General

Malware Config

Signatures

Files

• d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078

  .exe windows x64

  de374bd0d52433ab46e2fe7e4daf1ffe

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  LCMapStringW

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  MessageBoxW

  advapi32

  AdjustTokenPrivileges

  ws2_32

  select

  Exports

  Exports

  �PhŶޘj�u0�ik�תE��ð,/�J��f���p0u誌8�5�� &{��(WU� y�� ��}b6 �4ˋ��=���i��S�-i&�� �:p�V3��s��]�)�t��V(7��H��3ӫt��h���->9]&mo ��qщ�o�K�!��7�DQ�Fc�T.�y�d.k�O�(|�����m,o��0�^z�.˧CD� ̼�����ғ{�� j�K|9�;�����F���]�: ���l�|<� ����;�g�{j�J�a�y� DGĈ��i��_�'��$-1+T�����_0h�q�r�4���Πr�~S��۱��.�6 !�8��V��/���y\^߯I�cL���;.�9]�#;&n��JeF���YI��s7���+vH���<B��w$��W뫝����[�JӅL�#��F�T���Pz�5]/�<��|O���J��z7:�ד~�1f/g���8���a����5�r��G�r��
  8Uf���u�-F�Ɩ�^RZD�<6׻���3��X��<�8^z�R�^����TP=�7 *�p��E+z?�����)��]�M3p�X�6��2�vQ ����W �䠐Ǿ�&��� k���&��$Qt�e�-�s�A&���Bm3o#ެ6�SО?�D&D�3�"OM3<��|���ѷ�N65�3����u�R�H�X Y���獼E��[�M��9�;5|��j�e�bJ�����n݃�dF��Q3/u"ڣ���[?#��g���a�*��.���Nj�{����ŸD1�������]F��š4���0
  �fuw�x���5{��Y�L��x9���7���Z��Ww-��?��� ��[��3���v��L�!��s��R����-;|cm~�RA��&����ﭠ��Pf8�����M�����:��������B�iE���8R��+}�vى� E���oT:�jLˎ?�:`�~�i�F3B�M��$�NϧC�{`da'<�qE}q�2�\�? ��=~��F\����l���6����d�Rw �՗P7���d����$��������u��5Q�� �@/?$"���h�J�Ǡ1�]�p^�t"��2▾���h�%�q^@,���r!�9
  p����51�g(���'��G�8b������_�_`C�>��cu���9�s�TH-�pb��f����#�4X&�ș&d��3��lp������g|���ѹ`����}��=��I],��!\?rZ����b_e�Sw����Y�G�_]�jτ��iP���=ʊrO~�ZU[�c�D��������=��+�����c\?ծ��-Y�:Gx��#� �Gs�ת�b�S�Oo���aU����[��9f��
  T��1$xML�R�V�]�5=~O�2$��2���������8����b�8�deOP����}o�AVGc�(��}R@^�T·\���(�a7 y�Xv�m��]Y�A�j�@��D]�t����i��l��G��5
  ���wŗ�/�����R�]��][���ٮ�Uz�m(�˵W,
  [��{p�{oC#��Xn�%qK��{ ��i;!)�.�mi�����/f��>T�rc9L�X�� ��p�ŸC����ۖ�`��+tY��Tc� �G:` �6����D��1����,N2����ͥ�YΈ� 4s�E �3ݧ :Q1�(�:F#&Tf���ø[^��uD`�N�&��3&A����p�� �zF�Fq�^j^'�W֘��6'"� ��a-)^��U�a��$ V�xZt�X�K`_��bl��F��DV������\4� �pB;���.8��j�@�@�o栅*b�=cV�A�~e��#D���6Hk�ˡ.VÍ��E6��KȽ���I��p�B�*p��wX�i��&p1�+o�N�ޡL�$O�� F�t����h;E1� �@��y0�`q��h�i�D�"[ᬚ�x�����/��o�ʜ���gs7),A����t!�BD���R��+%nE˟%p��4tksC�"�ӵ������ \f& �=z���$���#%��B����v�Eĸ� ,0,?���@~^8�龪z���1j���k��=��s7yYޯw��!�Đ�#��ĭÞ�~��B��LK�!�R�{8h�!�n���� ��Byvy��U���7O�w�vT����P�E:$N��wWy�'���ƽrk�5$C3��7����N\���Ф����;��"�ʻ5��y�֧��+�ڷ�Y��c%�8���j]{����L��~�����_�'���d[KX��kD���"�%G�: ��K���N��&?�5�����Ŏ�il���#cC3o- ��9!��I̫V�~o��E���˸4����Xo�4���� ��}yU��3f5WK֌��B=ʞ���=��c������<��TK�.s#W��#������7~��2ϓ�)���=��T.uM,���K<1;q.�3^\y&�Ow��j �>�}�yڬ��k�x�*��3}�m-<�0-í�zK\��Q8Qe��\ Ψ�~��ڂ��bK���Oy�VY�0�.ˣ=l��0�?��$x C��u��C���7y�!�9��Q������z�g��沃P���(�q�q4�����0�����~�i���T�0O�`2��ηP�A��<h�C���f��ߖ���@Δ�Ү8�a�/9�*�s��Ǹ����J3|g,�(^�ͥ8uu)>#R����� �N���t���m���0E.�¹S�D�6w��R5\؆�2?�"Q\I{%U|�0��P�����0�vAĬB-�t��r�e{���NzW|�Hq�|H]��ߞ�m�(���_As��r�F�+�6�����k�� �����ڬv(rB�H� �`�a�j�*���:O?��޵�e<��N2p��D+rs����GL�5�D�T{��Wf���:V�˅�6O�LI�,���U��?e�p� d1ءܨL�#�>�u���;�}Ҭ�B����L�9G sF5��ǒ�#����4�~�����^jM�Qn�<lk����K�l�h������@��_�L��\���ZT9_)�e�S���?��Π,�>�

  Sections

  .text

  Size: - Virtual size: 668KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 274KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 190KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 2B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 128B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 636B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ