General

Malware Config

Signatures

Files

• e6dd59153035a706919ad0f77708ec198153a5ec6266ba5c583133a9f6a20e03

  .exe windows x86

  600f4a6e23f37b39f03258139f410227

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LocalFree

  LocalSize

  OpenEventA

  SetErrorMode

  CreateMutexA

  WinExec

  CopyFileA

  GetModuleFileNameA

  GetCurrentThreadId

  SetFileTime

  LocalFileTimeToFileTime

  SystemTimeToFileTime

  CreateToolhelp32Snapshot

  GetSystemDirectoryA

  DisconnectNamedPipe

  TerminateProcess

  CreateProcessA

  GetStartupInfoA

  CreatePipe

  PeekNamedPipe

  WaitForMultipleObjects

  GlobalMemoryStatusEx

  OpenProcess

  GetModuleHandleA

  GetCurrentProcess

  GetTickCount

  GlobalSize

  Process32First

  Process32Next

  MoveFileA

  WriteFile

  CreateFileA

  SetFilePointer

  GlobalAlloc

  LocalReAlloc

  FindFirstFileA

  FindNextFileA

  FindClose

  RemoveDirectoryA

  GetLogicalDriveStringsA

  GetVolumeInformationA

  GetDiskFreeSpaceExA

  GetDriveTypeA

  GetFileAttributesA

  CreateDirectoryA

  GetLastError

  DeleteFileA

  OutputDebugStringA

  GetVersionExA

  GetPrivateProfileStringA

  lstrcmpA

  WideCharToMultiByte

  MultiByteToWideChar

  GetWindowsDirectoryA

  lstrcpyA

  lstrcatA

  GetPrivateProfileSectionNamesA

  lstrlenA

  FreeLibrary

  CancelIo

  InterlockedExchange

  ResetEvent

  CloseHandle

  VirtualAlloc

  CreateEventA

  EnterCriticalSection

  LeaveCriticalSection

  VirtualFree

  DeleteCriticalSection

  InitializeCriticalSection

  LoadLibraryA

  GetProcAddress

  GlobalLock

  GlobalUnlock

  GlobalFree

  Sleep

  ReadFile

  GetSystemTime

  CreateThread

  SetEvent

  WaitForSingleObject

  TerminateThread

  GetFileSize

  user32

  MapVirtualKeyA

  SetCapture

  WindowFromPoint

  SetCursorPos

  mouse_event

  GetSystemMetrics

  SetRect

  GetDC

  GetDesktopWindow

  ReleaseDC

  GetCursorInfo

  GetCursorPos

  SetProcessWindowStation

  OpenWindowStationA

  GetProcessWindowStation

  PostThreadMessageA

  keybd_event

  ExitWindowsEx

  GetWindowThreadProcessId

  EnumWindows

  CloseDesktop

  SetThreadDesktop

  GetUserObjectInformationA

  IsWindow

  CloseWindow

  CreateWindowExA

  OpenDesktopA

  PostMessageA

  OpenInputDesktop

  GetThreadDesktop

  GetClipboardData

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  SendMessageA

  SystemParametersInfoA

  BlockInput

  DestroyCursor

  LoadCursorA

  IsWindowVisible

  GetMessageA

  wsprintfA

  GetWindowTextA

  CharNextA

  GetInputState

  gdi32

  DeleteObject

  BitBlt

  CreateDIBSection

  SelectObject

  CreateCompatibleBitmap

  GetDIBits

  CreateCompatibleDC

  DeleteDC

  advapi32

  LsaOpenPolicy

  LsaRetrievePrivateData

  LsaClose

  LookupAccountNameA

  IsValidSid

  RegCreateKeyA

  DeleteService

  OpenServiceA

  OpenSCManagerA

  RegCloseKey

  RegOpenKeyExA

  RegEnumValueA

  RegEnumKeyExA

  RegQueryValueExA

  RegDeleteValueA

  RegDeleteKeyA

  RegSetValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  CloseServiceHandle

  UnlockServiceDatabase

  ChangeServiceConfigA

  LockServiceDatabase

  QueryServiceStatus

  ControlService

  StartServiceA

  QueryServiceConfigA

  EnumServicesStatusA

  SetServiceStatus

  RegisterServiceCtrlHandlerA

  StartServiceCtrlDispatcherA

  RegOpenKeyA

  CreateServiceA

  GetUserNameA

  LookupAccountSidA

  GetTokenInformation

  LsaFreeMemory

  shell32

  ShellExecuteA

  SHGetSpecialFolderPathA

  msvcrt

  _adjust_fdiv

  ??0exception@@QAE@ABQBD@Z

  ??1exception@@UAE@XZ

  strlen

  ??0exception@@QAE@ABV0@@Z

  _strcmpi

  _strnicmp

  _controlfp

  __set_app_type

  __p__fmode

  __p__commode

  memcpy

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  _XcptFilter

  _exit

  _iob

  _onexit

  __dllonexit

  ??1type_info@@UAE@XZ

  calloc

  _beginthreadex

  atol

  strncat

  exit

  _errno

  strncmp

  strncpy

  wcscpy

  atoi

  strrchr

  sprintf

  _except_handler3

  free

  malloc

  strchr

  strstr

  _ftol

  ceil

  memmove

  _CxxThrowException

  __CxxFrameHandler

  ??3@YAXPAX@Z

  ??2@YAPAXI@Z

  ws2_32

  connect

  htons

  gethostbyname

  setsockopt

  WSAIoctl

  recv

  select

  WSAStartup

  gethostname

  __WSAFDIsSet

  sendto

  listen

  accept

  getpeername

  bind

  getsockname

  ntohs

  inet_addr

  inet_ntoa

  send

  closesocket

  socket

  WSACleanup

  urlmon

  URLDownloadToFileA

  netapi32

  NetUserAdd

  NetLocalGroupAddMembers

  wininet

  InternetOpenUrlA

  InternetCloseHandle

  InternetOpenA

  InternetReadFile

  avicap32

  capCreateCaptureWindowA

  capGetDriverDescriptionA

  msvfw32

  ICOpen

  ICSeqCompressFrameEnd

  ICClose

  ICSendMessage

  ICSeqCompressFrame

  ICSeqCompressFrameStart

  ICCompressorFree

  psapi

  EnumProcessModules

  GetModuleFileNameExA

  wtsapi32

  WTSFreeMemory

  WTSQuerySessionInformationA

  Sections

  .text

  Size: 96KB - Virtual size: 94KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 16KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ