���BRA�Q��ȉ�[�m} !�{� ��t�=�\Q��"�6c�aG�z���T;2�E���#�wxK� ���M����
  �rY�ֶ��|*��~�)Ku���V�}�"=g���Z��Ly���h2�gG�1K;���a2��`�y��@f��R��Č,d�5���7�J�dzC�Z��-��UHq+�E��w�؞� $�6�-Ks���R���,�"w<�/oA��?����2��&�d(���A;����C$D����]ɝ��$j�<����W��h®IC�c�][��1|���ñ�ؾ8N>\l�'h.��`

  Sections

  .text

  Size: 479KB - Virtual size: 479KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 141KB - Virtual size: 141KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 18KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vlizer

  Size: 46.5MB - Virtual size: 46.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: - Virtual size: 3.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp2

  Size: 5.1MB - Virtual size: 5.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ