General

Malware Config

Signatures

Files

• 36ef019e36c07eb2c3bb4c45dabecc750569dcb17d1f7f5867133018ba319c51

  .exe windows x86

  3a26c2e180f71099be6f79991205857a

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shlwapi

  SHGetValueA

  PathIsDirectoryEmptyW

  PathIsRootW

  PathFindFileNameW

  SHGetValueW

  PathCombineW

  StrStrIW

  StrToIntExW

  SHSetValueA

  wvnsprintfW

  PathRemoveFileSpecW

  PathFileExistsW

  PathIsDirectoryW

  version

  VerQueryValueW

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  kernel32

  CloseHandle

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentThreadId

  GetExitCodeThread

  ResumeThread

  FindNextFileW

  SetLastError

  GetFullPathNameW

  FindFirstFileW

  FindClose

  GetCommandLineW

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  lstrcpyW

  DebugBreak

  OutputDebugStringW

  lstrlenA

  FlushInstructionCache

  GetCurrentProcess

  FlushFileBuffers

  WriteFile

  ReadFile

  GetFileSize

  CreateFileW

  FreeResource

  GlobalUnlock

  LockResource

  SizeofResource

  LoadResource

  FindResourceW

  InitializeCriticalSection

  HeapDestroy

  DeleteCriticalSection

  CreateMutexW

  GetLastError

  GetProcAddress

  GetModuleHandleW

  GetVersionExW

  GetDiskFreeSpaceExW

  GlobalFree

  GlobalLock

  GlobalAlloc

  GetFileSizeEx

  GetPrivateProfileIntW

  GetTempPathW

  TerminateProcess

  GetExitCodeProcess

  GetFileAttributesExW

  GetSystemDirectoryW

  CopyFileW

  MultiByteToWideChar

  OpenProcess

  LoadLibraryW

  FreeLibrary

  WideCharToMultiByte

  GetVersion

  MulDiv

  GetModuleFileNameW

  WaitForSingleObject

  CreateThread

  CreateEventW

  SetEvent

  TlsSetValue

  TlsGetValue

  TlsAlloc

  GetLongPathNameW

  TlsFree

  HeapFree

  FormatMessageW

  GetSystemTime

  GetFileType

  GetModuleHandleA

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetLocalTime

  ResetEvent

  InterlockedExchangeAdd

  CreateWaitableTimerW

  SetWaitableTimer

  CreateSemaphoreW

  MoveFileW

  SetEndOfFile

  GetThreadTimes

  WaitForMultipleObjects

  ReleaseSemaphore

  ReleaseMutex

  GetCurrentThread

  VirtualAlloc

  VirtualFree

  LoadLibraryExW

  SetFilePointer

  LocalFree

  GetCurrentProcessId

  GetTempFileNameW

  GetTickCount

  RemoveDirectoryW

  SetErrorMode

  SetUnhandledExceptionFilter

  Sleep

  DeleteFileW

  MoveFileExW

  InterlockedIncrement

  lstrlenW

  InterlockedDecrement

  SetEnvironmentVariableW

  HeapAlloc

  GetProcessHeap

  GetEnvironmentVariableW

  OpenThread

  DeviceIoControl

  CreateFileA

  lstrcmpA

  lstrcmpiA

  GetStartupInfoW

  GetPrivateProfileStringW

  user32

  PostMessageW

  SendMessageW

  PeekMessageW

  EndDialog

  SetWindowPos

  MapWindowPoints

  GetClientRect

  SystemParametersInfoW

  GetWindowRect

  GetWindow

  GetMessageW

  TranslateMessage

  DispatchMessageW

  SetForegroundWindow

  ShowWindow

  GetActiveWindow

  DialogBoxParamW

  LoadStringW

  BeginPaint

  EndPaint

  CharNextW

  GetSysColor

  IsWindowEnabled

  GetDC

  ReleaseDC

  InflateRect

  GetWindowTextW

  GetScrollInfo

  MoveWindow

  GetScrollRange

  GetScrollPos

  SetScrollPos

  SetFocus

  SetScrollInfo

  ShowScrollBar

  GetCursorPos

  ScreenToClient

  DrawTextW

  GetSystemMenu

  wvsprintfW

  DestroyMenu

  GetWindowPlacement

  BringWindowToTop

  LoadIconW

  FindWindowExW

  UpdateWindow

  PostQuitMessage

  IsDialogMessageW

  KillTimer

  CreateWindowExW

  CallWindowProcW

  InvalidateRect

  RedrawWindow

  GetClassInfoExW

  LoadCursorW

  wsprintfW

  RegisterClassExW

  IsWindow

  IsWindowVisible

  IsIconic

  ExitWindowsEx

  EnableWindow

  OffsetRect

  GetDlgItem

  PtInRect

  CopyRect

  MessageBoxW

  UnregisterClassW

  CallNextHookEx

  GetWindowLongW

  GetParent

  UnhookWindowsHookEx

  CheckDlgButton

  SetWindowsHookExW

  CharLowerW

  SetDlgItemTextW

  SetTimer

  CharUpperW

  GetSystemMetrics

  LoadImageW

  SetWindowTextW

  SetWindowLongW

  DestroyWindow

  EnableMenuItem

  DefWindowProcW

  IsDlgButtonChecked

  GetDlgItemTextW

  CreateDialogParamW

  SetCursor

  gdi32

  CreateCompatibleBitmap

  GetDeviceCaps

  SetBkColor

  ExtTextOutW

  CreateCompatibleDC

  DeleteDC

  SetBkMode

  SelectObject

  SetTextColor

  DeleteObject

  BitBlt

  CreateFontIndirectW

  advapi32

  RegOpenKeyExA

  LookupPrivilegeValueW

  RegQueryValueExA

  RegEnumKeyExA

  RegSetValueExW

  RegQueryValueExW

  RegCloseKey

  RegOpenKeyExW

  OpenProcessToken

  AdjustTokenPrivileges

  shell32

  SHGetSpecialFolderPathW

  SHBrowseForFolderW

  Shell_NotifyIconW

  ShellExecuteExW

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHCreateDirectoryExW

  ShellExecuteW

  ole32

  OleRun

  CoInitializeEx

  CoInitializeSecurity

  CoSetProxyBlanket

  CoCreateInstance

  CLSIDFromProgID

  CoTaskMemFree

  CreateStreamOnHGlobal

  CoInitialize

  CoUninitialize

  oleaut32

  OleLoadPicture

  SafeArrayCreate

  SafeArrayPutElement

  VariantClear

  SysAllocString

  SysFreeString

  VariantInit

  CreateErrorInfo

  VariantChangeType

  SetErrorInfo

  GetErrorInfo

  SafeArrayDestroy

  comctl32

  InitCommonControlsEx

  msimg32

  TransparentBlt

  msvcp60

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

  ?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

  ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

  ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

  ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

  ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

  ?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

  ?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

  ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z

  ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z

  ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z

  ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z

  ?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z

  ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z

  ?nothrow@std@@3Unothrow_t@1@B

  ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

  ?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

  ??1_Winit@std@@QAE@XZ

  ??0_Winit@std@@QAE@XZ

  ??1Init@ios_base@std@@QAE@XZ

  ??0Init@ios_base@std@@QAE@XZ

  ?_Xran@std@@YAXXZ

  ?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ

  ?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z

  ??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z

  ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

  ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

  ?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

  ?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

  ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

  ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

  ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

  ??0logic_error@std@@QAE@ABV01@@Z

  ??0out_of_range@std@@QAE@ABV01@@Z

  ??1out_of_range@std@@UAE@XZ

  ??_7out_of_range@std@@6B@

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

  ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

  ?_Xlen@std@@YAXXZ

  ?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

  ?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ

  ?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

  ?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

  ??0_Lockit@std@@QAE@XZ

  ??1_Lockit@std@@QAE@XZ

  ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z

  ?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z

  ?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

  ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z

  ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z

  ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

  ?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

  ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

  ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

  ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

  ws2_32

  ntohl

  inet_addr

  inet_ntoa

  gethostbyname

  WSAGetLastError

  recv

  send

  setsockopt

  closesocket

  connect

  ntohs

  bind

  htonl

  htons

  WSAStartup

  WSACleanup

  WSAAsyncSelect

  accept

  WSAAsyncGetHostByName

  WSACancelAsyncRequest

  recvfrom

  sendto

  getpeername

  getsockname

  shutdown

  listen

  gethostname

  getsockopt

  ioctlsocket

  socket

  WSASetLastError

  setupapi

  SetupIterateCabinetW

  wininet

  HttpSendRequestW

  InternetConnectW

  InternetCanonicalizeUrlA

  InternetCrackUrlA

  InternetCloseHandle

  InternetOpenW

  InternetOpenUrlW

  InternetErrorDlg

  HttpQueryInfoW

  HttpOpenRequestW

  msvcrt

  _wcsnicmp

  wcstok

  wcsncmp

  fclose

  fread

  _wfopen

  _ftol

  _purecall

  wprintf

  _except_handler3

  __RTDynamicCast

  isdigit

  _CxxThrowException

  clock

  gmtime

  _wstat

  _CIpow

  atoi

  _wcsdup

  _stricmp

  tolower

  toupper

  setlocale

  fflush

  fwprintf

  _vsnprintf

  fprintf

  ctime

  sprintf

  _endthreadex

  _vsnwprintf

  strncpy

  strtol

  strchr

  calloc

  strncmp

  memchr

  _strnicmp

  isspace

  _atoi64

  _wtoi64

  ??0exception@@QAE@ABV0@@Z

  ??1exception@@UAE@XZ

  _stat

  ??0exception@@QAE@ABQBD@Z

  fopen

  _callnewh

  _errno

  strerror

  wcschr

  swscanf

  _strlwr

  strncat

  isprint

  __dllonexit

  ??1type_info@@UAE@XZ

  ?terminate@@YAXXZ

  _exit

  _XcptFilter

  _wcmdln

  __wgetmainargs

  _initterm

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  __set_app_type

  _controlfp

  _wcsupr

  _itoa

  _onexit

  printf

  exit

  malloc

  wcscmp

  _wsplitpath

  time

  srand

  rand

  _wtoi

  iswdigit

  realloc

  _wcsicmp

  wcsstr

  wcscat

  free

  swprintf

  wcsrchr

  wcscpy

  _snwprintf

  wcslen

  _beginthreadex

  wcsncat

  wcsncpy

  iswspace

  memmove

  ??2@YAPAXI@Z

  __CxxFrameHandler

  psapi

  GetModuleFileNameExW

  EnumProcessModules

  iphlpapi

  GetAdaptersInfo

  GetNetworkParams

  netapi32

  Netbios

  secur32

  AcquireCredentialsHandleA

  InitializeSecurityContextA

  FreeCredentialsHandle

  winhttp

  WinHttpGetIEProxyConfigForCurrentUser

  Sections

  .text

  Size: 692KB - Virtual size: 691KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 68KB - Virtual size: 64KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 64KB - Virtual size: 335KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE