General

Malware Config

Signatures

Files

• 5df8e3fb6218500cb98cfa0fdf0077fd03e2dde3b093d38c90cccf522795ef9c

  .exe windows x86

  1f8c1b501125194a3797c5eb99d7e3cf

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  OutputDebugStringA

  GetModuleHandleA

  CreateThread

  SetErrorMode

  OpenEventA

  GetTickCount

  ReleaseMutex

  GetVersionExA

  GetProcessHeap

  HeapAlloc

  HeapFree

  DeleteFileA

  MoveFileA

  TerminateThread

  InitializeCriticalSection

  OpenProcess

  WriteProcessMemory

  CreateRemoteThread

  GetCurrentProcess

  CreateFileA

  SetFilePointer

  WriteFile

  LocalSize

  LocalFree

  GetWindowsDirectoryA

  GetFileAttributesA

  FreeLibrary

  lstrlenA

  LocalReAlloc

  LocalAlloc

  CancelIo

  SetEvent

  ResetEvent

  WaitForSingleObject

  CloseHandle

  CreateEventA

  LoadLibraryA

  GetProcAddress

  EnterCriticalSection

  LeaveCriticalSection

  VirtualFree

  DeleteCriticalSection

  Sleep

  GetStartupInfoA

  user32

  OpenWindowStationA

  GetProcessWindowStation

  ExitWindowsEx

  GetWindowThreadProcessId

  IsWindowVisible

  GetWindowTextA

  CloseDesktop

  SetThreadDesktop

  OpenInputDesktop

  GetUserObjectInformationA

  GetThreadDesktop

  PostMessageA

  OpenDesktopA

  wsprintfA

  SetProcessWindowStation

  advapi32

  AllocateAndInitializeSid

  AddAccessAllowedAce

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  RegSetKeySecurity

  FreeSid

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  OpenEventLogA

  ClearEventLogA

  CloseEventLog

  RegOpenKeyExA

  RegQueryValueA

  RegOpenKeyA

  SetEntriesInAclA

  GetNamedSecurityInfoA

  BuildExplicitAccessWithNameA

  SetNamedSecurityInfoA

  RegCreateKeyA

  RegSetValueExA

  RegCloseKey

  OpenSCManagerA

  OpenServiceA

  QueryServiceStatus

  ControlService

  DeleteService

  CloseServiceHandle

  GetLengthSid

  RegEnumValueA

  RegEnumKeyExA

  RegQueryValueExA

  RegDeleteValueA

  RegDeleteKeyA

  RegCreateKeyExA

  CreateProcessAsUserA

  SetTokenInformation

  DuplicateTokenEx

  LookupAccountSidA

  GetTokenInformation

  InitializeAcl

  shell32

  SHGetSpecialFolderPathA

  shlwapi

  SHDeleteKeyA

  msvcrt

  exit

  _strnicmp

  _strrev

  _controlfp

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  _acmdln

  _strupr

  _XcptFilter

  _exit

  ??3@YAXPAX@Z

  memcpy

  __CxxFrameHandler

  _CxxThrowException

  memmove

  ceil

  _ftol

  strlen

  strstr

  memset

  ??2@YAPAXI@Z

  strcpy

  malloc

  strcat

  _except_handler3

  strncpy

  strrchr

  strtok

  strncat

  strchr

  atoi

  _beginthreadex

  calloc

  free

  ??1type_info@@UAE@XZ

  ws2_32

  send

  getsockname

  gethostname

  closesocket

  recv

  htons

  connect

  socket

  WSAStartup

  WSACleanup

  WSAIoctl

  setsockopt

  gethostbyname

  select

  ntohs

  wininet

  InternetOpenA

  InternetReadFile

  InternetCloseHandle

  InternetOpenUrlA

  wtsapi32

  WTSFreeMemory

  WTSQueryUserToken

  WTSQuerySessionInformationA

  userenv

  CreateEnvironmentBlock

  Sections

  .text

  Size: 52KB - Virtual size: 51KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  kcagein

  Size: - Virtual size: 4KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE