General

Malware Config

Signatures

Files

• c9d96cd32175f66352bf1c7b6ae0a5144873a0fc28543c73d3f2d7f40228327e

  .exe windows x86

  107f91652b744c91715dee264782ec07

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  gdi32

  SetEnhMetaFileBits

  ntdll

  isalnum

  towlower

  tolower

  isgraph

  isalpha

  iswxdigit

  ispunct

  mbstowcs

  memmove

  isdigit

  strtoul

  strtol

  wcstoul

  labs

  iswlower

  strcspn

  iswdigit

  toupper

  qsort

  isxdigit

  strlen

  strcpy

  sprintf

  strncat

  wcsncmp

  atoi

  strncpy

  shell32

  DuplicateIcon

  DragQueryFileA

  ord179

  ShellExecuteExW

  DragQueryFileW

  Shell_NotifyIconW

  DragQueryPoint

  SHInvokePrinterCommandA

  Shell_NotifyIconA

  SHAppBarMessage

  ExtractIconExA

  user32

  GetWindowTextW

  MessageBeep

  FindWindowExA

  GetKeyboardLayoutList

  SetDlgItemTextW

  MessageBoxW

  EnableWindow

  LoadStringW

  SetWindowTextA

  CreateMDIWindowW

  GetThreadDesktop

  RemovePropW

  ScreenToClient

  LoadCursorW

  DrawFocusRect

  IsCharAlphaW

  EndDialog

  EnumDisplayDevicesW

  SendMessageW

  wvsprintfW

  InSendMessageEx

  LoadMenuA

  GetClassLongA

  GetProcessWindowStation

  RegisterWindowMessageW

  IsWindowEnabled

  AnimateWindow

  TabbedTextOutW

  SetPropW

  OpenInputDesktop

  DrawTextA

  kernel32

  WriteFileGather

  DeleteTimerQueueEx

  CreateFileMappingA

  FlushViewOfFile

  GetDiskFreeSpaceExA

  SetVolumeLabelW

  MulDiv

  DebugBreak

  TerminateJobObject

  SetConsoleActiveScreenBuffer

  Sleep

  GetCurrentDirectoryW

  ProcessIdToSessionId

  PeekConsoleInputA

  GlobalLock

  GetSystemDefaultLangID

  ReadConsoleOutputCharacterA

  ReadFile

  GetCurrentThread

  GetFileAttributesExW

  AddAtomW

  GetCurrencyFormatA

  ReplaceFileW

  WriteProfileStringW

  GetSystemDefaultUILanguage

  PeekNamedPipe

  DebugBreakProcess

  GetCommandLineW

  SetFileAttributesA

  GetPrivateProfileIntW

  InterlockedIncrement

  GetShortPathNameW

  CreateDirectoryExW

  FindActCtxSectionGuid

  SetProcessWorkingSetSize

  RemoveDirectoryA

  GetTempFileNameA

  IsValidCodePage

  UnhandledExceptionFilter

  FindAtomA

  GetSystemDirectoryA

  lstrcpynA

  QueryMemoryResourceNotification

  SetConsoleTitleA

  ChangeTimerQueueTimer

  TryEnterCriticalSection

  OpenProcess

  GetWindowsDirectoryW

  EnumCalendarInfoA

  GetCPInfoExW

  SystemTimeToFileTime

  VerLanguageNameA

  GetStringTypeExW

  CancelIo

  GetCurrentProcess

  SetLastError

  GetNumberFormatW

  GetLastError

  ExitThread

  GetModuleHandleW

  GetCurrentProcessId

  ResumeThread

  CreateThread

  WaitForSingleObject

  AreFileApisANSI

  GlobalFlags

  WriteConsoleOutputAttribute

  GetACP

  GetLocaleInfoA

  CreateSemaphoreW

  GetProcessHeaps

  CompareFileTime

  CreateJobObjectA

  OutputDebugStringW

  GetCurrencyFormatW

  GetEnvironmentStringsW

  Process32Next

  GetExitCodeProcess

  SuspendThread

  WriteProcessMemory

  FindNextFileA

  InterlockedPopEntrySList

  GetOEMCP

  EnumTimeFormatsA

  SetCommState

  SetFilePointerEx

  FreeEnvironmentStringsW

  Process32FirstW

  ReadConsoleOutputCharacterW

  HeapQueryInformation

  FormatMessageA

  GetSystemTime

  SwitchToThread

  CopyFileW

  SetConsoleWindowInfo

  SetConsoleCursorPosition

  Heap32ListNext

  InterlockedPushEntrySList

  ReadConsoleInputW

  WriteConsoleInputW

  BackupWrite

  GetDiskFreeSpaceA

  GlobalGetAtomNameA

  GetCommModemStatus

  GetComputerNameA

  LocalFileTimeToFileTime

  VirtualProtect

  WritePrivateProfileStringW

  BeginUpdateResourceW

  TransmitCommChar

  FillConsoleOutputAttribute

  GetFileAttributesW

  HeapAlloc

  LocalFlags

  VirtualAllocEx

  SetFirmwareEnvironmentVariableA

  ExpandEnvironmentStringsA

  GetCommMask

  FindResourceA

  CopyFileExA

  EscapeCommFunction

  WriteProfileSectionA

  GenerateConsoleCtrlEvent

  GetPrivateProfileSectionA

  GetComputerNameW

  IsBadHugeReadPtr

  MoveFileWithProgressW

  GetPrivateProfileSectionNamesA

  FileTimeToSystemTime

  HeapSetInformation

  UpdateResourceA

  GetVolumePathNameW

  HeapReAlloc

  MapUserPhysicalPages

  DnsHostnameToComputerNameA

  GetEnvironmentStrings

  Heap32First

  SetCommTimeouts

  WaitForDebugEvent

  FormatMessageW

  DeleteTimerQueueTimer

  GetCompressedFileSizeW

  GetConsoleProcessList

  GetStringTypeW

  SetWaitableTimer

  WritePrivateProfileStructW

  DeactivateActCtx

  GetConsoleWindow

  SetCurrentDirectoryA

  WideCharToMultiByte

  FindNextVolumeA

  FatalExit

  GetWindowsDirectoryA

  GetNumberOfConsoleInputEvents

  lstrcmpW

  Module32FirstW

  BuildCommDCBW

  RegisterWaitForSingleObject

  GetConsoleCP

  FindActCtxSectionStringW

  AddAtomA

  DecodeSystemPointer

  TlsFree

  VirtualFree

  IsDBCSLeadByte

  FindFirstFileExW

  Toolhelp32ReadProcessMemory

  ResetEvent

  EnumTimeFormatsW

  DeleteFileW

  PostQueuedCompletionStatus

  SetProcessShutdownParameters

  GetFileInformationByHandle

  GetStartupInfoW

  FillConsoleOutputCharacterA

  GetDiskFreeSpaceW

  GetStringTypeA

  SetFileValidData

  FatalAppExitA

  TlsAlloc

  EnumResourceLanguagesW

  TlsSetValue

  GetSystemTimeAsFileTime

  UnmapViewOfFile

  SetSystemTime

  FindVolumeMountPointClose

  lstrlenW

  GetSystemRegistryQuota

  LoadLibraryA

  DeleteFiber

  BackupSeek

  WritePrivateProfileStringA

  GetLogicalDrives

  GetProfileIntW

  QueueUserWorkItem

  OpenJobObjectW

  ReadDirectoryChangesW

  EncodeSystemPointer

  SetStdHandle

  ReadConsoleInputA

  GetCalendarInfoA

  LocalHandle

  lstrcmpiW

  BackupRead

  PeekConsoleInputW

  GetFirmwareEnvironmentVariableA

  GetThreadSelectorEntry

  ReadFileEx

  LoadLibraryExW

  CancelIo

  GetThreadLocale

  CreateJobSet

  IsBadStringPtrW

  SetThreadPriorityBoost

  GetVolumeNameForVolumeMountPointA

  AddVectoredExceptionHandler

  GetProfileIntA

  UpdateResourceW

  lstrcmpA

  CreateTimerQueueTimer

  VirtualUnlock

  SetConsoleCursorInfo

  EnumSystemLanguageGroupsA

  GetUserGeoID

  GetStringTypeExA

  HeapFree

  GetVolumePathNamesForVolumeNameA

  GlobalFree

  SetDefaultCommConfigW

  GlobalUnWire

  GetPrivateProfileStringW

  CreateDirectoryExA

  LockFile

  SwitchToFiber

  GetSystemTimeAdjustment

  Process32NextW

  GetModuleFileNameW

  Thread32First

  ScrollConsoleScreenBufferW

  GetDefaultCommConfigA

  InterlockedFlushSList

  CreateEventW

  SetTimeZoneInformation

  CommConfigDialogA

  GetConsoleMode

  LocalLock

  CompareStringA

  DeviceIoControl

  ContinueDebugEvent

  OpenFileMappingA

  WaitForMultipleObjectsEx

  DisableThreadLibraryCalls

  SetTapeParameters

  CreateJobObjectW

  IsBadStringPtrA

  RequestWakeupLatency

  GetOverlappedResult

  CreateMutexW

  GetSystemPowerStatus

  EnterCriticalSection

  GetLocalTime

  ExpandEnvironmentStringsW

  ReleaseActCtx

  SetFirmwareEnvironmentVariableW

  FreeEnvironmentStringsA

  GetProcessWorkingSetSize

  SetCommMask

  MoveFileExA

  SetConsoleTextAttribute

  GetTapeParameters

  EnumDateFormatsA

  LocalCompact

  WaitCommEvent

  DeleteVolumeMountPointW

  DisconnectNamedPipe

  CompareStringW

  GetProfileStringW

  FindFirstFileExA

  GetNamedPipeHandleStateW

  IsWow64Process

  SetThreadAffinityMask

  SetTimerQueueTimer

  ReleaseMutex

  CreatePipe

  VirtualAlloc

  GetProcessAffinityMask

  GetPrivateProfileStructW

  TerminateThread

  GetDriveTypeW

  WriteConsoleW

  QueryDosDeviceA

  GetTapeStatus

  FindAtomW

  SetThreadLocale

  Thread32Next

  MoveFileW

  UnlockFile

  GetProcessHandleCount

  VirtualQueryEx

  CancelTimerQueueTimer

  CreateDirectoryW

  WriteConsoleA

  GetEnvironmentVariableW

  LoadLibraryW

  CreateFileW

  GetMailslotInfo

  EnumResourceTypesW

  GetModuleFileNameA

  LCMapStringA

  DeleteCriticalSection

  CreateProcessA

  QueryDepthSList

  FindClose

  FindFirstVolumeW

  GetLargestConsoleWindowSize

  BuildCommDCBAndTimeoutsW

  VirtualProtectEx

  GetThreadTimes

  VirtualQuery

  GetComputerNameExA

  EnumUILanguagesA

  SetConsoleTitleW

  SetEvent

  GetNumberFormatA

  SetFileShortNameA

  FindResourceW

  EnumResourceTypesA

  GetFileTime

  GetProfileStringA

  FoldStringA

  GlobalGetAtomNameW

  BuildCommDCBAndTimeoutsA

  GetProcessTimes

  lstrcmpiA

  FreeLibrary

  SetFileApisToANSI

  SetUnhandledExceptionFilter

  GetConsoleScreenBufferInfo

  CreateRemoteThread

  GetLogicalDriveStringsW

  OpenSemaphoreA

  GetConsoleDisplayMode

  LoadLibraryExA

  GetAtomNameA

  CreateMailslotW

  CreateFiberEx

  GetSystemInfo

  EnumUILanguagesW

  AttachConsole

  FreeUserPhysicalPages

  lstrlenA

  OpenFile

  EraseTape

  FindNextVolumeMountPointW

  IsBadHugeWritePtr

  SetThreadContext

  GetFirmwareEnvironmentVariableW

  GetFileAttributesA

  QueryDosDeviceW

  GetDevicePowerState

  GetVolumeNameForVolumeMountPointW

  EnumDateFormatsExW

  GetExitCodeThread

  ConvertThreadToFiber

  IsBadWritePtr

  GetVolumeInformationA

  RemoveDirectoryW

  DeleteVolumeMountPointA

  GetShortPathNameA

  DefineDosDeviceA

  GetBinaryTypeW

  Module32First

  CreateTapePartition

  ReadConsoleOutputA

  ResetWriteWatch

  SetSystemPowerState

  EnumResourceNamesW

  GetNamedPipeHandleStateA

  GlobalAddAtomA

  GetTempFileNameW

  MapViewOfFileEx

  FindNextVolumeW

  ReadFileScatter

  OutputDebugStringA

  CreateProcessW

  lstrcatW

  DebugSetProcessKillOnExit

  QueryPerformanceCounter

  ConnectNamedPipe

  EnumResourceLanguagesA

  GlobalCompact

  GetTimeZoneInformation

  GetCommTimeouts

  GetAtomNameW

  DefineDosDeviceW

  FindFirstVolumeA

  SetThreadExecutionState

  msvcrt

  fputws

  iswalnum

  system

  wscanf

  putchar

  perror

  fputc

  vwprintf

  tmpfile

  exit

  setlocale

  strxfrm

  scanf

  wcstod

  fgets

  putwc

  feof

  vprintf

  strtod

  fgetc

  getc

  fwrite

  srand

  vfprintf

  fgetpos

  mblen

  wcscoll

  iswupper

  fgetwc

  strcoll

  ferror

  mbtowc

  getwc

  fseek

  setbuf

  rename

  oleaut32

  VarR4CmpR8

  VarCyRound

  VarUI4FromBool

  VarCyFromI1

  VarCyFromUI2

  VarUI2FromStr

  VarBstrFromR8

  VarI4FromR4

  urlmon

  CreateURLMonikerEx

  RevokeFormatEnumerator

  FindMediaTypeClass

  RegisterFormatEnumerator

  GetClassURL

  CreateAsyncBindCtx

  ReleaseBindInfo

  FaultInIEFeature

  CoInternetCreateSecurityManager

  HlinkNavigateMoniker

  GetClassFileOrMime

  clusapi

  GetClusterResourceKey

  ClusterEnum

  SetClusterResourceName

  ClusterRegOpenKey

  ClusterNodeControl

  OfflineClusterResource

  ClusterRegCloseKey

  ClusterRegSetKeySecurity

  OpenCluster

  AddClusterResourceNode

  GetClusterResourceTypeKey

  ClusterNetworkEnum

  ClusterRegQueryInfoKey

  GetClusterInformation

  PauseClusterNode

  RemoveClusterResourceDependency

  ClusterGroupCloseEnum

  pdh

  PdhCloseQuery

  PdhGetLogFileSize

  PdhGetCounterInfoA

  PdhGetDataSourceTimeRangeA

  PdhMakeCounterPathW

  PdhCalculateCounterFromRawValue

  PdhReadRawLogRecord

  PdhLookupPerfNameByIndexW

  PdhGetCounterInfoW

  PdhExpandWildCardPathW

  PdhRemoveCounter

  PdhGetRawCounterValue

  mprapi

  MprInfoRemoveAll

  MprAdminConnectionGetInfo

  MprConfigInterfaceCreate

  MprConfigInterfaceTransportAdd

  MprAdminMIBEntryGet

  MprConfigTransportCreate

  MprAdminServerGetInfo

  MprConfigInterfaceTransportSetInfo

  MprAdminMIBEntrySet

  MprConfigTransportGetInfo

  MprAdminDeviceEnum

  Sections

  .text

  Size: 64KB - Virtual size: 64KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1016B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ