General

Malware Config

Signatures

Files

• f2c80893d8b0d6f4c4270eb424e43e8a8922dc963753bdb03c65b1a47ff7358b

  .exe windows x86

  03e8903ea3391ab81a3da3763d40c7dc

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetModuleFileNameA

  GetStartupInfoA

  GetStdHandle

  SetHandleCount

  TlsFree

  TlsAlloc

  TlsSetValue

  WideCharToMultiByte

  RtlUnwind

  GetCommandLineA

  lstrcpynA

  InitializeCriticalSection

  DeleteCriticalSection

  GetModuleHandleW

  GetFileAttributesW

  GetVersion

  VirtualAlloc

  lstrlenW

  VirtualFree

  UnhandledExceptionFilter

  GetTickCount

  GetEnvironmentStringsW

  OutputDebugStringA

  GetModuleFileNameW

  SetLastError

  EnterCriticalSection

  FlushInstructionCache

  SetUnhandledExceptionFilter

  HeapAlloc

  GetSystemTimeAsFileTime

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  GetTimeFormatW

  HeapFree

  ExpandEnvironmentStringsW

  FreeLibrary

  Sleep

  TerminateProcess

  GetCurrentProcess

  QueryPerformanceCounter

  IsBadCodePtr

  lstrcmpiA

  GetProcessHeap

  ResetEvent

  OpenSemaphoreA

  GetEnvironmentVariableA

  HeapCreate

  ReleaseMutex

  WriteFile

  LCMapStringA

  LCMapStringW

  GetCPInfo

  GetOEMCP

  HeapReAlloc

  GetStringTypeA

  GetStringTypeW

  SetStdHandle

  MapViewOfFile

  CreateFileMappingA

  UnmapViewOfFile

  CreateMutexA

  LeaveCriticalSection

  GetVersionExA

  DisableThreadLibraryCalls

  lstrlenA

  GetComputerNameA

  GetModuleHandleA

  CreateProcessA

  GetLastError

  WaitForSingleObject

  lstrcmpiW

  CloseHandle

  user32

  GetDlgItemTextA

  SetForegroundWindow

  LoadStringA

  GetParent

  IsDlgButtonChecked

  CopyRect

  SetWindowPos

  LoadImageA

  DefWindowProcA

  CheckDlgButton

  SetFocus

  GetForegroundWindow

  GetActiveWindow

  SetCursor

  LoadImageW

  ShowCursor

  GetWindowLongA

  EnableWindow

  GetDlgItem

  IsChild

  LoadStringW

  IsIconic

  GetDC

  BeginPaint

  EndPaint

  UnregisterClassA

  LoadCursorA

  RegisterClassA

  GetWindowRect

  advapi32

  GetLengthSid

  InitializeAcl

  AddAccessAllowedAce

  FreeSid

  SetSecurityDescriptorDacl

  AllocateAndInitializeSid

  RegSetValueExA

  RegCreateKeyExA

  RegDeleteKeyA

  RegOpenKeyExA

  RegQueryValueExA

  RegQueryValueExW

  OpenServiceW

  OpenSCManagerW

  RegCloseKey

  RegCreateKeyExW

  RegOpenKeyExW

  QueryServiceStatus

  shell32

  DragQueryFileW

  ole32

  CoTaskMemFree

  CoTaskMemAlloc

  StringFromGUID2

  CoInitialize

  ReleaseStgMedium

  oleaut32

  SysFreeString

  VariantClear

  SysAllocString

  SysAllocStringLen

  SysStringLen

  msvcrt

  wcsncpy

  strncpy

  time

  wcscat

  wcscpy

  swprintf

  memmove

  wcstoul

  wcsrchr

  iswalpha

  free

  wprintf

  wcslen

  malloc

  memset

  printf

  wcsstr

  swscanf

  calloc

  wcsncat

  wcscmp

  wcsspn

  crypt32

  CertNameToStrW

  CertFreeCertificateContext

  CertGetEnhancedKeyUsage

  CertGetCertificateContextProperty

  CertCloseStore

  CertOpenStore

  CertEnumCertificatesInStore

  rpcrt4

  UuidFromStringW

  UuidCreate

  UuidIsNil

  UuidCreateNil

  userenv

  FreeGPOListW

  GetAppliedGPOListW

  ws2_32

  getaddrinfo

  ntohl

  Sections

  .text

  Size: 320KB - Virtual size: 318KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .idata

  Size: 8KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 164KB - Virtual size: 170KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1016B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ