General

Malware Config

Signatures

Files

• 121c13e79b29689025903d57eb0806f91b3f215ead187f8bd470b26d1061a59c

  .exe windows x86

  bc9ce0da08997778f2d1e6c96a04adba

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  iphlpapi

  GetAdaptersInfo

  winmm

  waveOutGetNumDevs

  ws2_32

  send

  rasapi32

  RasGetConnectStatusA

  kernel32

  GetStringTypeW

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  SetMenu

  gdi32

  CreateBrushIndirect

  winspool.drv

  DocumentPropertiesA

  advapi32

  RegSetValueExA

  shell32

  DragQueryFileA

  ole32

  OleInitialize

  oleaut32

  RegisterTypeLi

  comctl32

  ImageList_BeginDrag

  wininet

  InternetCloseHandle

  comdlg32

  ChooseColorA

  Exports

  Exports

  -B� ;����2P���&]w�J@�ײqŌ_�)H�ٷ�?����Z3�z� F*Y���9�x4���O���}_�Q�1�G���R#j��Q܅3�����5m��d+�� �Z��J���'�ٺ�2���eg7�20��L�?}5\�'r�p�34�`�����n��YP;r�P�� |����.8�gO%��9��~X�+�[��ڡ�^���E��D�[�L��S��a}EH�5�U�'Unh}ݘ�k6G�-�t�l��:��.հ4�;�R�Y��d0�n����$��j���O�K�7` :P��{�g�Di$�(�Ĵ��N]i��6��"�r�E�7g�&������BՈ{R�Ͷ��z
  ��V/3J�CU��eU�׾$ʵ�zc�ܤYov.z�Fj^aAҮ+�/O�\�#�R�g#�[j�z�")a>Nx0���V�'nt����O��C+֜ήȬ�0XLv�qҺ�eq}g������]�iVGt`�/,�4ٍVbG�2��=�i�eO:uUx������϶���,��~E�Z�޼���./�n�%�0:���l��D ��d�i��~�z�uI��V6�KY���t4~Q��1�
  C�!��U ��EX��?{=lU��f��b0�x�tK&���1H�X�5�ƽ ��[���!�t��G�iOa0�]� �4@)�wNO���c軟�J�5�-�G�ΰ:� 0���݆��c�_����� �8��f��L�>@�Ц�����s���1I�=���s��-J��(�Pm\�@6�ƒ�D "� dK��&� ed$���Kτ��N,�%�R#���ʆ�L�����n �@˞�"B��#>��&^/���XM~����]y�E��tC���˨)��&�=������D� �� T�UAj�S�zA���C�Up���Yp�����v��AN��/��>n.x"��3+P����W�v6|ޜk$Wca|i��V�ֵA!��n)���м������f���h��H\�Ta�]�*D��&�$A]G���!�;R����~���iqd�*%����2�����jU�s�������ǚ֤������v1,�@l�աlj��(q%�VF���={�m���I>Ʃ��qX�B����ˢ߾ؠ�+[��p�r�i�K�%A,l�Ʃc��Q�X�'�n�
  m�E�� %��LA��70!V���U���j� 8kү�̌6��g�Ipf��o���N���=G���:��*/�p�6�0�z2����BL/��$����++ ����g���7u���h��Z�>Ȑ�j������͑6��ҺU����4q}��Df�6$i)�8�0 �s�%v���bQ��U�Y�!
  X��kx��0�������ZZ6:�A%��ۤ[�K+b����Ib�&��Zj#��Gr����i�W%b�:��zk� �=2�Ms7�ռ������~s�s�Yj/%;^���'x.�Y�1�G��bőA��B=�6��n AΔ ��a.��r��~ȲT�� %����,P�Y4il<���J�yJ��mo\� �>���U�����!����&C琢+0�)�i�?��q��� O��/H g�,���ͅȖ��ᔓ�|GG��+�i�Q��5ǧbRj��`�mx����ѱ�MfhF�N�[�ؙ[�0H��k˲祂�ѡRk��U+�M+g���1ߖ�^��TIE�/g�E�>\�2Ak�:/�Hl�%3q�?�^݅�;���?���&��f�� K�<,ݠ*ާ�c�uKҦ|����A��L�N
  �����I ��3�
  idg�\�H�̢!��lr-\{�-�8B�*��m���x��ƿ7[qTk>�1�R�mc��zִ�m���#���>I�o+�eS?/�v-���4���¾����!t(�{��K�{�&��-J�eSR�8g|����Ő����q�i ڸ�ؼ�Ȳɭ�]��%�˲��3f�,/N��R^�;D�)���{��E�f�3PFm>䥑֧c���`con��<Τ�b��f�mD~ֈ�="O?��1�����c��5a,���h��h�vFL�����P��>w�YUm�����<'i��xuF��|G��s���B���E*�o
  -���9".���f��r4��b������c� �q�{�4~�/@\L���OI|�Ro�{_1���̻K�������W�@
  �T�X�c�2nL(.r���7�Dd�|�<��(��QbF����d�U��R8��̚d����E`EB�o�Bĸ�z��5�g:lKlI�-n�Ҵ'�%��^{q�E�+�0`?B���>��l5��X� 1ؽq�������j����H�I�ͅ}%o��Oҵ�tٖ�`�Ɉ+����bQ,Sv�)�ٻd��PM�0��qz~ �z� �@h�����}ܗ�?�V�l�֕�L�������;,�&����A�0(��>A�F�R�8h+�L`G�0���j�"e�����Ɣ6�#/�Ȧ_�m񐥹,�{KY��u�Q\�������8�zsBr� ?�mFrF�bs?��Y���
  $ͧ�څ�ֈY���_7�Xy���?�=c?�M���U���UnQ��'{��9f�t�Q�Zt"��wa�o��&������$`�.[=-�̚ y�w����|���L����K����A��n. ��] f��2�z�P�u1�)�T��M�w>���/��ꗱ�v3&j��g��[5�n��zE�lc���N+�f��d��#�ۗ�| R��$����h��� �s<"�����N'��!������zL�b �->�wJ,�$E��3���E�@I����Fx� ަf�Tkih����5�˞a�k�xjF���p�=�||f�m�^������Aޣ�[�x��1���D��� �f�|�!�է����%"Q��ǭ 4W���<�z����ya���0��&��^��=���� Ⱦ���$̉�mzsW�w����Gv��� ">Z�Z6��$N;�8��P2���0Y����ȑy�q�����_�;��ה�KJ��6բ��0F��g�
  ��q�� �6���PU�ٹ��.��V�a{�u榬�����M�e���$_UY�f^��W��H�=��o�m�

  Sections

  .text

  Size: - Virtual size: 1007KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 384KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 4.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp1

  Size: 7.3MB - Virtual size: 7.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE