General

Malware Config

Signatures

Files

• 0bee6c9536706aa9a1002efc332725cb2b3ef4e28a97ce7010154a8e81798875

  .exe windows x86

  eca2b8e1817a5705db7a9c97a1a0b275

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  bsutil

  CreateCurrentProcessCrashDump

  rpcrt4

  RpcServerRegisterIfEx

  RpcServerUseProtseqEpW

  RpcServerUnregisterIf

  I_RpcBindingInqLocalClientPID

  NdrServerCall2

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  ole32

  CoTaskMemRealloc

  CoTaskMemAlloc

  CoCreateGuid

  CoCreateInstance

  StringFromGUID2

  CoTaskMemFree

  userenv

  CreateEnvironmentBlock

  DestroyEnvironmentBlock

  kernel32

  MultiByteToWideChar

  SizeofResource

  LoadResource

  FindResourceW

  LoadLibraryExW

  GetCommandLineW

  HeapAlloc

  GetProcessHeap

  HeapFree

  ReleaseMutex

  TlsAlloc

  TlsFree

  TlsGetValue

  Sleep

  CreateMutexA

  GetCurrentProcessId

  ResetEvent

  TlsSetValue

  ResumeThread

  GetTickCount

  SystemTimeToFileTime

  WaitForMultipleObjects

  SetWaitableTimer

  CreateWaitableTimerW

  SetUnhandledExceptionFilter

  LoadLibraryW

  FormatMessageA

  UnmapViewOfFile

  CreateFileMappingA

  OpenFileMappingA

  InterlockedCompareExchange

  MapViewOfFileEx

  InterlockedExchange

  FlushViewOfFile

  EnterCriticalSection

  LeaveCriticalSection

  CreateThread

  CompareStringW

  CompareStringA

  SetEndOfFile

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetLocaleInfoW

  IsValidLocale

  EnumSystemLocalesA

  DeleteCriticalSection

  InitializeCriticalSection

  RaiseException

  lstrlenW

  ProcessIdToSessionId

  GetCurrentThreadId

  FreeLibrary

  OpenProcess

  LocalFree

  SetEvent

  WaitForSingleObject

  ReleaseSemaphore

  GetSystemTimeAsFileTime

  DuplicateHandle

  CreateSemaphoreA

  CreateEventA

  GetModuleFileNameW

  SetLastError

  GetLastError

  CloseHandle

  GetModuleHandleW

  GetProcAddress

  GetCurrentProcess

  GetVersionExW

  CreateDirectoryW

  GetFileAttributesW

  GetUserDefaultLCID

  GetDateFormatA

  GetTimeFormatA

  FlushFileBuffers

  LoadLibraryA

  QueryPerformanceCounter

  GetStartupInfoA

  SetHandleCount

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  IsValidCodePage

  GetOEMCP

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  VirtualAlloc

  VirtualFree

  HeapCreate

  CreateFileA

  GetFileType

  InterlockedDecrement

  InterlockedIncrement

  lstrcmpiW

  LocalAlloc

  GetConsoleMode

  GetConsoleCP

  GetModuleFileNameA

  GetStdHandle

  GetStringTypeW

  GetSystemInfo

  GetStringTypeA

  GetCPInfo

  LCMapStringW

  LCMapStringA

  DeleteFileA

  MoveFileA

  GetTimeZoneInformation

  ExitProcess

  GetModuleHandleA

  ExitThread

  GetStartupInfoW

  IsDebuggerPresent

  UnhandledExceptionFilter

  TerminateProcess

  RtlUnwind

  GetVersionExA

  GetThreadLocale

  GetLocaleInfoA

  CreateProcessW

  CreateToolhelp32Snapshot

  CreateFileW

  Module32FirstW

  FormatMessageW

  SetFilePointer

  ReadFile

  WideCharToMultiByte

  WriteFile

  HeapDestroy

  HeapReAlloc

  HeapSize

  GetACP

  user32

  PostThreadMessageW

  GetSystemMetrics

  LoadStringW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  MessageBoxW

  CharUpperW

  UnregisterClassA

  CharNextW

  advapi32

  CreateServiceW

  CreateProcessAsUserW

  LookupAccountSidW

  StartServiceCtrlDispatcherW

  RegisterServiceCtrlHandlerW

  RegEnumKeyExW

  SetServiceStatus

  RegisterEventSourceW

  ReportEventW

  DeregisterEventSource

  GetTokenInformation

  ControlService

  DeleteService

  OpenSCManagerW

  OpenServiceW

  CloseServiceHandle

  RegQueryInfoKeyW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  GetNamedSecurityInfoW

  SetNamedSecurityInfoW

  GetAclInformation

  GetAce

  GetSidLengthRequired

  InitializeSid

  CopySid

  IsValidSid

  GetLengthSid

  GetSecurityDescriptorLength

  MakeSelfRelativeSD

  GetSecurityDescriptorOwner

  GetSecurityDescriptorGroup

  GetSecurityDescriptorDacl

  GetSecurityDescriptorSacl

  GetSecurityDescriptorControl

  InitializeAcl

  AddAce

  DuplicateTokenEx

  SetTokenInformation

  AllocateAndInitializeSid

  SetEntriesInAclW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetKernelObjectSecurity

  FreeSid

  RegOpenKeyExW

  RegQueryValueExW

  RegCloseKey

  OpenProcessToken

  GetSidSubAuthority

  shell32

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  SHGetMalloc

  oleaut32

  VarUI4FromStr

  wtsapi32

  WTSQueryUserToken

  crypt32

  CertFreeCertificateContext

  CertGetNameStringW

  CertGetNameStringA

  CryptVerifyMessageSignature

  imagehlp

  ImageGetCertificateData

  ImageEnumerateCertificates

  ImageGetCertificateHeader

  wintrust

  WinVerifyTrust

  ws2_32

  send

  bind

  socket

  accept

  closesocket

  recv

  WSACleanup

  WSAGetLastError

  connect

  WSAStartup

  htonl

  ntohl

  ntohs

  setsockopt

  select

  htons

  inet_addr

  inet_ntoa

  gethostbyname

  listen

  __WSAFDIsSet

  Sections

  .text

  Size: 488KB - Virtual size: 487KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 148KB - Virtual size: 144KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 2B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ