General

Malware Config

Signatures

Files

• 37cb2dc660505585c1c4dba2e2cd0add26456a369b0728034278076ec6db029d

  .exe windows x86

  2fbf62e7d6a60f1b3a662054f784ade3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ole32

  CoRevertToSelf

  StgGetIFillLockBytesOnFile

  OleUninitialize

  CoGetCurrentProcess

  CoResumeClassObjects

  advapi32

  RegOpenKeyW

  GetServiceDisplayNameW

  OpenEventLogW

  RegRestoreKeyA

  GetSidSubAuthority

  PrivilegedServiceAuditAlarmW

  GetUserNameW

  AreAnyAccessesGranted

  SetThreadToken

  GetSecurityDescriptorControl

  gdi32

  CreateCompatibleDC

  AbortPath

  CombineRgn

  BeginPath

  CreateColorSpaceW

  CloseFigure

  CreateDCW

  Arc

  ColorCorrectPalette

  kernel32

  GetProcessHeap

  LoadLibraryExA

  OpenProcess

  LocalShrink

  PurgeComm

  GetNamedPipeHandleStateA

  ReleaseSemaphore

  LocalCompact

  GlobalCompact

  DecodePointer

  GetCommandLineA

  CancelIo

  GetLastError

  GetProcessTimes

  CreateIoCompletionPort

  GetThreadPriority

  PostQueuedCompletionStatus

  SetMailslotInfo

  SetSystemTimeAdjustment

  MapUserPhysicalPagesScatter

  GetThreadContext

  GetFileInformationByHandle

  GetMailslotInfo

  ClearCommError

  FindFirstFileExW

  GetProcessId

  SetPriorityClass

  InitAtomTable

  GetProcessVersion

  SetProcessWorkingSetSize

  ReleaseMutex

  DisconnectNamedPipe

  GlobalUnWire

  GetNamedPipeInfo

  CreateFileMappingW

  PeekNamedPipe

  RtlCaptureStackBackTrace

  GetProcessIoCounters

  GetFileAttributesExW

  GetFileType

  GetTapeStatus

  ConvertThreadToFiber

  CreateFiber

  GetVersion

  AssignProcessToJobObject

  DisableThreadLibraryCalls

  GetThreadTimes

  CreateTimerQueue

  GetLogicalDrives

  GetWriteWatch

  RequestDeviceWakeup

  GetProcessAffinityMask

  ResetWriteWatch

  CancelWaitableTimer

  MapUserPhysicalPages

  GetFileTime

  SetProcessShutdownParameters

  FlushViewOfFile

  SetSystemPowerState

  SetHandleCount

  GetExitCodeProcess

  MultiByteToWideChar

  InterlockedDecrement

  GetCPInfo

  HeapAlloc

  GetVersionExA

  GetStartupInfoA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InterlockedIncrement

  GetACP

  GetOEMCP

  GetProcAddress

  GetModuleHandleW

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  GetCurrentThreadId

  HeapFree

  LCMapStringA

  WideCharToMultiByte

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  VirtualFree

  VirtualAlloc

  HeapReAlloc

  HeapDestroy

  HeapCreate

  GetModuleHandleA

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  OutputDebugStringA

  GetLocaleInfoA

  Sleep

  VirtualProtect

  GetSystemInfo

  VirtualQuery

  InitializeCriticalSection

  RtlUnwind

  Sections

  .text

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ