General

Malware Config

Signatures

Files

• Carbanak_0AD6DA9E62A2C985156A9C53F8494171

  .exe windows x86

  bd4d752997f22709d6a04e18a6708052

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  memset

  _wcsicmp

  RtlCreateUserThread

  memcpy

  RtlEqualString

  memcmp

  wcsrchr

  RtlInitUnicodeString

  RtlEqualUnicodeString

  NtQuerySystemInformation

  NtQueryInformationProcess

  RtlGetCurrentPeb

  ws2_32

  ntohs

  send

  htons

  kernel32

  VirtualProtect

  VirtualQuery

  VirtualAllocEx

  VirtualFreeEx

  VirtualProtectEx

  WriteFile

  ReadProcessMemory

  WriteProcessMemory

  GetCurrentProcess

  OutputDebugStringA

  SetFilePointer

  ReadFile

  UnmapViewOfFile

  MapViewOfFile

  VirtualQueryEx

  OutputDebugStringW

  advapi32

  QueryServiceStatusEx

  OpenServiceW

  OpenSCManagerW

  IsTextUnicode

  CloseServiceHandle

  Sections

  .text

  Size: 106KB - Virtual size: 105KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 68KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ