General

Malware Config

Signatures

Files

• d7f28bf286ba396c51b7e6138248615427c44e18d5fd8bb752484e88b4b2b342

  .exe windows x86

  33c17e00c60b3568c6a41330bf274654

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  MulDiv

  ReadConsoleInputExW

  RtlCaptureStackBackTrace

  CreateEventW

  InterlockedPopEntrySList

  GlobalFix

  EnumTimeFormatsA

  SetFileValidData

  SetConsoleCtrlHandler

  GetDiskFreeSpaceW

  IsDBCSLeadByte

  SetConsoleInputExeNameW

  TlsGetValue

  ExitProcess

  VerifyVersionInfoW

  BaseDumpAppcompatCache

  GetOEMCP

  lstrcmpi

  ResumeThread

  GetCurrentProcess

  CreateDirectoryExA

  GetHandleInformation

  GetPrivateProfileStructA

  LoadLibraryA

  HeapCreate

  RegisterWaitForSingleObjectEx

  GetCommConfig

  OpenProfileUserMapping

  GetConsoleCP

  GetFileSize

  EnumResourceTypesW

  _lopen

  HeapValidate

  _hread

  GetFirmwareEnvironmentVariableA

  SetTermsrvAppInstallMode

  GetModuleHandleExW

  GetProfileStringA

  CreateIoCompletionPort

  FileTimeToLocalFileTime

  WriteConsoleInputVDMA

  QueryPerformanceCounter

  GetSystemDirectoryA

  SetWaitableTimer

  InitAtomTable

  GetTickCount

  GetCompressedFileSizeW

  GetStartupInfoA

  SetSystemTimeAdjustment

  EnumResourceNamesA

  InterlockedFlushSList

  CreateMailslotA

  CreateJobObjectW

  DeleteFileW

  SetComputerNameW

  SetConsoleOutputCP

  VirtualAlloc

  imagehlp

  EnumerateLoadedModules

  SymGetLinePrev64

  CheckSumMappedFile

  SymGetLineFromAddr

  SymRegisterFunctionEntryCallback

  SymGetLineFromName

  ImageDirectoryEntryToDataEx

  SymGetLineFromAddr64

  SymGetModuleInfo

  SymFromName

  MapDebugInformation

  SymGetSymFromName

  EnumerateLoadedModules64

  SymGetSymPrev64

  GetImageConfigInformation

  SymFunctionTableAccess

  SymUnDName

  SymSetContext

  SymFromAddr

  ImageGetDigestStream

  UnMapAndLoad

  SymMatchFileName

  SymUnloadModule

  UnDecorateSymbolName

  UnmapDebugInformation

  BindImage

  UpdateDebugInfoFileEx

  TouchFileTimes

  SymEnumSym

  SymGetSymFromAddr64

  ImageUnload

  SetImageConfigInformation

  ImageGetCertificateHeader

  RemoveRelocations

  FindFileInPath

  fmifs

  QuerySupportedMedia

  FormatEx2

  FormatEx

  SetLabel

  DiskCopy

  QueryDeviceInformationByHandle

  ChkdskEx

  Chkdsk

  QueryDeviceInformation

  EnableVolumeCompression

  QueryAvailableFileSystemFormat

  Extend

  Format

  QueryFileSystemName

  ComputeFmMediaType

  QueryLatestFileSystemVersion

  ntdll

  RtlUpcaseUnicodeToCustomCPN

  RtlAcquireResourceExclusive

  RtlAcquireResourceShared

  _strupr

  ZwAccessCheckByTypeAndAuditAlarm

  RtlAreBitsClear

  _wcsicmp

  NtCreateKeyedEvent

  NtRenameKey

  RtlIdentifierAuthoritySid

  CsrGetProcessId

  RtlDowncaseUnicodeString

  NtSetHighEventPair

  RtlInsertElementGenericTable

  ZwOpenSemaphore

  ZwOpenProcessTokenEx

  NtProtectVirtualMemory

  NtQueryInformationAtom

  NtCompareTokens

  LdrFindResourceEx_U

  RtlQueryRegistryValues

  NtPlugPlayControl

  RtlTraceDatabaseUnlock

  RtlInsertElementGenericTableAvl

  NtWaitForKeyedEvent

  RtlAddAttributeActionToRXact

  ZwSetLowWaitHighEventPair

  RtlCompareUnicodeString

  RtlConvertLongToLargeInteger

  RtlIsTextUnicode

  ZwQueryValueKey

  RtlDosPathNameToNtPathName_U

  RtlFirstFreeAce

  Sections

  .text

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ