General

Malware Config

Signatures

Files

• 2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked_dropper

  .exe windows x86

  c86646a9ae29aab475d42a42a14cfef0

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  RtlUnwind

  mbstowcs

  memset

  ZwQueryInformationProcess

  NtQuerySystemInformation

  RtlNtStatusToDosError

  memcpy

  ZwOpenProcessToken

  ZwQueryInformationToken

  ZwOpenProcess

  NtUnmapViewOfSection

  NtMapViewOfSection

  NtCreateSection

  RtlUpcaseUnicodeString

  ZwClose

  RtlFreeUnicodeString

  NtQueryVirtualMemory

  shlwapi

  StrChrA

  StrTrimW

  PathFindExtensionW

  StrChrW

  PathFindFileNameW

  PathFindExtensionA

  PathCombineW

  StrRChrA

  kernel32

  CreateProcessA

  ResetEvent

  HeapFree

  CloseHandle

  DeleteFileW

  CreateDirectoryW

  CreateFileW

  CreateWaitableTimerA

  lstrcatA

  SetEvent

  lstrcpyW

  SetFileAttributesW

  Sleep

  lstrcpyA

  lstrlenW

  SwitchToThread

  SetEndOfFile

  CreateEventA

  FlushFileBuffers

  FindNextFileA

  FindFirstFileA

  HeapAlloc

  lstrcmpiW

  GetLastError

  SetWaitableTimer

  GetTickCount

  GetExitCodeProcess

  GetProcAddress

  lstrcatW

  VirtualProtectEx

  SuspendThread

  lstrcmpA

  FreeLibrary

  WriteFile

  FindClose

  GetFileTime

  CompareFileTime

  CreateFileA

  GetCommandLineW

  ExitProcess

  GetModuleHandleA

  HeapCreate

  HeapDestroy

  WaitForSingleObject

  ExpandEnvironmentStringsA

  LocalFree

  lstrcpynA

  lstrcmpiA

  SetLastError

  GetModuleFileNameA

  GetModuleFileNameW

  ExpandEnvironmentStringsW

  GetTempPathA

  ReadFile

  lstrlenA

  SetFilePointer

  GetFileSize

  GetTempFileNameA

  CreateDirectoryA

  GetVersion

  OpenProcess

  GetCurrentProcess

  GetCurrentProcessId

  ResumeThread

  CreateThread

  VirtualAlloc

  EnterCriticalSection

  LoadLibraryA

  InitializeCriticalSection

  IsWow64Process

  TerminateThread

  GetVersionExW

  LeaveCriticalSection

  GetCurrentThreadId

  VirtualFree

  GetLongPathNameW

  user32

  SendMessageW

  SetClassLongW

  EndMenu

  CallNextHookEx

  CreatePopupMenu

  DefWindowProcW

  AppendMenuA

  PostMessageW

  GetMessageW

  TranslateMessage

  GetClassWord

  TrackPopupMenuEx

  wsprintfW

  FindWindowA

  wsprintfA

  SetWinEventHook

  SetWindowsHookExW

  DispatchMessageW

  RegisterClassExW

  DestroyWindow

  CreateWindowExW

  advapi32

  ConvertStringSecurityDescriptorToSecurityDescriptorA

  RegDeleteValueW

  RegEnumKeyExA

  RegOpenKeyW

  RegCreateKeyA

  GetTokenInformation

  RegOpenKeyExA

  RegQueryValueExW

  RegSetValueExW

  GetSidSubAuthorityCount

  GetSidSubAuthority

  RegCloseKey

  RegQueryValueExA

  OpenProcessToken

  RegOpenKeyA

  RegSetValueExA

  shell32

  ord92

  ShellExecuteW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  Sections

  .text

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 338KB - Virtual size: 340KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ