General

Malware Config

Signatures

Files

• 987e0a7f8b48ebc420aabca48fc16107f4f637c1732186ebbeca337a55e60e33

  .exe windows x86

  82c9e1f90d87f1f2ce250d3ccc2e163f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  MsgWaitForMultipleObjectsEx

  GetKeyNameTextW

  VkKeyScanW

  MonitorFromWindow

  SetSysColors

  MapVirtualKeyA

  DrawIconEx

  SetMenuContextHelpId

  CloseWindow

  PostThreadMessageW

  MessageBoxA

  GetUserObjectInformationW

  TranslateMessage

  IsCharAlphaNumericA

  GetThreadDesktop

  GetProcessWindowStation

  CloseClipboard

  MonitorFromPoint

  BeginPaint

  GetCursor

  GetParent

  OpenInputDesktop

  GetLastActivePopup

  GetClassWord

  ArrangeIconicWindows

  MapVirtualKeyExA

  CopyAcceleratorTableA

  GetMenuItemRect

  GetClipboardFormatNameA

  ValidateRect

  CreateIconFromResource

  EndMenu

  MapVirtualKeyW

  GetTitleBarInfo

  GetWindowWord

  SetWindowTextA

  SetWindowPos

  VkKeyScanExA

  SetLayeredWindowAttributes

  ole32

  CoReleaseServerProcess

  CoCreateInstance

  CoRegisterClassObject

  CLSIDFromProgID

  CoInitialize

  OleRun

  StringFromCLSID

  CoRevokeClassObject

  advapi32

  CreateRestrictedToken

  ReportEventW

  AdjustTokenPrivileges

  GetSecurityDescriptorControl

  RegDeleteKeyW

  RegisterEventSourceW

  RegQueryInfoKeyW

  RegisterEventSourceA

  InitializeSecurityDescriptor

  RegQueryValueExA

  DeleteService

  LookupPrivilegeValueW

  shlwapi

  PathFileExistsW

  kernel32

  LCMapStringA

  GetLocaleInfoA

  HeapSize

  RtlUnwind

  HeapReAlloc

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  InitializeCriticalSectionAndSpinCount

  LoadLibraryA

  IsDebuggerPresent

  GetCurrentProcess

  TerminateProcess

  EnterCriticalSection

  MultiByteToWideChar

  LeaveCriticalSection

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  QueryPerformanceCounter

  HeapFree

  VirtualFree

  HeapCreate

  InterlockedDecrement

  InterlockedIncrement

  TlsFree

  TlsSetValue

  TlsAlloc

  DeleteCriticalSection

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  GetLastError

  GetStringTypeA

  GetStringTypeW

  ConnectNamedPipe

  WideCharToMultiByte

  GetEnvironmentStrings

  GlobalDeleteAtom

  UpdateResourceW

  SetFilePointerEx

  GetNamedPipeInfo

  ResetEvent

  DeleteAtom

  GetHandleInformation

  WTSGetActiveConsoleSessionId

  CancelWaitableTimer

  DecodePointer

  FlushFileBuffers

  VirtualAlloc

  FindFirstFileExW

  PurgeComm

  GetCommandLineW

  GetFileInformationByHandle

  GetModuleFileNameA

  FreeResource

  CreateFileMappingW

  LCMapStringW

  SetConsoleCursorInfo

  UnmapViewOfFile

  HeapAlloc

  GlobalMemoryStatus

  PostQueuedCompletionStatus

  DeviceIoControl

  TlsGetValue

  FindFirstFileExA

  CreateProcessW

  WaitNamedPipeW

  FreeLibrary

  GetLocaleInfoW

  EncodePointer

  UnhandledExceptionFilter

  ExitThread

  GetCurrentThreadId

  OpenFileMappingW

  GetWindowsDirectoryA

  OutputDebugStringA

  GetSystemInfo

  GetCurrentThread

  GetProcAddress

  VerSetConditionMask

  GetTempFileNameA

  CreateToolhelp32Snapshot

  SetCurrentDirectoryW

  SetErrorMode

  SetFileAttributesW

  CreateFileW

  GetTickCount

  VirtualProtect

  SetEndOfFile

  GetNamedPipeHandleStateA

  FreeEnvironmentStringsW

  LoadLibraryW

  GetThreadContext

  SetLastError

  CreateFileA

  GetConsoleScreenBufferInfo

  FormatMessageA

  Process32First

  CreateEventA

  GetCommandLineA

  GetStartupInfoA

  SetUnhandledExceptionFilter

  GetModuleHandleW

  Sleep

  ExitProcess

  WriteFile

  GetStdHandle

  FreeEnvironmentStringsA

  Sections

  .text

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 5KB - Virtual size: 107KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 86KB - Virtual size: 85KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ