General

Malware Config

Signatures

Files

• f7de7b4f13426156c9a8f61f32dfff8a144a92e6496ebbc677684b7f6101cf07

  .exe windows x86

  9e0325cd2d512e1ed96da254c557fcce

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shlwapi

  PathIsRelativeA

  SHDeleteValueA

  SHDeleteKeyA

  PathRemoveArgsA

  SHGetValueA

  SHDeleteKeyW

  PathFindFileNameW

  PathFileExistsW

  StrStrIW

  SHSetValueA

  PathRemoveFileSpecW

  PathAppendW

  PathRemoveFileSpecA

  SHGetValueW

  StrStrIA

  PathFileExistsA

  PathIsDirectoryA

  PathFindExtensionA

  PathAppendA

  PathFindFileNameA

  StrStrA

  wininet

  DeleteUrlCacheEntry

  FindNextUrlCacheEntryA

  FindFirstUrlCacheEntryA

  InternetCrackUrlA

  FindFirstUrlCacheEntryW

  FindNextUrlCacheEntryW

  DeleteUrlCacheEntryW

  FindCloseUrlCache

  version

  VerQueryValueA

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  imagehlp

  ImageRvaToVa

  ImageDirectoryEntryToData

  CheckSumMappedFile

  wintrust

  WinVerifyTrust

  CryptCATAdminReleaseCatalogContext

  CryptCATAdminEnumCatalogFromHash

  CryptCATAdminCalcHashFromFileHandle

  CryptCATAdminReleaseContext

  CryptCATCatalogInfoFromContext

  CryptCATAdminAcquireContext

  wtsapi32

  WTSEnumerateProcessesW

  psapi

  EnumProcessModules

  EnumProcesses

  GetModuleFileNameExA

  kernel32

  SystemTimeToFileTime

  SetFileTime

  FileTimeToLocalFileTime

  LocalAlloc

  TlsAlloc

  GlobalHandle

  TlsFree

  GlobalReAlloc

  TlsSetValue

  LocalReAlloc

  TlsGetValue

  GlobalFlags

  GetProcessVersion

  SetErrorMode

  GetStartupInfoW

  RtlUnwind

  GetSystemTime

  ExitThread

  RaiseException

  SetStdHandle

  GetFileType

  HeapReAlloc

  HeapSize

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetEnvironmentStrings

  GetCommandLineW

  GetCommandLineA

  SetHandleCount

  GetStdHandle

  GetStartupInfoA

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  IsBadWritePtr

  LCMapStringA

  LCMapStringW

  IsBadReadPtr

  IsBadCodePtr

  GetStringTypeA

  GetStringTypeW

  GetCPInfo

  GetCurrentDirectoryA

  GetDriveTypeA

  CompareStringA

  CompareStringW

  GetOEMCP

  SetEnvironmentVariableA

  LocalFileTimeToFileTime

  GetFileTime

  ReleaseMutex

  CreateMutexW

  GetShortPathNameW

  lstrcmpiW

  GetFullPathNameW

  lstrcpynW

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  DuplicateHandle

  GetThreadLocale

  lstrcatW

  GlobalAddAtomW

  GlobalFindAtomW

  GetModuleHandleW

  FormatMessageW

  LocalFree

  SetLastError

  lstrlenA

  InterlockedDecrement

  InterlockedIncrement

  lstrcmpW

  GlobalDeleteAtom

  GetCurrentThread

  GlobalAddAtomA

  GetProfileStringA

  GetFileInformationByHandle

  CreateRemoteThread

  GetVolumeInformationA

  RemoveDirectoryA

  GetFileAttributesA

  CreateFileMappingA

  Module32First

  ReadProcessMemory

  Module32Next

  Process32First

  Process32Next

  DeviceIoControl

  GetLongPathNameA

  lstrcatA

  CopyFileA

  MoveFileExA

  FlushInstructionCache

  VirtualProtect

  VirtualQuery

  CreateEventA

  GetTempPathA

  GetTempFileNameA

  lstrcpyA

  FindResourceA

  lstrcpynA

  GetEnvironmentVariableA

  GetSystemDirectoryA

  WideCharToMultiByte

  ExpandEnvironmentStringsA

  FreeLibrary

  GetLastError

  GetProcAddress

  lstrlenW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  GetFileSize

  CreateFileA

  GetCurrentProcess

  OpenProcess

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  Module32NextW

  Module32FirstW

  FindClose

  FindNextFileA

  FindFirstFileA

  MultiByteToWideChar

  lstrcmpiA

  GetPrivateProfileStringA

  Sleep

  CreateThread

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  GetTimeZoneInformation

  GetFileAttributesExA

  GetVersionExW

  GetModuleFileNameA

  LoadLibraryW

  GetModuleFileNameW

  CreateMutexA

  GetShortPathNameA

  SetUnhandledExceptionFilter

  GetTickCount

  FindFirstFileW

  GetSystemDefaultLangID

  DeleteFileA

  SetFileAttributesA

  GetWindowsDirectoryA

  ExitProcess

  GetCurrentThreadId

  CreateEventW

  DeleteFileW

  WaitForSingleObject

  SetPriorityClass

  GetCurrentProcessId

  SetProcessWorkingSetSize

  SetEvent

  LockResource

  LoadResource

  FindResourceW

  GlobalAlloc

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GlobalUnlock

  GlobalLock

  WinExec

  TerminateProcess

  CreateDirectoryA

  FindNextFileW

  GetPrivateProfileIntW

  SetFileAttributesW

  lstrcpyW

  GetDriveTypeW

  GetLogicalDrives

  EnterCriticalSection

  CreateDirectoryW

  TerminateThread

  GetExitCodeThread

  GetTempPathW

  GetFileAttributesW

  FindCloseChangeNotification

  FindNextChangeNotification

  WaitForMultipleObjects

  FindFirstChangeNotificationW

  GetVolumeInformationW

  InterlockedExchange

  GetLongPathNameW

  ResetEvent

  lstrcmpA

  WriteProcessMemory

  CopyFileW

  RemoveDirectoryW

  HeapFree

  HeapAlloc

  GetProcessHeap

  LeaveCriticalSection

  GetVersionExA

  GetModuleHandleA

  GetSystemInfo

  LoadLibraryA

  InitializeCriticalSection

  DeleteCriticalSection

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  WriteFile

  ReadFile

  CreateFileW

  GetPrivateProfileIntA

  WritePrivateProfileStringA

  GetVersion

  GetACP

  GetLocaleInfoW

  GetWindowsDirectoryW

  ResumeThread

  MulDiv

  SizeofResource

  FreeResource

  GlobalFree

  CreateProcessW

  OutputDebugStringA

  GetLocalTime

  user32

  LoadImageW

  RegisterClassExA

  CreateWindowExA

  SetMenu

  IsRectEmpty

  GetWindowInfo

  IsZoomed

  PostThreadMessageW

  GetNextDlgGroupItem

  CopyAcceleratorTableW

  GetSysColorBrush

  GetDesktopWindow

  LoadStringW

  InflateRect

  CharUpperW

  GetWindowDC

  CharNextW

  WindowFromPoint

  ShowWindow

  MoveWindow

  IsDialogMessageW

  PostMessageA

  SetWindowRgn

  RemovePropA

  SetPropA

  SetWindowLongA

  GetSystemMetrics

  LoadStringA

  CharLowerA

  EnableWindow

  SendMessageW

  IsWindow

  MessageBoxW

  InvalidateRect

  CallNextHookEx

  GetDlgItem

  GetWindowTextA

  GetClassNameA

  SetWindowsHookExW

  RegisterWindowMessageW

  LoadIconW

  GetWindowRect

  GetClientRect

  KillTimer

  PostMessageW

  SetWindowPos

  RegisterWindowMessageA

  SetTimer

  DrawIcon

  IsIconic

  UnhookWindowsHookEx

  OffsetRect

  MapDialogRect

  MessageBoxA

  IsWindowVisible

  wsprintfW

  CloseClipboard

  GetClipboardData

  UpdateWindow

  SendDlgItemMessageW

  SendDlgItemMessageA

  MapWindowPoints

  SetFocus

  AdjustWindowRectEx

  EqualRect

  GetScrollInfo

  SetScrollInfo

  ShowScrollBar

  GetScrollRange

  SetScrollRange

  GetScrollPos

  SetScrollPos

  GetTopWindow

  IsChild

  GetCapture

  WinHelpW

  GetClassInfoW

  RegisterClassW

  GetWindowTextLengthW

  GetDlgCtrlID

  CreateWindowExW

  SetPropW

  GetPropW

  RemovePropW

  GetMessageTime

  IsClipboardFormatAvailable

  OpenClipboard

  UnregisterClassW

  GetWindowTextLengthA

  HideCaret

  ShowCaret

  ExcludeUpdateRgn

  DrawFocusRect

  GetClassInfoA

  DefDlgProcA

  CharNextA

  IsWindowUnicode

  CreateIconIndirect

  DrawTextExA

  LoadImageA

  DestroyCursor

  CharUpperA

  DrawMenuBar

  IsMenu

  GetWindowWord

  SetWindowWord

  DrawStateA

  CharUpperBuffA

  GetIconInfo

  EnableScrollBar

  GetClassLongA

  GetForegroundWindow

  GetWindowPlacement

  RegisterClipboardFormatW

  GetWindow

  SetWindowContextHelpId

  EndDialog

  CreateDialogIndirectParamW

  DestroyWindow

  GetMenuCheckMarkDimensions

  LoadBitmapW

  GetMenuState

  SetMenuItemBitmaps

  CheckMenuItem

  EnableMenuItem

  GetNextDlgTabItem

  GetMessageW

  GetActiveWindow

  ValidateRect

  PeekMessageW

  GetLastActivePopup

  IsWindowEnabled

  PostQuitMessage

  GetFocus

  SetActiveWindow

  RedrawWindow

  DrawAnimatedRects

  SetParent

  FindWindowW

  EnumChildWindows

  SystemParametersInfoW

  GetClassNameW

  SetForegroundWindow

  ModifyMenuW

  LoadMenuW

  SetMenuDefaultItem

  CallWindowProcA

  CopyIcon

  GetMessagePos

  MessageBeep

  GrayStringW

  TabbedTextOutW

  CopyRect

  GetSysColor

  GetDC

  ReleaseDC

  SetRect

  IntersectRect

  ExitWindowsEx

  FillRect

  DrawFrameControl

  DrawTextA

  DefWindowProcW

  DrawIconEx

  GetSystemMenu

  InsertMenuItemA

  GetMenuItemInfoA

  LockWindowUpdate

  GetWindowTextW

  BeginPaint

  DrawTextW

  EndPaint

  CallWindowProcW

  DefWindowProcA

  GetMessageA

  DispatchMessageA

  SetWindowsHookExA

  GetWindowLongA

  DrawEdge

  UnregisterClassA

  GetWindowLongW

  SetWindowLongW

  ReleaseCapture

  PtInRect

  SetCursor

  SetCapture

  ClientToScreen

  GetMenuItemID

  GetMenu

  GetMenuItemCount

  GetSubMenu

  ScreenToClient

  TranslateMessage

  DispatchMessageW

  GetParent

  GetKeyState

  DestroyIcon

  LoadCursorW

  SetWindowTextW

  AppendMenuW

  EmptyClipboard

  SetClipboardData

  FindWindowExW

  CreatePopupMenu

  InsertMenuItemW

  GetCursorPos

  TrackPopupMenu

  DestroyMenu

  wsprintfA

  SendMessageA

  GetPropA

  LoadCursorA

  gdi32

  IntersectClipRect

  ExcludeClipRect

  SelectClipRgn

  ScaleWindowExtEx

  SetWindowExtEx

  SetWindowOrgEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SetMapMode

  SetStretchBltMode

  SelectPalette

  RestoreDC

  SaveDC

  GetTextColor

  SetBkColor

  GetClipBox

  PatBlt

  CreateBitmap

  GetStockObject

  Escape

  ExtTextOutW

  TextOutW

  RectVisible

  PtVisible

  LPtoDP

  DPtoLP

  GetViewportExtEx

  GetMapMode

  GetBkColor

  BitBlt

  CreateCompatibleDC

  CreateCompatibleBitmap

  DeleteDC

  GetDeviceCaps

  CreateRectRgnIndirect

  CreateSolidBrush

  MoveToEx

  LineTo

  SetTextColor

  SetBkMode

  GetObjectW

  CreateFontIndirectW

  CreatePen

  SelectObject

  DeleteObject

  GetClipRgn

  CreateRectRgn

  ExtSelectClipRgn

  CreatePatternBrush

  OffsetRgn

  CreateFontIndirectA

  GetTextExtentPointA

  ExtCreateRegion

  GetRegionData

  GetDIBits

  CreateICA

  GetObjectA

  RealizePalette

  Polygon

  CreateDIBitmap

  CreateDIBSection

  SetDIBitsToDevice

  StretchDIBits

  PtInRegion

  GetPixel

  TextOutA

  GetTextExtentPoint32A

  GetRgnBox

  GetTextMetricsA

  UnrealizeObject

  SetBrushOrgEx

  ExtTextOutA

  CombineRgn

  StretchBlt

  ScaleViewportExtEx

  GetWindowExtEx

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  GetFileTitleW

  winspool.drv

  DocumentPropertiesW

  OpenPrinterW

  ClosePrinter

  advapi32

  LookupPrivilegeValueA

  RegDeleteValueW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteKeyW

  RegEnumKeyExW

  RegSetKeySecurity

  RegEnumKeyW

  AllocateAndInitializeSid

  InitializeAcl

  AddAce

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  RegOpenKeyExW

  RegGetKeySecurity

  GetSidIdentifierAuthority

  GetSidSubAuthorityCount

  RegEnumValueA

  RegQueryInfoKeyA

  OpenSCManagerA

  CreateServiceA

  StartServiceA

  RegOpenKeyA

  RegQueryValueA

  GetSidSubAuthority

  RegCreateKeyExA

  RegRestoreKeyA

  RegSaveKeyA

  RegCreateKeyA

  RegFlushKey

  GetUserNameA

  LookupAccountNameA

  SetSecurityDescriptorOwner

  RegSetValueExA

  GetLengthSid

  CopySid

  RegDeleteKeyA

  RegQueryValueExW

  RegCreateKeyW

  GetTokenInformation

  LookupAccountSidA

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenSCManagerW

  OpenServiceA

  QueryServiceStatus

  CloseServiceHandle

  RegEnumValueW

  RegQueryValueExA

  RegOpenKeyExA

  RegQueryInfoKeyW

  RegEnumKeyExA

  RegCloseKey

  FreeSid

  DeleteService

  shell32

  ExtractIconW

  Shell_NotifyIconW

  ShellExecuteW

  SHFileOperationW

  ShellExecuteExW

  SHGetFileInfoW

  SHGetSpecialFolderPathW

  ExtractIconExA

  ShellExecuteA

  SHGetSpecialFolderLocation

  ShellExecuteExA

  SHAppBarMessage

  SHGetPathFromIDListA

  comctl32

  ImageList_Draw

  _TrackMouseEvent

  ImageList_GetIconSize

  ImageList_DrawEx

  ord17

  ImageList_Create

  ImageList_Destroy

  ImageList_GetImageCount

  ImageList_DragLeave

  ImageList_DragEnter

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_EndDrag

  ImageList_BeginDrag

  ImageList_ReplaceIcon

  ImageList_GetIcon

  oledlg

  OleUIBusyW

  ole32

  OleFlushClipboard

  CoRevokeClassObject

  CoRegisterMessageFilter

  CoTaskMemAlloc

  CreateILockBytesOnHGlobal

  StgCreateDocfileOnILockBytes

  StgOpenStorageOnILockBytes

  CoGetClassObject

  CoFreeUnusedLibraries

  OleUninitialize

  OleInitialize

  OleIsCurrentClipboard

  CLSIDFromProgID

  CreateStreamOnHGlobal

  CoTaskMemFree

  CLSIDFromString

  CoInitialize

  CoCreateInstance

  CoUninitialize

  olepro32

  ord253

  ord251

  oleaut32

  SysStringLen

  VariantTimeToSystemTime

  VariantChangeType

  VariantCopy

  SysAllocStringLen

  SysFreeString

  VariantClear

  SysAllocString

  urlmon

  URLDownloadToFileA

  URLDownloadToFileW

  wsock32

  socket

  send

  recv

  closesocket

  connect

  inet_addr

  WSAGetLastError

  WSAStartup

  WSACleanup

  htons

  gethostbyname

  ioctlsocket

  iphlpapi

  GetAdaptersInfo

  msvcrt

  _stricmp

  calloc

  strncpy

  free

  malloc

  fclose

  fwrite

  fopen

  sprintf

  toupper

  strncmp

  realloc

  floor

  ceil

  remove

  atoi

  strtoul

  msvcp60

  ?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

  ??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

  ??_7out_of_range@std@@6B@

  ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

  ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

  ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

  ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

  ?_Xran@std@@YAXXZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

  ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

  ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

  ??1_Lockit@std@@QAE@XZ

  ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

  ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

  ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

  ?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

  ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

  ?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

  ??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

  ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

  ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

  ??0_Lockit@std@@QAE@XZ

  ws2_32

  WSCGetProviderPath

  setsockopt

  getprotobyname

  WSCEnumProtocols

  setupapi

  SetupIterateCabinetA

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 140KB - Virtual size: 138KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 124KB - Virtual size: 257KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 300KB - Virtual size: 299KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ