General

Malware Config

Signatures

Files

• e1dccb38b5548781f644f5c8cce1a7e46fbbfe37774e0f154b3a5393f41ff8f7

  .exe windows x86

  ccb97196bf8cc75d62829ef59edfe1e0

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  InterlockedExchange

  GetProcessHeap

  GetModuleHandleA

  CreateEventA

  GetLocalTime

  Sleep

  lstrcatA

  CreateProcessA

  SetFilePointer

  ReadFile

  WriteFile

  RaiseException

  LocalAlloc

  LocalFree

  GetProcAddress

  GetDriveTypeA

  CreateDirectoryA

  GetVersionExA

  lstrcmpA

  WideCharToMultiByte

  MultiByteToWideChar

  FreeLibrary

  GetPrivateProfileSectionNamesA

  GetLastError

  SetErrorMode

  ReleaseMutex

  OutputDebugStringA

  GlobalUnlock

  RemoveDirectoryA

  GlobalFree

  SetEvent

  lstrcpyA

  VirtualAlloc

  VirtualFree

  CloseHandle

  LoadLibraryA

  GetStartupInfoA

  user32

  GetSystemMetrics

  LoadCursorA

  ReleaseDC

  SetRect

  OpenClipboard

  GetWindowThreadProcessId

  IsWindowVisible

  GetThreadDesktop

  PostMessageA

  CreateWindowExA

  CloseWindow

  SendMessageA

  SetClipboardData

  CloseClipboard

  SetCursorPos

  WindowFromPoint

  SetCapture

  GetCursorPos

  GetKeyState

  GetAsyncKeyState

  GetForegroundWindow

  GetWindowTextA

  CharNextA

  IsWindow

  gdi32

  CreateDIBSection

  SelectObject

  BitBlt

  CreateCompatibleBitmap

  GetDIBits

  DeleteObject

  DeleteDC

  advapi32

  GetLengthSid

  RegCloseKey

  LsaOpenPolicy

  LsaRetrievePrivateData

  LsaClose

  LookupAccountNameA

  IsValidSid

  RegSetValueExA

  RegCreateKeyExA

  FreeSid

  RegSetKeySecurity

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  AddAccessAllowedAce

  InitializeAcl

  AllocateAndInitializeSid

  RegEnumKeyExA

  RegQueryValueExA

  RegOpenKeyA

  RegOpenKeyExA

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  LookupAccountSidA

  GetTokenInformation

  RegQueryValueA

  shell32

  SHGetSpecialFolderPathA

  SHGetFileInfoA

  msvcrt

  _strnicmp

  _iob

  _controlfp

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  exit

  _XcptFilter

  _exit

  ??1type_info@@UAE@XZ

  memset

  ??2@YAPAXI@Z

  ??3@YAXPAX@Z

  memcpy

  __CxxFrameHandler

  _CxxThrowException

  memmove

  ceil

  _ftol

  strlen

  strstr

  memcmp

  strcpy

  strchr

  malloc

  strcat

  strcmp

  free

  _except_handler3

  strrchr

  rename

  _strupr

  atoi

  strncmp

  strncpy

  _errno

  wcscpy

  strtok

  strncat

  rand

  _beginthreadex

  calloc

  msvcp60

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

  netapi32

  NetUserAdd

  NetLocalGroupAddMembers

  msvfw32

  ICSendMessage

  ICSeqCompressFrameEnd

  Sections

  .rdata

  Size: 12KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 144KB - Virtual size: 147KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ