General

Malware Config

Signatures

Files

• 2593e25ff0b8df13067071ca27532c46e9de52cadb3b0159a8879f68d2d12762

  .exe windows x86

  ee8b96ab5e083032c582f99327f32662

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  UpdateLayeredWindow

  IsCharAlphaNumericA

  SetWindowContextHelpId

  ExcludeUpdateRgn

  ArrangeIconicWindows

  CreateIconFromResourceEx

  RealChildWindowFromPoint

  GetQueueStatus

  VkKeyScanExA

  MapVirtualKeyExA

  GetKeyboardLayoutNameW

  SetClipboardViewer

  GetAsyncKeyState

  DefFrameProcA

  GetProcessDefaultLayout

  GetClientRect

  IsRectEmpty

  ModifyMenuW

  CallNextHookEx

  GetClassInfoW

  SetWindowTextW

  GetMenu

  GetCapture

  EnableMenuItem

  RedrawWindow

  DrawStateW

  GetClassInfoExW

  GetMessageW

  SetMenuItemBitmaps

  ShowWindow

  SystemParametersInfoA

  GetNextDlgTabItem

  SetCursor

  InvalidateRect

  BringWindowToTop

  SetWindowsHookExW

  LoadCursorW

  GetDC

  MessageBoxW

  LoadStringW

  SendDlgItemMessageA

  PostQuitMessage

  RegisterClipboardFormatW

  GetLastActivePopup

  ReleaseDC

  ExitWindowsEx

  SetWindowPos

  IsWindow

  GetPropW

  IsChild

  GetActiveWindow

  PostThreadMessageW

  PostMessageW

  GetMenuItemID

  DestroyMenu

  OffsetRect

  UnhookWindowsHookEx

  RegisterClassExW

  DestroyWindow

  GetTopWindow

  WinHelpW

  SetRect

  GetDlgCtrlID

  GetDesktopWindow

  ValidateRect

  GetClassLongW

  GetSubMenu

  RemovePropW

  DrawTextExW

  CallWindowProcW

  SendDlgItemMessageW

  IsWindowVisible

  EndDialog

  SetActiveWindow

  LoadBitmapW

  IntersectRect

  IsDialogMessageW

  SendMessageW

  CharUpperW

  IsWindowEnabled

  GetDlgItem

  GetWindowLongW

  MapWindowPoints

  GetWindowRect

  GetWindowPlacement

  CopyRect

  ClientToScreen

  TabbedTextOutW

  GetWindowTextW

  SetCapture

  PeekMessageW

  InvalidateRgn

  PtInRect

  SetKeyboardState

  GetMenuState

  GetNextDlgGroupItem

  GetSystemMetrics

  GetWindowDC

  IsIconic

  GetKeyState

  GetGuiResources

  GetCursorPos

  GetWindowWord

  CopyAcceleratorTableA

  MapVirtualKeyW

  MonitorFromPoint

  SetParent

  SetUserObjectInformationW

  GetSysColorBrush

  CreateAcceleratorTableW

  DeferWindowPos

  comdlg32

  GetFileTitleW

  shell32

  SHGetFolderPathW

  oledlg

  OleUIBusyW

  ole32

  CLSIDFromProgID

  CoTaskMemAlloc

  CreateILockBytesOnHGlobal

  CLSIDFromString

  StgCreateDocfileOnILockBytes

  CoTaskMemFree

  StgOpenStorageOnILockBytes

  CoGetClassObject

  OleIsCurrentClipboard

  advapi32

  RegEnumValueW

  RegOpenKeyExW

  CheckTokenMembership

  RegDeleteValueW

  OpenProcessToken

  RegCloseKey

  LookupPrivilegeValueW

  RegSetValueExW

  RegEnumKeyW

  RegOpenKeyW

  RegEnumKeyExW

  RegQueryValueW

  gdi32

  DPtoLP

  CreateBitmap

  SetMapMode

  SetBkColor

  GetViewportExtEx

  DeleteDC

  GetStockObject

  ScaleWindowExtEx

  GetWindowExtEx

  GetMapMode

  GetClipBox

  SetWindowExtEx

  GetDeviceCaps

  PtVisible

  Escape

  SelectObject

  GetRgnBox

  ExtSelectClipRgn

  ExtTextOutW

  SetViewportOrgEx

  SaveDC

  shlwapi

  PathStripToRootW

  PathFindFileNameW

  PathIsUNCW

  PathFindExtensionW

  winspool.drv

  ClosePrinter

  OpenPrinterW

  DocumentPropertiesW

  kernel32

  GetUserDefaultLCID

  CreateFileA

  GetSystemDirectoryW

  GetModuleHandleA

  GetStartupInfoW

  GetLocaleInfoA

  FreeEnvironmentStringsA

  GlobalAddAtomW

  GetSystemDefaultLCID

  GlobalAlloc

  GlobalUnlock

  DeleteFileA

  LoadLibraryExW

  ReleaseMutex

  FindClose

  GetFullPathNameW

  GetModuleFileNameA

  LCMapStringA

  GetDriveTypeA

  GetStringTypeA

  CreateEventW

  GetEnvironmentVariableW

  GetConsoleMode

  LoadResource

  LoadLibraryA

  GlobalReAlloc

  GetConsoleOutputCP

  DeleteFileW

  WritePrivateProfileStringW

  GetFileAttributesA

  GetStartupInfoA

  VirtualFree

  GetStdHandle

  GetExitCodeThread

  GetTimeFormatA

  GetExitCodeProcess

  SetCurrentDirectoryW

  LeaveCriticalSection

  Sleep

  GetCPInfo

  WaitForSingleObject

  GetCommandLineA

  GetSystemDefaultLangID

  WriteConsoleW

  CreatePipe

  BeginUpdateResourceW

  GetFileTime

  HeapFree

  GetDiskFreeSpaceExW

  LockResource

  FreeEnvironmentStringsW

  WriteFile

  GetFileAttributesW

  LocalAlloc

  CompareStringW

  VirtualQuery

  GetStringTypeW

  UnhandledExceptionFilter

  GetSystemTimeAsFileTime

  TerminateProcess

  GetConsoleCP

  GetACP

  GetCurrentThreadId

  VirtualProtect

  GetModuleHandleW

  SetLastError

  FindResourceW

  SetHandleCount

  GetCommandLineW

  GlobalFlags

  GetVersionExW

  FindResourceExW

  TlsGetValue

  GetOEMCP

  FindFirstFileW

  SetStdHandle

  FlushFileBuffers

  QueryPerformanceCounter

  UnlockFile

  GetPrivateProfileStringW

  GetTickCount

  GetLocaleInfoW

  GetProcessHeap

  FindNextFileW

  MoveFileA

  GetSystemInfo

  GlobalFree

  SetFilePointer

  GetEnvironmentStringsW

  EnumResourceLanguagesW

  UpdateResourceW

  SetErrorMode

  InitializeCriticalSection

  GetProcAddress

  GetCurrentProcessId

  SetUnhandledExceptionFilter

  ExitProcess

  GetEnvironmentStrings

  WideCharToMultiByte

  GetLastError

  GetFileType

  DeleteCriticalSection

  TlsAlloc

  TlsFree

  InterlockedIncrement

  InterlockedDecrement

  HeapCreate

  EnterCriticalSection

  GetCurrentProcess

  IsDebuggerPresent

  InitializeCriticalSectionAndSpinCount

  IsValidCodePage

  HeapAlloc

  HeapSize

  MultiByteToWideChar

  CopyFileW

  GetWindowsDirectoryW

  HeapReAlloc

  TlsSetValue

  EnumSystemLocalesA

  CompareStringA

  LCMapStringW

  lstrcmpW

  RtlUnwind

  IsValidLocale

  PostQueuedCompletionStatus

  GetLogicalDrives

  GlobalUnWire

  GetVersion

  ReplaceFileA

  QueryInformationJobObject

  GetThreadIOPendingFlag

  GetAtomNameW

  CloseHandle

  GetFileInformationByHandle

  GetModuleFileNameW

  VirtualAlloc

  EscapeCommFunction

  Sections

  .text

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 108KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 105KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ