General

Malware Config

Signatures

Files

• ac17500d6e5e630ca82662a2408aa44e926e105bda990b11227db9f436042bb4

  .exe windows x86

  7987ca24ae5de1f6209e786e16a7c145

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetPrivateProfileStructW

  CreateSemaphoreA

  GetComputerNameA

  GetThreadPriority

  OpenWaitableTimerA

  IsDBCSLeadByteEx

  DeleteVolumeMountPointA

  MapViewOfFile

  CreateMailslotW

  GetCalendarInfoW

  FlushViewOfFile

  GetUserDefaultUILanguage

  GetProcessVersion

  SetConsoleActiveScreenBuffer

  CancelWaitableTimer

  DeleteFileA

  SetUnhandledExceptionFilter

  LoadResource

  GetProfileStringA

  AddAtomW

  GetMailslotInfo

  GetExitCodeThread

  GetProfileStringW

  MoveFileW

  GetSystemDefaultUILanguage

  GetSystemDirectoryW

  GetWindowsDirectoryA

  GetConsoleAliasA

  GetVolumePathNameA

  SetConsoleCtrlHandler

  GetHandleInformation

  GetFileType

  DeviceIoControl

  IsBadReadPtr

  FindFirstFileW

  GetWindowsDirectoryW

  ReadDirectoryChangesW

  DeleteTimerQueue

  GetPrivateProfileIntA

  GetConsoleAliasExesLengthW

  GetFileSizeEx

  GetStdHandle

  GetStringTypeExW

  lstrcatW

  DnsHostnameToComputerNameW

  SetConsoleMode

  CreateDirectoryW

  CompareStringA

  SetThreadPriority

  GetPrivateProfileSectionNamesW

  SetCurrentDirectoryW

  MapViewOfFileEx

  RemoveDirectoryW

  FormatMessageA

  GlobalLock

  FindFirstVolumeA

  DisconnectNamedPipe

  GetFileTime

  GetCurrentDirectoryA

  ResetEvent

  SetHandleInformation

  GetCPInfo

  GetConsoleAliasExesA

  QueueUserWorkItem

  SetTapePosition

  GetDiskFreeSpaceA

  GetCurrencyFormatW

  SetEndOfFile

  GetSystemDirectoryA

  GetTimeFormatA

  GetLogicalDriveStringsA

  CreateMutexA

  GetProfileSectionW

  FreeEnvironmentStringsW

  GetFileAttributesExW

  GetStartupInfoA

  EnumCalendarInfoW

  GetVersion

  GetBinaryTypeW

  LCMapStringA

  SetProcessAffinityMask

  SetThreadPriorityBoost

  GetEnvironmentStrings

  GetProcAddress

  OpenEventW

  DefineDosDeviceW

  FlushFileBuffers

  SetErrorMode

  CreateDirectoryA

  GetLocaleInfoA

  FindResourceExA

  GetVolumeNameForVolumeMountPointA

  ReleaseMutex

  GetLongPathNameW

  CreateEventW

  SetThreadLocale

  GetConsoleOutputCP

  GetThreadTimes

  DnsHostnameToComputerNameA

  GetNamedPipeHandleStateA

  GetModuleHandleA

  SetWaitableTimer

  Module32NextW

  OpenSemaphoreA

  GetConsoleAliasExesLengthA

  IsSystemResumeAutomatic

  FlushInstructionCache

  GetNamedPipeInfo

  PeekNamedPipe

  GetDateFormatW

  CreateWaitableTimerA

  GetPrivateProfileStringA

  DefineDosDeviceA

  SetVolumeMountPointA

  GetNumberFormatW

  CancelIo

  CreateJobObjectA

  GetVolumeInformationW

  DosDateTimeToFileTime

  ReplaceFileA

  CreateNamedPipeW

  SetFileAttributesA

  OpenEventA

  GetCompressedFileSizeA

  GetUserDefaultLangID

  SetThreadContext

  GetSystemWindowsDirectoryW

  SwitchToThread

  SetThreadAffinityMask

  FindResourceW

  SetProcessPriorityBoost

  FindFirstVolumeW

  SetSystemTimeAdjustment

  FlushConsoleInputBuffer

  CopyFileW

  SetCalendarInfoA

  GetPrivateProfileSectionNamesA

  SetLocaleInfoW

  GetDateFormatA

  FindFirstFileExA

  GetLogicalDrives

  GetTapeStatus

  VirtualAlloc

  CreateJobObjectW

  GetConsoleAliasExesW

  CreateHardLinkW

  GetPriorityClass

  GetFileAttributesW

  MultiByteToWideChar

  LCMapStringW

  ExpandEnvironmentStringsW

  Toolhelp32ReadProcessMemory

  OpenFileMappingW

  GetConsoleMode

  ConvertDefaultLocale

  GetThreadLocale

  SetCurrentDirectoryA

  IsValidCodePage

  GetAtomNameW

  CopyFileExA

  FindAtomA

  SetMailslotInfo

  GetDevicePowerState

  ReleaseSemaphore

  SetComputerNameExA

  GetStringTypeW

  MoveFileExW

  GetCurrentThread

  SetConsoleDisplayMode

  ReadFile

  ReadProcessMemory

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  SetSystemPowerState

  AreFileApisANSI

  OpenJobObjectW

  OpenSemaphoreW

  HeapReAlloc

  HeapAlloc

  HeapSize

  RtlUnwind

  GetOEMCP

  GetACP

  Sleep

  HeapFree

  GetCurrentProcess

  TerminateProcess

  IsDebuggerPresent

  UnhandledExceptionFilter

  LoadLibraryW

  EnterCriticalSection

  GetCommandLineA

  HeapSetInformation

  GetModuleHandleW

  ExitProcess

  DecodePointer

  WriteFile

  GetModuleFileNameW

  GetModuleFileNameA

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetStartupInfoW

  DeleteCriticalSection

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  HeapCreate

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  IsProcessorFeaturePresent

  user32

  RedrawWindow

  advapi32

  RegDeleteKeyW

  RegEnumKeyExW

  SetFileSecurityW

  StartServiceW

  SetSecurityDescriptorOwner

  QueryServiceStatus

  RegOpenKeyExA

  RegSetValueExA

  GetSidLengthRequired

  GetAclInformation

  CryptReleaseContext

  CryptGenRandom

  RegQueryInfoKeyA

  GetSecurityDescriptorDacl

  StartServiceA

  GetSecurityDescriptorSacl

  IsValidSid

  RegDeleteValueA

  SetThreadToken

  AllocateAndInitializeSid

  RegDeleteKeyA

  RegEnumValueA

  SetSecurityDescriptorDacl

  CloseServiceHandle

  RegConnectRegistryW

  RegQueryValueExW

  oleaut32

  SysAllocStringByteLen

  VariantCopy

  VariantClear

  SafeArrayGetLBound

  SysStringLen

  VariantChangeType

  SysFreeString

  VariantChangeTypeEx

  SafeArrayGetUBound

  SysReAllocStringLen

  GetActiveObject

  SafeArrayPtrOfIndex

  VariantCopyInd

  GetErrorInfo

  SysAllocStringLen

  SafeArrayCreate

  VariantInit

  Sections

  .text

  Size: 243KB - Virtual size: 242KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 589KB - Virtual size: 589KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 472KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ