General

Malware Config

Signatures

Files

• 8618b97860f98c505ed4ae93c68c4709ddb20397824dc0123eefcc1d565d3075

  .zip
• winlogin.exe

  .exe windows x86

  524aa3c9404bd6078c3abcbeff12bd88

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  Sleep

  GetModuleFileNameW

  LoadLibraryA

  GetProcAddress

  GetPrivateProfileIntA

  WritePrivateProfileStringA

  FindFirstFileA

  FindNextFileA

  FindClose

  SetCurrentDirectoryA

  CreateToolhelp32Snapshot

  Process32First

  CloseHandle

  Process32Next

  GetConsoleWindow

  GetSystemDirectoryA

  CreateDirectoryA

  GetLastError

  GetModuleFileNameA

  CopyFileA

  CreateMutexA

  CreateThread

  CreateProcessA

  SetFilePointer

  SystemTimeToFileTime

  CreateDirectoryW

  SetFileTime

  WriteFile

  WideCharToMultiByte

  GetFileAttributesW

  ReadFile

  CreateFileW

  MultiByteToWideChar

  GetCurrentDirectoryW

  LocalFileTimeToFileTime

  SetEnvironmentVariableA

  WriteConsoleW

  SetStdHandle

  GetFileAttributesExW

  GetExitCodeProcess

  WaitForSingleObject

  ReadConsoleW

  VirtualFreeEx

  ReadProcessMemory

  WriteProcessMemory

  VirtualAllocEx

  GetTickCount

  OpenProcess

  HeapReAlloc

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCurrentProcessId

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  GetStringTypeW

  HeapFree

  OutputDebugStringW

  GetCurrentThread

  GetCurrentThreadId

  GetThreadTimes

  LoadLibraryExW

  GetSystemTimeAsFileTime

  ExitProcess

  GetModuleHandleExW

  AreFileApisANSI

  HeapAlloc

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetCommandLineW

  RaiseException

  RtlUnwind

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetLastError

  InitializeCriticalSectionAndSpinCount

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetModuleHandleW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetProcessHeap

  GetStdHandle

  GetFileType

  SetEvent

  GetLogicalProcessorInformation

  GetProcessAffinityMask

  InitializeSListHead

  GetVersionExW

  HeapSize

  DeleteFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  FlushFileBuffers

  QueryPerformanceCounter

  SetEndOfFile

  user32

  GetWindowTextA

  wsprintfW

  GetLastInputInfo

  ShowWindow

  FindWindowA

  EnumChildWindows

  GetWindowThreadProcessId

  SendMessageA

  GetClassNameA

  advapi32

  RegCreateKeyExW

  RegCloseKey

  RegSetValueExW

  shell32

  SHGetSpecialFolderPathA

  urlmon

  URLDownloadToFileA

  Sections

  .text

  Size: 163KB - Virtual size: 163KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 48KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 9KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ