General

Malware Config

Signatures

Files

• e82ef3ffcb3dc60936c3375f53342c3c517d9cdb699ab6f2e7271b05354a9fef

  .exe windows x86

  12ce61c571fd9a9f314ad8c9b5354153

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  winmm

  waveOutGetNumDevs

  ws2_32

  WSACleanup

  kernel32

  TlsFree

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  ValidateRect

  gdi32

  EndPage

  winspool.drv

  OpenPrinterA

  advapi32

  RegCloseKey

  shell32

  DragAcceptFiles

  ole32

  CLSIDFromString

  oleaut32

  VariantCopyInd

  comctl32

  ord17

  comdlg32

  GetOpenFileNameA

  Exports

  Exports

  ~S���h�S��(ϟi���(u�iS-��r�Ns:���[}�ސx&��A����?��E�6�썝Rբ��T֟�ˊH�,��^ �ӫo��X�HLL��Go�!�<,k"��8�{u��& �a�3����H\�C����/���e�d�'�w���b�vn8��"W����߿,�F���HN@��A�ߝ8��Qz�����>wp����^��1_KI�S�B�l�1�-j]��Ng؉ƘkP yN����5�e���������/�CKF
  ���EQZag=����I�jdo���=|�H$��d�MjҸ�A�|̉~ � ��V��;�^G�l_��^���̡' ���� ���{n�,˓�8�Z�~�|���)͠�R7�.`փ���"�?���x�� �fm����'5Ψ�{���d��-;���7��֨��
  �n/�aC�=��+�:�����p��,���4���u5� �����V��헓 6 ����f+D�V�u<, ���h3���^���z���2[��i����#��my�E��4�`]ɐi҂�������5�vo�gqc#4��L;ч+W��z�_�T����� �c^�rf��r��Ą��2���D�4.�W[JA�r���n~�� ��@�P��"�WQ�+�M����zS��C|v[�`���n��R�J�W%��)x���pZϢ�7)/���އ�u*nϒ�gk�fޞ_�Q6yz1u�ĘX�d7]�ջՄ�JW�_<��o��GVo�h�P��k��y�H��˨Li��G�N���Z]�VF��;nh�\�E���EɖC�K5��SFb�r��t ; #�ŭ��k�j.��ɺ�w@Kӕu��"^���2C���%(����ž�D�߼��?�*��Qk3����|@��H�v�r��ع�R,CC��V�d���gӊ��A�f�-!lH�%���S�N�v� #7��ʼ� s1����f��t?�b˸fk:�jw͚���tõ:���'Fa��~��tl2�4�$���這Wb�����4Q�$�1D��j��W��v�9Z��NSD����e[�,:�]�8���j�Gτ�������b�����k{����4�����
  g�H08V��j�TZk�b�|,ٙ1=���N!�~]�.2d�)S���"�;{�-d^Z`zs��4ķ��1���˸1��� y^��W�h.��3dO_��ʭ��6B�p���s鼷Wye��e�:nj=ٜ^hAf&R������������>�ʩݥa{����\8Jy1(Q �^�ۆ��B�HQIXIAvI�:!�t� KdD�P��,�y��<=�ʬ�YC����� 7���V�*�9�u�lQ�›�>~E���k\_�h�|70z[���#�� /='�2�T��ށ�K�g�6@7��WՂ�� ���`�Rq��"�& ���'~��������L��r��,�|�;m�z�6&��s��;>Hk��D�W�K/��F4�j�i�-u�E�!��_�>n�΃G������o��-��#��cpwu6�Û�(�w���E�"SE0�\X��fk�xy���5]"�'vk�n������2%�a~��_<Jǰ�K��Jj>Ȓ���a�0���T�{ ���v��(vN��{6q�����n����y��B_[��&1�s~����˼�S.JEh�a
  xk.��j�!V�� x��]?q��L@�u�#����|.r��_i\��E��(M k�42��h����{ͬ�8���&쇖ki����ʁ��I)�b�n�Nոg㦩ы�o�����_/����޵o6�Bv7�$�U�HC����wMlJ@ޗzo�[,^o�7^bx%�R���4�Ԧ��o���6����I ?���E񕮳܎�ӎ��C��,�n�q:
  4)ӐN��W}�~�U�45���Dfܹu�,�L��iF�9�T��Z����OC�}�I���9ݳV��A3�q� ?h2�ߍ�x����(nc�������Te� ���:-�w[aү4A���7�{+�jBk�����"Նb���N�����p%a-��[��B��q;+�ʴ��;-B�}�+�z���;����'�����n^ Ť.%1 d���9*�*��q=m�씋���¥�nj�t{���(߉_���]NP:;�)}��V�%+�x�j�:�0p�Pߩ������7%~��������;� ֜7�=}�R"[�{j/:�J>�19x�jj��o�����qZ�f�Ul ����� ���#[�Hm�H�����P�|5<�����;��쬖��*��uj���;n�r<��59w�j>M��S�љ ��V4vL�(�_̱[���Y�I���<�߯��/�0k������#�`��[�_h=}�sv�������~��?u��&���)��a��XH�P�2�.Ӛ��)򋩊�Pdy��[,�������‚W�+����m�[�*��4H+V�H��`��e��K�C��%l��pu/�\�/�lxb�Y������hw��&��@_�%��)�2_i�����# o�a��$V+���؝~��b{V-oցN�6���� �r�}ɶ(�[��^P��B���H
  �:�J��T���x7s�0|���Pe诬����W�{�+1J�\�7f�2�[�:/����t��f��<��Ms���~H ��[0y��<��O�G �!�n ��U��y�JU�`y�y٨cL9ժZ��
  c��4B�����
  ��mZ_�/:��yx���c(Ą���ׯ����{�j1+;.�ϩRs�8�TJ��K�� '?n_̨��G���.�o��8uS�=�e���br���Kv���S��D1LF���>9�{�vm�Ttl+S�����(��O]����K�U���Z�T
  'Q6}����,��y����k����M���OYh�M �L o#)W�d[��)�D�M�:�R�B����C��JĠM�>2�b��T8=%�k�B� >��v
  ,����Y����֐�E鰮E`��tb�.z�B�!ӑU�ʵy�I�s9��Ϟ�,�����9���R��9�N�b$��JdR�� �Q�h.CJH�Qj|$����5��g��

  Sections

  .text

  Size: - Virtual size: 636KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 8.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 243KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 3.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 8.8MB - Virtual size: 8.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 72KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ