General

Malware Config

Signatures

Files

• e0045f0f6a83c592ff27cd83466956224be167d9e3205dc8e80e2a98185332ca

  .exe windows x86

  fd982d2ffc2625d904aa7e652b6bc750

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteW

  SHBrowseForFolderW

  ole32

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  OleUninitialize

  advapi32

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  RegOpenKeyExW

  RegEnumKeyW

  RegCloseKey

  gdi32

  SetTextColor

  SetBkMode

  CreateFontIndirectW

  CreateBrushIndirect

  DeleteObject

  GetDeviceCaps

  SetBkColor

  SelectObject

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  kernel32

  GetStringTypeA

  GetStringTypeW

  GlobalAlloc

  LCMapStringW

  LCMapStringA

  GetLocaleInfoA

  GetModuleFileNameA

  GetCommandLineW

  FlushViewOfFile

  GetExitCodeProcess

  SetFileApisToOEM

  RemoveVectoredExceptionHandler

  GetThreadIOPendingFlag

  CloseHandle

  GetCurrentThread

  FindNextChangeNotification

  DecodeSystemPointer

  GetVersion

  GetNamedPipeInfo

  GetProcessAffinityMask

  GetNamedPipeHandleStateA

  EncodeSystemPointer

  SetHandleCount

  OpenProcess

  GetExitCodeThread

  GetCurrentProcess

  GlobalUnlock

  GetModuleFileNameW

  GetProcessId

  FindFirstFileExW

  GetCommMask

  CancelIo

  ResetEvent

  DisableThreadLibraryCalls

  LocalUnlock

  CreateTapePartition

  GetThreadPriorityBoost

  DeactivateActCtx

  RtlCaptureStackBackTrace

  CreateIoCompletionPort

  GetProcessHeap

  ConvertFiberToThread

  GetFileType

  ContinueDebugEvent

  GetProcessHandleCount

  PeekNamedPipe

  GetCommModemStatus

  SetStdHandle

  GetThreadContext

  SetEndOfFile

  SetFileValidData

  SetProcessPriorityBoost

  GetWriteWatch

  lstrcpynA

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  FindClose

  SetFilePointer

  MultiByteToWideChar

  ReadFile

  WriteFile

  MulDiv

  lstrlenA

  WideCharToMultiByte

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  FreeLibrary

  LoadLibraryExW

  GetModuleHandleW

  GlobalFree

  WaitForSingleObject

  ExpandEnvironmentStringsW

  lstrcmpW

  lstrcmpiW

  lstrcmpA

  RemoveDirectoryW

  lstrcpyA

  GetSystemDirectoryW

  GetVersionExW

  lstrcpyW

  GetModuleHandleA

  LoadLibraryA

  GetProcAddress

  lstrcatW

  GetTempFileNameW

  lstrcmpiA

  CreateProcessW

  LoadLibraryW

  CreateThread

  GlobalLock

  GetDiskFreeSpaceW

  lstrcpynW

  lstrlenW

  SetErrorMode

  GetTempPathW

  GetWindowsDirectoryW

  ExitProcess

  CopyFileW

  GetFileSize

  CreateFileW

  GetTickCount

  Sleep

  SetFileAttributesW

  CreateDirectoryW

  GetLastError

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  GetCommandLineA

  GetStartupInfoA

  SetUnhandledExceptionFilter

  GetStdHandle

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  DeleteCriticalSection

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  EnterCriticalSection

  TerminateProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  HeapSize

  Sections

  .text

  Size: 41KB - Virtual size: 40KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 69KB - Virtual size: 69KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ