General

Malware Config

Signatures

Files

• cb5d59d17dbc35d333be4857e8d65fa1e766b8af8793faf7cfcec203ef38df4b

  .exe windows x86

  e3edfc33507628fea6969edc54a25a21

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  GetLastError

  GetProcessId

  GetExitCodeProcess

  GetProcAddress

  LoadLibraryA

  Sleep

  GlobalAlloc

  ReleaseSemaphore

  WaitForSingleObject

  ExitProcess

  SwitchToThread

  GetModuleHandleW

  VerifyVersionInfoW

  VerSetConditionMask

  IsWow64Process

  GetCurrentProcess

  InitializeCriticalSectionAndSpinCount

  CreateSemaphoreA

  GetVersion

  CreateProcessA

  ResumeThread

  GetTickCount

  SetLastError

  DeleteFileA

  InitializeCriticalSection

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  GetTempPathA

  GetTempFileNameA

  lstrlenA

  CreateFileA

  CreateFileW

  GetFileSize

  ReadFile

  SetFilePointer

  WriteFile

  MapViewOfFile

  UnmapViewOfFile

  LocalAlloc

  LocalFree

  CreateFileMappingA

  WideCharToMultiByte

  FormatMessageA

  OpenProcess

  QueryPerformanceCounter

  GetThreadPriority

  WriteConsoleW

  SetEnvironmentVariableA

  SetEndOfFile

  SetStdHandle

  DeleteFileW

  ReadConsoleW

  UnregisterWait

  CreateTimerQueue

  VirtualProtect

  VirtualFree

  VirtualAlloc

  GetVersionExW

  SetThreadPriority

  SetThreadAffinityMask

  GetProcessAffinityMask

  DeleteTimerQueueTimer

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetModuleFileNameA

  GetOEMCP

  GetACP

  IsValidCodePage

  GetProcessHeap

  GetStdHandle

  HeapSize

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  CreateSemaphoreW

  GetStartupInfoW

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  Process32Next

  Process32First

  CreateToolhelp32Snapshot

  GlobalUnlock

  GlobalLock

  LeaveCriticalSection

  EnterCriticalSection

  QueryPerformanceFrequency

  GetFileAttributesExW

  GetCPInfo

  AreFileApisANSI

  GetModuleHandleExW

  GetFileType

  SetFilePointerEx

  LoadLibraryW

  RegisterWaitForSingleObject

  GetNumaHighestNodeNumber

  ChangeTimerQueueTimer

  UnregisterWaitEx

  TlsFree

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InterlockedIncrement

  InterlockedDecrement

  EncodePointer

  DecodePointer

  MultiByteToWideChar

  GetStringTypeW

  HeapAlloc

  HeapFree

  HeapReAlloc

  CreateThread

  GetCurrentThreadId

  ExitThread

  LoadLibraryExW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetCommandLineA

  RaiseException

  RtlUnwind

  CreateTimerQueueTimer

  OutputDebugStringW

  GetCurrentThread

  GetThreadTimes

  FreeLibrary

  FreeLibraryAndExitThread

  GetModuleFileNameW

  GetModuleHandleA

  DuplicateHandle

  SetEvent

  CreateEventW

  InitializeSListHead

  SignalObjectAndWait

  user32

  OpenClipboard

  GetClipboardData

  EnumWindows

  GetClassNameA

  CloseClipboard

  MessageBoxA

  GetFocus

  GetWindowThreadProcessId

  GetClientRect

  GetWindowLongA

  SetWindowLongA

  SetWindowPos

  ShowWindow

  GetShellWindow

  GetDesktopWindow

  GetSystemMetrics

  DestroyWindow

  CloseWindow

  SetForegroundWindow

  SetActiveWindow

  GetForegroundWindow

  IsWindow

  ReleaseDC

  PrintWindow

  GetDC

  SetClipboardData

  EmptyClipboard

  GetWindowRect

  EnumChildWindows

  SendInput

  SendMessageA

  GetWindowTextA

  gdi32

  DeleteDC

  DeleteObject

  GetDIBits

  SelectObject

  CreateCompatibleBitmap

  CreateCompatibleDC

  shell32

  SHGetFolderPathA

  ws2_32

  WSAStartup

  WSAGetLastError

  socket

  gethostbyname

  htons

  connect

  send

  recv

  closesocket

  WSACleanup

  Sections

  .text

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 979KB - Virtual size: 979KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 54KB - Virtual size: 154KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 340KB - Virtual size: 340KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ