General

Malware Config

Signatures

Files

• Spoof.exe

  .exe windows x64

  57d9d0a55daa9602de4b6be05ffea779

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  MultiByteToWideChar

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  CryptEncrypt

  shell32

  ShellExecuteA

  msvcp140

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  psapi

  GetModuleInformation

  normaliz

  IdnToAscii

  wldap32

  ord26

  crypt32

  CertFreeCertificateChain

  ws2_32

  getsockopt

  userenv

  UnloadUserProfile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  api-ms-win-crt-runtime-l1-1-0

  system

  api-ms-win-crt-stdio-l1-1-0

  fread

  api-ms-win-crt-heap-l1-1-0

  calloc

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-convert-l1-1-0

  strtod

  api-ms-win-crt-locale-l1-1-0

  localeconv

  api-ms-win-crt-string-l1-1-0

  strncpy

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �\��>3Q���϶��yYF��X��(c��;ܮ~�7b�v���a�ؿ������SH��+2�����aGL�\(���h���������B�3{��`=��O�UkDWBֆ�T^|�z��5L�����ب�/i��ǥ w��KbnM�������������c�QȸO�a'��Ǧ��S>��������ߟ��d�u���6�Hw�0��:�[,��`W�- N�(��TWRF�A����s�C�f�����|dc�j\U�Guj�1>��ptS�O�
  R�P����ְ��`_'�O���P#����ߒ���u!;byZw
  b!pG�e�%�[ m�]*[>7��=
  �-;� ��7N�x���~�eP�SJ�3�-]��� $����m�������� �d,9ӟ|6.�\`-Ƅ$�����]m!����[-W��,�>3�{J�mӲ�7�
  ��DD�Z�vՖ|;&��N�Y��q�c���_�U���)_5���o��Cjj@�V������mY�*�a�y��Ld���He~˄x=%�5�q\��::�/�M���Mp
  3�=���̓ǰe���H_���cIK����͋��L�Ͳȴ'(]���LX���
  �(q��bzŖ�c4�v��0p@ѯ���?:m���L����\M���]h�<Q� /��e�z�8������\&/�􍜀�IO�Q�o�
  �|�U�[)�#�,��{�e����qK���ɶ)��g�W�.f��g��R��/����u�o�!���b��T��h�޲k-�,7n�K�u�� ���J�ٽ܈��Z�k-��X�m;�6�o��9���=
  ����?�ﻨwy��fk:!c��
  H����!%5���(�M�#���D�r4���u�P���2���db;q�y�A{�t:A��Ĝ��q�!#���*KN`�Ny���k��cr!L��d�αMG�w�a���.�l'Mx���P˰�P�19$+�(l�!lu�;GȳHf�����(M���©����"��4�yLT�T(}�0���w����`����� �����TD(+�ߚ�g<��2����\H�PB*���*n�`p�_���m��H�F{�mW� ��ʵ���3k ��X�~�:^��7^��*��hk��}��\u#�f,VZ+�*�I�F/1�s^�wUz�!��?4&���<K��N���A���e�?e[:�����`���ؑUz����kQ�;,.yz]���2%��*޼t5���>b;��$���@[�da�,���훰�+Q@���� ���3z]Eq@��\p[dnɇ}�tV"��BꞙO���2�Ĝ�$,Clp<�z��& ͭT5�e��՟����*&�����'��;�ݍ��\�'�N�Z��=Z�����Gp۬�(g�}0�roH����|!Xr�q#0SHh{J_~�A��G8�G!�͍�tE��L��>s�hݐ�Ze圼R^��1�rE߽����'�AYd۽Pv����UV���e3�`�j���|I��.��4���ń��I�����=l�H������j�7�������C�q�F����l�I��~��9��3���[@8n�3��J7��X��_�1�1됊
  �(��
  q�c �%� �!�"�;��& g/� Ȓ�[���r]�A_��f���.T{+�Y�Sw�e���8�D�T�� ���U�wiL�%G���������Q�C�-V���y!�秱jh2`~�M�,LX��E�q���(&v�/�u�������5ezd �]���Hb�S[`:��G�>_���"�~K��Cs�(�ur3�_���))�7E��d'n%t+�Y!��9u׏-��)-�u�$��&|���9��#���Ŀ�tfm�x��|�n�����z��|̵���6 a��W�n6z��|vI�y��.�����'�r� ��F��|�Y��T�B�����Ib�i��|�<��Y��.Ԇy��,re!:��s����6���W��?��X�@���Q�S��s$ͅxD�k������ ��ɂ���hH�$�7V����8�����ꈳY��1V�BY�kxT�R:��n������ H�z�x�un�Lh��i'Ka�$�S��)�60��\'�蚲��������H-~�0��1@[�mA��\��R
  &f�xxFJ?H�e>�B�����. �2J�{��w������O�1�϶��A�RW�jGA/�G�P-M���$���Q��ӗ�Mt��:'��� S�6y�q}4wQ�4j�z�+�h�h5���
  K�p�� g���ð0 8��0X�
  $_Kb�S�gɛ���P��0X�%q4ل�ad����.Ǭo��e~/`9�vh=!dA���a�}���L4��&�f���gm�q�̵�[�!������t��^y�%�ǽ,�:�Q�g��@�E?�����tH��\��K6 ��ĩ�k���&5�5��F�R.&��)5�ض�R�_I4�%z0�Cٻ��=<���uy�U���L�P��F�M�z����S� �T�o�p8�vd�[`�q_��Q�ߤ�ar4Oj�G�婿�ɛo��j�����m'���>�]�����5> �~%���)�g@�YQ<_
  �� @Ȟ,�&Iv�9�� ]r\P��z#���S�7*�<��X*oӚ���ᝯ�$%���]�–*���]Z��<l*
  5�<����V���&�GxwCI�f��#�gI���+S�-�p�� )ES�]����pǠd�
  �F����nv�M����9)�}�b"����!+�%ͮ5�Q6y�2^�]���`�O�-�� ��QZ��{.v��)�?3 �9'��=����.l�c�I����"H3t�B��kko�Q$��b��8�=�i��CF��+)�pҠ~Z����Q�K,�p=`�lf cl ���G� �E�a�*��"?��ү'��g�Q���Z��E�yȥ�<�G�V=:�]���w��k�K@����ͧ%��@,[�n� �5%��,��I3�cm( N��K?��"�����d3��r�1��t��liB�����ꖻ�ƃ�ƒc�5��i&'{�qʀ�����2��V*%�����l�y[�N���?�%աdN��`S����^�
  v

  Sections

  .text

  Size: - Virtual size: 428KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 105KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 7.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 11.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 18.7MB - Virtual size: 18.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 196B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ