General

Malware Config

Signatures

Files

• 3b6e89d73b49bb53e66538674e16c1e9bbd0dd68edbbc10ad9965ff2e21188e5

  .exe windows x86

  ef9169c341840fd24df9a1a5eb716263

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  crypt32

  CertFindCRLInStore

  CertFindAttribute

  CryptFindOIDInfo

  CertDuplicateStore

  CertFindExtension

  CertOpenStore

  CertGetNameStringA

  CertDuplicateCRLContext

  CertCreateCRLContext

  CertSaveStore

  CryptEnumOIDInfo

  CertCreateContext

  CertDeleteCRLFromStore

  CertCloseStore

  CertControlStore

  cabinet

  Extract

  FCICreate

  FCIDestroy

  FCIFlushCabinet

  msimg32

  TransparentBlt

  DllInitialize

  kernel32

  GetFullPathNameA

  GetNumberFormatA

  SetVolumeLabelA

  DeviceIoControl

  CreateMutexA

  SetEndOfFile

  PurgeComm

  GetVolumePathNameW

  HeapValidate

  GetProcessTimes

  CreateEventW

  GetAtomNameA

  GetModuleHandleA

  TlsGetValue

  SetCurrentDirectoryA

  GetTickCount

  FindResourceA

  GetLogicalDrives

  GetDiskFreeSpaceA

  GetProcAddress

  GetEnvironmentVariableW

  SetEnvironmentVariableA

  lstrcmpA

  MoveFileW

  ReadFile

  GetShortPathNameA

  GetSystemInfo

  GetCurrentProcess

  QueryDosDeviceA

  GetBinaryTypeA

  Sections

  .text

  Size: 32KB - Virtual size: 31KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 457KB - Virtual size: 524KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ