General

Malware Config

Signatures

Files

• 06c3ad26348c0b4f36fdab83e695157155a98987c2bf6b0b25c7b418b8142b68

  .exe windows x86

  373bf74d5b1987d7a51315a502835709

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  GetSidSubAuthorityCount

  BackupEventLogA

  AbortSystemShutdownA

  ClearEventLogW

  CreateServiceW

  SetThreadToken

  rpcrt4

  I_RpcReceive

  RpcBindingSetObject

  NdrServerInitializeUnmarshall

  NdrInterfacePointerBufferSize

  NdrConformantStringMarshall

  RpcServerInqIf

  RpcAsyncGetCallStatus

  NdrFullPointerFree

  RpcServerRegisterAuthInfoA

  NdrInterfacePointerUnmarshall

  RpcAsyncRegisterInfo

  NdrConformantVaryingStructMemorySize

  NdrVaryingArrayMemorySize

  NdrVaryingArrayFree

  RpcBindingInqAuthClientW

  I_RpcFreePipeBuffer

  NdrFixedArrayMemorySize

  NdrConformantStringBufferSize

  NdrMesTypeDecode

  NdrInterfacePointerFree

  RpcMgmtInqComTimeout

  NdrConformantStructUnmarshall

  RpcBindingSetOption

  RpcIfInqId

  RpcBindingSetAuthInfoExW

  RpcSsDontSerializeContext

  RpcEpRegisterW

  I_RpcAsyncSetHandle

  I_RpcNsBindingSetEntryNameA

  NdrServerCall

  RpcServerUseProtseqEpExW

  NdrInterfacePointerMarshall

  NdrByteCountPointerMarshall

  NdrConformantStringMemorySize

  NdrNonEncapsulatedUnionBufferSize

  I_RpcIfInqTransferSyntaxes

  I_RpcSend

  NdrComplexArrayMemorySize

  NdrRpcSmClientFree

  RpcServerUnregisterIf

  char_from_ndr

  NdrAsyncServerCall

  NdrNonConformantStringMemorySize

  RpcMgmtEpEltInqBegin

  RpcBindingInqAuthInfoExW

  NdrComplexArrayBufferSize

  RpcSmDestroyClientContext

  RpcBindingFromStringBindingW

  RpcMgmtEpEltInqNextA

  NdrInterfacePointerMemorySize

  MesHandleFree

  MesIncrementalHandleReset

  MesEncodeIncrementalHandleCreate

  float_from_ndr

  NdrConformantVaryingArrayUnmarshall

  NdrFullPointerXlatInit

  tree_size_ndr

  NdrByteCountPointerFree

  NdrGetDcomProtocolVersion

  RpcBindingInqAuthInfoW

  NdrXmitOrRepAsBufferSize

  RpcStringBindingParseW

  RpcSmSetClientAllocFree

  RpcMgmtEpEltInqNextW

  NdrFixedArrayBufferSize

  NdrConformantStructBufferSize

  NdrEncapsulatedUnionMarshall

  NdrClearOutParameters

  RpcBindingInqAuthInfoExA

  I_RpcClearMutex

  NdrConformantArrayMarshall

  RpcServerUseProtseqA

  NdrConformantArrayBufferSize

  NdrServerInitializeMarshall

  RpcProtseqVectorFreeW

  NdrConformantVaryingArrayBufferSize

  NdrNonConformantStringMarshall

  NdrComplexStructUnmarshall

  RpcEpUnregister

  RpcBindingSetAuthInfoExA

  RpcMgmtIsServerListening

  RpcServerRegisterIf

  NdrServerContextMarshall

  I_RpcFreeBuffer

  RpcBindingInqOption

  enum_from_ndr

  NdrSimpleTypeMarshall

  NdrComplexStructMarshall

  NdrNonEncapsulatedUnionFree

  NdrGetBuffer

  RpcMgmtSetComTimeout

  RpcServerUseProtseqExA

  I_RpcBindingInqDynamicEndpointA

  RpcMgmtEpEltInqDone

  RpcSmSetThreadHandle

  I_RpcServerRegisterForwardFunction

  RpcServerUseProtseqIfExA

  long_from_ndr_temp

  NdrSimpleStructMarshall

  RpcServerUseProtseqIfExW

  NdrServerInitialize

  NdrComplexArrayMarshall

  NdrFixedArrayFree

  NdrByteCountPointerUnmarshall

  I_RpcReallocPipeBuffer

  RpcSmSwapClientAllocFree

  NdrComplexStructBufferSize

  RpcMgmtInqStats

  NdrStubCall2

  UuidCompare

  I_RpcMapWin32Status

  NdrComplexStructFree

  RpcProtseqVectorFreeA

  MIDL_wchar_strcpy

  NdrFixedArrayMarshall

  NdrSendReceive

  NdrFullPointerXlatFree

  RpcObjectSetType

  RpcSsDestroyClientContext

  RpcBindingInqObject

  NdrVaryingArrayMarshall

  NdrNonEncapsulatedUnionUnmarshall

  RpcBindingFromStringBindingA

  NdrEncapsulatedUnionBufferSize

  NdrSimpleStructBufferSize

  RpcServerInqBindings

  NDRSContextUnmarshallEx

  NdrServerInitializePartial

  RpcRevertToSelf

  I_RpcPauseExecution

  RpcAsyncCancelCall

  NdrSimpleStructFree

  RpcBindingSetAuthInfoW

  I_RpcRequestMutex

  NdrUserMarshalMarshall

  I_RpcBindingIsClientLocal

  RpcServerUseProtseqW

  setupapi

  SetupPromptReboot

  SetupGetSourceFileSizeA

  SetupDiGetDeviceInfoListDetailW

  SetupDiGetDeviceInfoListClass

  SetupGetInfInformationW

  SetupCancelTemporarySourceList

  SetupQueueDefaultCopyA

  SetupDiDeleteDeviceInterfaceData

  SetupDiClassNameFromGuidW

  SetupGetTargetPathW

  SetupCopyOEMInfW

  SetupDiGetDeviceInstallParamsA

  SetupAddInstallSectionToDiskSpaceListW

  SetupDiOpenDeviceInfoW

  SetupDiGetDeviceInterfaceDetailA

  SetupDiRegisterDeviceInfo

  SetupLogErrorW

  SetupDiSetSelectedDriverW

  SetupDuplicateDiskSpaceListA

  SetupDiCreateDeviceInfoListExW

  SetupQueueCopySectionA

  SetupDiInstallClassExA

  SetupAddInstallSectionToDiskSpaceListA

  SetupDiSetDriverInstallParamsA

  SetupInstallFileW

  SetupDiGetDeviceInterfaceDetailW

  SetupGetLineByIndexW

  SetupDiGetClassImageListExA

  SetupDiEnumDriverInfoA

  SetupGetLineByIndexA

  SetupSetSourceListW

  SetupQuerySourceListA

  SetupSetDirectoryIdW

  SetupDiGetClassImageListExW

  SetupOpenAppendInfFileA

  SetupDiGetClassDevsExA

  SetupDiDeleteDevRegKey

  SetupGetSourceFileSizeW

  SetupDiLoadClassIcon

  SetupDiDeleteDeviceInfo

  comdlg32

  ChooseFontW

  PrintDlgW

  GetOpenFileNameA

  GetSaveFileNameA

  ReplaceTextW

  PrintDlgA

  GetFileTitleW

  GetFileTitleA

  GetOpenFileNameW

  ChooseColorW

  FindTextA

  FindTextW

  PageSetupDlgW

  GetSaveFileNameW

  ChooseFontA

  PageSetupDlgA

  ChooseColorA

  imagehlp

  ImageDirectoryEntryToData

  SymUnDName

  SymCleanup

  SymGetSymNext

  SymMatchFileName

  UnmapDebugInformation

  SymGetModuleInfo

  ImagehlpApiVersionEx

  SymFunctionTableAccess

  ImageRvaToVa

  SymGetLineNext

  GetTimestampForLoadedLibrary

  SymEnumerateModules

  ImageGetCertificateHeader

  ImageRvaToSection

  SymGetLinePrev

  SplitSymbols

  SymLoadModule

  FindExecutableImage

  ImageLoad

  ImageUnload

  SymGetLineFromName

  rasapi32

  RasDialA

  RasEnumDevicesA

  RasGetErrorStringW

  RasEditPhonebookEntryW

  RasGetCountryInfoW

  RasEditPhonebookEntryA

  RasHangUpA

  RasEnumConnectionsW

  RasValidateEntryNameW

  RasValidateEntryNameA

  RasEnumDevicesW

  RasDeleteEntryW

  RasRenameEntryW

  RasGetEntryPropertiesA

  RasDeleteEntryA

  RasCreatePhonebookEntryW

  RasGetEntryPropertiesW

  RasSetEntryPropertiesA

  RasSetEntryDialParamsW

  RasGetEntryDialParamsA

  RasGetCountryInfoA

  RasCreatePhonebookEntryA

  RasRenameEntryA

  RasDialW

  RasGetProjectionInfoW

  RasEnumEntriesW

  RasEnumConnectionsA

  RasSetEntryPropertiesW

  RasEnumEntriesA

  RasGetProjectionInfoA

  RasGetConnectStatusA

  RasGetConnectStatusW

  clusapi

  GetClusterNodeId

  ClusterRegEnumKey

  AddClusterResourceNode

  ClusterNetInterfaceControl

  ClusterNodeCloseEnum

  ClusterGroupEnum

  pdh

  PdhBrowseCountersA

  PdhCloseLog

  PdhParseInstanceNameA

  PdhGetDataSourceTimeRangeA

  PdhSelectDataSourceA

  PdhConnectMachineW

  PdhConnectMachineA

  PdhGetRawCounterArrayW

  PdhOpenQueryA

  PdhGetDefaultPerfObjectA

  PdhLookupPerfNameByIndexA

  ole32

  HBITMAP_UserSize

  imm32

  ImmSimulateHotKey

  ImmSetCompositionFontA

  ImmGetRegisterWordStyleA

  ImmGetRegisterWordStyleW

  ImmGetCompositionFontA

  ImmSetStatusWindowPos

  ImmSetCompositionFontW

  ImmIsIME

  ImmAssociateContext

  ImmGetGuideLineA

  ImmGetCandidateListW

  ImmSetCompositionWindow

  ImmRegisterWordW

  ImmDestroyContext

  ImmGetCandidateListCountW

  ImmGetCandidateListA

  ImmNotifyIME

  ImmGetConversionListW

  ImmGetCompositionStringA

  ImmGetDescriptionW

  ImmRegisterWordA

  ImmGetCompositionWindow

  ImmInstallIMEA

  ImmCreateContext

  ImmGetDefaultIMEWnd

  ImmInstallIMEW

  ImmEscapeA

  ImmGetOpenStatus

  ImmGetConversionStatus

  ImmIsUIMessageA

  ImmConfigureIMEW

  ImmSetOpenStatus

  ImmReleaseContext

  ImmEnumRegisterWordA

  ImmGetCandidateWindow

  ImmGetCandidateListCountA

  ImmUnregisterWordA

  ImmEscapeW

  ImmGetStatusWindowPos

  oleaut32

  VarUI4FromDate

  OaBuildVersion

  VarR8FromR4

  comctl32

  ord6

  FlatSB_EnableScrollBar

  ImageList_Destroy

  ImageList_EndDrag

  ImageList_Merge

  ImageList_Copy

  ImageList_LoadImageW

  ord8

  ImageList_SetBkColor

  FlatSB_SetScrollProp

  ord3

  InitializeFlatSB

  ImageList_AddMasked

  FlatSB_GetScrollInfo

  ImageList_GetDragImage

  ImageList_LoadImageA

  FlatSB_GetScrollProp

  CreateStatusWindowW

  InitCommonControlsEx

  ImageList_DragShowNolock

  ImageList_DragMove

  ImageList_Draw

  ord5

  ImageList_Write

  PropertySheetW

  ImageList_SetIconSize

  FlatSB_SetScrollInfo

  ImageList_BeginDrag

  CreateToolbarEx

  _TrackMouseEvent

  ImageList_Remove

  ord16

  ImageList_GetBkColor

  ImageList_Replace

  ord15

  FlatSB_GetScrollRange

  ImageList_GetIconSize

  ord17

  DestroyPropertySheetPage

  ord4

  ImageList_Create

  ImageList_SetOverlayImage

  ImageList_Read

  wininet

  FtpSetCurrentDirectoryA

  InternetGetConnectedState

  SetUrlCacheEntryGroup

  InternetAutodial

  FindFirstUrlCacheEntryExW

  HttpAddRequestHeadersW

  InternetOpenW

  FtpGetCurrentDirectoryW

  FtpGetCurrentDirectoryA

  InternetSetStatusCallback

  DeleteUrlCacheEntry

  InternetCanonicalizeUrlW

  InternetReadFileExA

  HttpQueryInfoA

  CommitUrlCacheEntryA

  CreateUrlCacheEntryW

  InternetSetCookieW

  FtpRemoveDirectoryW

  FtpCreateDirectoryA

  HttpQueryInfoW

  InternetSetOptionExA

  FtpDeleteFileW

  InternetAutodialHangup

  InternetSetOptionW

  InternetConnectW

  kernel32

  GetSystemInfo

  mpr

  WNetGetUserA

  WNetAddConnection2A

  WNetDisconnectDialog1W

  WNetGetNetworkInformationW

  user32

  DdeConnect

  LoadStringA

  DefDlgProcA

  ExitWindowsEx

  gdi32

  GdiGetBatchLimit

  GetBitmapDimensionEx

  msi

  ord164

  ord76

  ord20

  ord24

  ord46

  ord37

  ord19

  ord75

  ord10

  ord170

  ord70

  ord72

  ord29

  ord74

  ord42

  ord21

  ord25

  ord73

  ord11

  ord34

  ord15

  ord44

  ord40

  ord45

  ord168

  ord54

  ord52

  ord165

  ord71

  ord7

  ord59

  ord36

  ord43

  ord23

  ord30

  ord16

  shell32

  CommandLineToArgvW

  SHFreeNameMappings

  winmm

  auxOutMessage

  mciSetYieldProc

  midiStreamOpen

  mmioRenameA

  waveInGetErrorTextW

  mmioSeek

  waveOutGetErrorTextW

  joyGetPos

  midiInGetDevCapsW

  mmioStringToFOURCCA

  midiOutMessage

  waveInAddBuffer

  midiStreamRestart

  waveOutGetDevCapsW

  auxSetVolume

  mmioSendMessage

  midiInGetNumDevs

  mmioCreateChunk

  midiOutOpen

  mciGetErrorStringA

  midiInReset

  mmioAdvance

  mmioSetInfo

  midiOutGetErrorTextA

  mciGetDeviceIDW

  mmioSetBuffer

  timeKillEvent

  waveOutPrepareHeader

  midiInGetErrorTextW

  midiOutGetErrorTextW

  waveOutGetPosition

  mciGetYieldProc

  mciSendStringW

  midiInGetID

  waveOutOpen

  sndPlaySoundW

  mciSendCommandW

  mmioInstallIOProcA

  mciSendCommandA

  mixerGetLineInfoA

  mmioFlush

  waveOutGetVolume

  mixerMessage

  auxGetDevCapsA

  auxGetNumDevs

  mciGetCreatorTask

  waveOutSetPlaybackRate

  midiStreamPause

  mciGetDeviceIDA

  waveInGetID

  midiOutShortMsg

  midiInGetDevCapsA

  waveInGetNumDevs

  midiInClose

  midiOutGetDevCapsW

  mmioClose

  waveOutMessage

  mmioWrite

  waveOutClose

  mciSendStringA

  mixerGetControlDetailsW

  waveOutBreakLoop

  midiOutPrepareHeader

  waveInGetErrorTextA

  waveInGetPosition

  auxGetDevCapsW

  waveInReset

  midiDisconnect

  waveOutRestart

  mmioOpenW

  mciGetDeviceIDFromElementIDA

  midiOutCacheDrumPatches

  mmioAscend

  sndPlaySoundA

  mixerGetID

  waveInMessage

  midiInMessage

  timeGetSystemTime

  Sections

  .text

  Size: 192KB - Virtual size: 190KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 88KB - Virtual size: 84KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ