General

Malware Config

Signatures

Files

• 2ac64b3778ace2f0fc43a59152d29bfb5f9c32692f3ab21bab8a44214d8eba28

  .exe windows x86

  c2dfc999bf94a58d5e9718cfc85741dc

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  userenv

  CreateEnvironmentBlock

  DestroyEnvironmentBlock

  setupapi

  SetupDiGetDeviceRegistryPropertyW

  SetupDiSetDeviceRegistryPropertyW

  SetupDiGetClassDevsW

  SetupDiEnumDeviceInfo

  SetupDiDestroyDeviceInfoList

  wtsapi32

  WTSEnumerateSessionsW

  WTSEnumerateProcessesW

  WTSFreeMemory

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  kernel32

  ReleaseMutex

  OpenProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  GetProcAddress

  Process32NextW

  GetModuleHandleA

  GetCurrentProcess

  GetVersionExW

  GetSystemDirectoryW

  CreateDirectoryW

  GetModuleFileNameW

  GetCurrentThreadId

  Sleep

  LoadLibraryW

  FindResourceW

  LoadResource

  LockResource

  CreateProcessW

  SizeofResource

  lstrlenW

  WaitForMultipleObjects

  FreeLibrary

  WaitForSingleObject

  GetExitCodeProcess

  GetModuleHandleW

  SetThreadPriority

  TerminateThread

  TerminateProcess

  LoadLibraryExW

  RaiseException

  ResetEvent

  lstrcmpiW

  InterlockedIncrement

  GetTickCount

  DisconnectNamedPipe

  InterlockedDecrement

  CancelIo

  PeekNamedPipe

  ExitThread

  CreateEventW

  GetOverlappedResult

  CreateThread

  CreateNamedPipeW

  ConnectNamedPipe

  SetEvent

  GetCurrentThread

  LocalFree

  SetUnhandledExceptionFilter

  lstrcpyW

  SetErrorMode

  GetCommandLineW

  WideCharToMultiByte

  OpenEventW

  GetCommState

  SetCommState

  SetCommMask

  PurgeComm

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetModuleFileNameA

  GetStdHandle

  GetCurrentDirectoryA

  GetFullPathNameW

  ExitProcess

  CreateMutexW

  CloseHandle

  GetLastError

  MultiByteToWideChar

  DeleteFileW

  GetFileSize

  SetEndOfFile

  SetFilePointer

  HeapValidate

  WriteFile

  HeapSize

  HeapFree

  ReadFile

  HeapAlloc

  CreateFileW

  GetProcessHeap

  EnterCriticalSection

  DeleteCriticalSection

  IsBadCodePtr

  InitializeCriticalSection

  LeaveCriticalSection

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  GetDriveTypeA

  FlushFileBuffers

  CreateFileA

  CompareStringA

  VirtualFree

  HeapCreate

  HeapDestroy

  SetLastError

  TlsFree

  TlsSetValue

  CompareStringW

  SetEnvironmentVariableA

  TlsAlloc

  TlsGetValue

  RtlUnwind

  SetStdHandle

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  LCMapStringA

  GetTimeZoneInformation

  GetConsoleMode

  GetConsoleCP

  LoadLibraryA

  GetStartupInfoW

  VirtualQuery

  GetSystemInfo

  VirtualAlloc

  VirtualProtect

  HeapReAlloc

  FindFirstFileW

  GetDriveTypeW

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  FindClose

  GetFileAttributesW

  MoveFileW

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetVersionExA

  GetThreadLocale

  GetLocaleInfoA

  GetACP

  InterlockedExchange

  user32

  MessageBoxExW

  UnregisterClassW

  DestroyWindow

  PostMessageW

  UnregisterClassA

  RegisterClassW

  DefWindowProcW

  LoadStringW

  PostThreadMessageW

  CharUpperW

  TranslateMessage

  GetMessageW

  DispatchMessageW

  PeekMessageW

  MessageBoxW

  MsgWaitForMultipleObjects

  CharNextW

  CharUpperBuffW

  wsprintfW

  CreateWindowExW

  advapi32

  ControlService

  CopySid

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  StartServiceCtrlDispatcherW

  CloseServiceHandle

  SetServiceStatus

  CreateServiceW

  DeregisterEventSource

  ReportEventW

  RegisterEventSourceW

  OpenSCManagerW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegisterServiceCtrlHandlerW

  OpenThreadToken

  DeleteService

  GetTokenInformation

  IsValidSid

  OpenServiceW

  GetLengthSid

  InitializeSecurityDescriptor

  RegEnumKeyExW

  SetSecurityDescriptorDacl

  RegDeleteKeyW

  RegSetValueExW

  RegDeleteValueW

  CreateProcessAsUserW

  RegQueryValueExW

  RegQueryInfoKeyW

  GetUserNameW

  RegEnumKeyW

  RevertToSelf

  ImpersonateLoggedOnUser

  RegCloseKey

  OpenProcessToken

  RegCreateKeyExW

  RegOpenKeyExW

  shell32

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  ole32

  CoTaskMemRealloc

  CoCreateGuid

  CoTaskMemFree

  StringFromCLSID

  CoTaskMemAlloc

  CoResumeClassObjects

  CoRevokeClassObject

  CoInitializeSecurity

  CoInitializeEx

  CoRegisterClassObject

  CoUninitialize

  StringFromGUID2

  CoSuspendClassObjects

  CoCreateInstance

  oleaut32

  SafeArrayUnaccessData

  SafeArrayAccessData

  VarBstrCmp

  VariantClear

  VariantInit

  SafeArrayPutElement

  SafeArrayCreate

  SafeArrayGetElement

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayDestroy

  LoadTypeLi

  UnRegisterTypeLi

  RegisterTypeLi

  VarUI4FromStr

  VarBstrCat

  SysAllocStringLen

  SysFreeString

  SysStringLen

  SysAllocStringByteLen

  SysStringByteLen

  SysAllocString

  shlwapi

  PathAppendW

  Sections

  .text

  Size: 275KB - Virtual size: 275KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 102KB - Virtual size: 101KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 15KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 27KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rmnet

  Size: 56KB - Virtual size: 60KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE