General

Malware Config

Signatures

Files

• 98989e34a8ee70f02678696f0c19d202c54f3a4b2c865ab20846663f988d185e

  .exe windows x86

  0bffdc45a16ed8cb911415a79dcfd182

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteW

  SHBrowseForFolderW

  ole32

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  OleUninitialize

  advapi32

  RegDeleteValueW

  RegCloseKey

  RegDeleteKeyW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  RegEnumKeyW

  RegOpenKeyExW

  gdi32

  SetTextColor

  DeleteObject

  SetBkMode

  CreateFontIndirectW

  SelectObject

  GetDeviceCaps

  SetBkColor

  GetStockObject

  GetTextExtentPoint32W

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  kernel32

  InitializeCriticalSectionAndSpinCount

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  HeapSize

  RemoveDirectoryW

  FreeResource

  ResetEvent

  IsSystemResumeAutomatic

  GetTapeStatus

  SetHandleInformation

  AssignProcessToJobObject

  GetFileAttributesExW

  GetExitCodeProcess

  IsProcessInJob

  LockResource

  SetLastError

  GetThreadSelectorEntry

  FlushFileBuffers

  GetModuleFileNameA

  SetHandleCount

  ClearCommBreak

  SetMessageWaitingIndicator

  GetProcessHeap

  RequestWakeupLatency

  GetProcessIoCounters

  CreateFileMappingW

  SetSystemTimeAdjustment

  GetCommTimeouts

  GetCommandLineW

  GlobalDeleteAtom

  GetNamedPipeHandleStateW

  ReplaceFileA

  DecodePointer

  EscapeCommFunction

  MulDiv

  GetThreadIOPendingFlag

  GetLogicalDrives

  GetWriteWatch

  ReleaseMutex

  InitAtomTable

  GetNamedPipeHandleStateA

  DeleteAtom

  SetMailslotInfo

  GetCurrentProcess

  OpenProcess

  GetProcessPriorityBoost

  QueueUserAPC

  lstrcpynA

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  FindClose

  SetFilePointer

  MultiByteToWideChar

  ReadFile

  WriteFile

  lstrlenA

  WideCharToMultiByte

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  FreeLibrary

  LoadLibraryExW

  GetModuleHandleW

  GlobalFree

  WaitForSingleObject

  GlobalAlloc

  ExpandEnvironmentStringsW

  lstrcmpW

  lstrcmpiW

  lstrcmpA

  lstrcpyA

  GetVersion

  GetSystemDirectoryW

  GetVersionExW

  lstrcpyW

  GetModuleHandleA

  LoadLibraryA

  GetProcAddress

  lstrcatW

  GetTempFileNameW

  lstrcmpiA

  CreateProcessW

  LoadLibraryW

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  lstrcpynW

  lstrlenW

  CloseHandle

  SetErrorMode

  GetTempPathW

  GetWindowsDirectoryW

  ExitProcess

  CopyFileW

  GetModuleFileNameW

  GetFileSize

  CreateFileW

  GetTickCount

  Sleep

  SetFileAttributesW

  CreateDirectoryW

  GetLastError

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  GetCommandLineA

  GetStartupInfoA

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  GetCurrentThreadId

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetStdHandle

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetFileType

  DeleteCriticalSection

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  LeaveCriticalSection

  EnterCriticalSection

  GetLocaleInfoA

  Sections

  .text

  Size: 58KB - Virtual size: 57KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 65KB - Virtual size: 65KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ