General
-
Target
cb5040c8407fb6c12040b66346f0a025fda7ab62c38f743de6364435bc74e3bf.bin
-
Size
848KB
-
MD5
bafb6b512adc669328d515ae973e5ada
-
SHA1
0f56410895a180c3eff837de0413c57b424c2ca5
-
SHA256
cb5040c8407fb6c12040b66346f0a025fda7ab62c38f743de6364435bc74e3bf
-
SHA512
c748ae457f79b8d0a24680759a1c02236383a7d6d61d32f47b6bc2f27fc62bb71734f34da4a1d38883fd1eba9a953de804e4ff446079e7e2a61ac4604bee4a60
-
SSDEEP
24576:8+6cZEdC7zw+P4vGYAb4QqcgvaOcCxoHds:H/Kd4P4vecygyTPHW
Malware Config
Extracted
vidar
41.5
903
https://mas.to/@xeroxxx
-
profile_id
903
Files
-
cb5040c8407fb6c12040b66346f0a025fda7ab62c38f743de6364435bc74e3bf.bin.exe windows x86
d7a3f04d58e3c67894b307c648c38b29
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalFree
HeapAlloc
GetProcessHeap
HeapFree
lstrcatA
CreateDirectoryA
FindClose
FindNextFileW
DeleteFileW
lstrcmpW
FindFirstFileW
lstrcatW
lstrcpyW
FindNextFileA
CopyFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
DeleteFileA
GetCurrentProcessId
SetCurrentDirectoryA
CopyFileW
CloseHandle
WriteFile
CreateFileA
MultiByteToWideChar
ReadFile
GetFileSize
GetVersionExA
GetFileSizeEx
GetCurrentDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileAttributesA
GetPrivateProfileSectionNamesA
FileTimeToSystemTime
InterlockedCompareExchange
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryW
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
LocalAlloc
HeapCreate
GetVersionExW
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
FormatMessageA
FlushFileBuffers
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
AreFileApisANSI
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
GetComputerNameA
IsWow64Process
GetCurrentProcess
GlobalMemoryStatus
GetModuleHandleA
GetUserDefaultLocaleName
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
GetLocaleInfoA
GetFileInformationByHandle
GetLocalTime
CompareStringW
SetStdHandle
WideCharToMultiByte
Sleep
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
SetEnvironmentVariableW
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetACP
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
HeapDestroy
ExitProcess
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
RaiseException
RtlUnwind
ExitThread
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
WriteConsoleW
user32
GetDesktopWindow
advapi32
GetUserNameA
shell32
SHGetFolderPathA
SHFileOperationA
ShellExecuteA
shlwapi
PathMatchSpecA
PathMatchSpecW
gdiplus
GdiplusStartup
GdipGetImageEncoders
GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipCloneImage
Sections
.text Size: 737KB - Virtual size: 737KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE