General

Malware Config

Signatures

Files

• 8f8ef3b449352f7379dfa85ec4cb2eb00e4901db3ecc2f68cc81be62f359f898

  .exe windows x86

  4cfbaeddf022e46ce0257b5724c20712

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteW

  SHBrowseForFolderW

  ole32

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  OleUninitialize

  advapi32

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  RegOpenKeyExW

  RegEnumKeyW

  RegCloseKey

  gdi32

  SetTextColor

  SetBkMode

  CreateFontIndirectW

  CreateBrushIndirect

  DeleteObject

  GetDeviceCaps

  SetBkColor

  SelectObject

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  kernel32

  InitializeCriticalSectionAndSpinCount

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  HeapSize

  FreeLibrary

  SetHandleCount

  ResetWriteWatch

  GetNamedPipeHandleStateA

  GetWriteWatch

  FlushViewOfFile

  LockFileEx

  GetCurrentProcess

  GetProcessAffinityMask

  MapUserPhysicalPagesScatter

  GetProcessPriorityBoost

  GetThreadPriority

  ConvertThreadToFiber

  TlsSetValue

  GetNamedPipeInfo

  GetFileAttributesExW

  GetCommTimeouts

  ReplaceFileA

  IsWow64Process

  ConvertFiberToThread

  OpenProcess

  SetCommState

  ReleaseMutex

  PeekNamedPipe

  GetCurrentThreadId

  GetStdHandle

  RequestDeviceWakeup

  SetTapePosition

  GetProcessHandleCount

  LockResource

  GetPriorityClass

  FindNextChangeNotification

  DeactivateActCtx

  GlobalUnfix

  PulseEvent

  GetAtomNameW

  GetProcessIoCounters

  SetPriorityClass

  FindFirstFileExW

  CreateTapePartition

  GetCommandLineA

  GetModuleFileNameW

  GetThreadTimes

  FreeResource

  GetNumaNodeProcessorMask

  CreateJobSet

  SetHandleInformation

  FindVolumeClose

  SetCommBreak

  GlobalWire

  ContinueDebugEvent

  SetFileApisToOEM

  LocalCompact

  CancelWaitableTimer

  FreeEnvironmentStringsA

  SetSystemPowerState

  EscapeCommFunction

  GlobalUnWire

  GetLastError

  lstrcpynA

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  FindClose

  SetFilePointer

  MultiByteToWideChar

  ReadFile

  WriteFile

  MulDiv

  lstrlenA

  WideCharToMultiByte

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  LoadLibraryExW

  GetModuleHandleW

  GlobalFree

  GetExitCodeProcess

  WaitForSingleObject

  GlobalAlloc

  ExpandEnvironmentStringsW

  lstrcmpW

  lstrcmpiW

  lstrcmpA

  RemoveDirectoryW

  lstrcpyA

  GetVersion

  GetSystemDirectoryW

  GetVersionExW

  lstrcpyW

  GetModuleHandleA

  LoadLibraryA

  GetProcAddress

  lstrcatW

  GetTempFileNameW

  lstrcmpiA

  CreateProcessW

  LoadLibraryW

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  lstrcpynW

  lstrlenW

  CloseHandle

  SetErrorMode

  GetCommandLineW

  GetTempPathW

  GetWindowsDirectoryW

  ExitProcess

  CopyFileW

  GetFileSize

  CreateFileW

  GetTickCount

  Sleep

  SetFileAttributesW

  CreateDirectoryW

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  GetStartupInfoA

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsFree

  SetLastError

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleFileNameA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetFileType

  DeleteCriticalSection

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  LeaveCriticalSection

  EnterCriticalSection

  GetLocaleInfoA

  Sections

  .text

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 125KB - Virtual size: 125KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ