General

Malware Config

Signatures

Files

• 828e97849947eac4a9ca96aade810bc90564831d648a6b16c0c7902e465e6b74

  .cab
• ICONCH~1.EXE

  .exe windows x86

  b83464d8132ecd9f810820e192566e15

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  RegCloseKey

  EqualSid

  AllocateAndInitializeSid

  GetTokenInformation

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  FreeSid

  RegDeleteValueA

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  kernel32

  lstrcatA

  GetFileAttributesA

  GetShortPathNameA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  GetCurrentProcess

  lstrlenA

  lstrcmpiA

  lstrcpyA

  GetModuleFileNameA

  FreeLibrary

  LocalAlloc

  GetLastError

  GetSystemDirectoryA

  LoadLibraryA

  FindClose

  FindNextFileA

  DeleteFileA

  SetFileAttributesA

  lstrcmpA

  FindFirstFileA

  _lclose

  _llseek

  _lopen

  GetWindowsDirectoryA

  GetProcAddress

  RemoveDirectoryA

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  ExitProcess

  GetModuleHandleA

  GetStartupInfoA

  CloseHandle

  LoadResource

  FindResourceA

  CreateMutexA

  SetEvent

  CreateEventA

  SetCurrentDirectoryA

  CreateThread

  ResetEvent

  TerminateThread

  GetVersionExA

  LocalFree

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  GetTempPathA

  FreeResource

  LockResource

  SizeofResource

  CreateFileA

  ReadFile

  WriteFile

  SetFilePointer

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  GetTempFileNameA

  GetSystemInfo

  GetDiskFreeSpaceA

  GetDriveTypeA

  lstrcpynA

  GetVolumeInformationA

  GetCurrentDirectoryA

  LoadLibraryExA

  GetCommandLineA

  CreateDirectoryA

  GlobalFree

  FormatMessageA

  IsDBCSLeadByte

  gdi32

  GetDeviceCaps

  user32

  EndDialog

  wsprintfA

  ExitWindowsEx

  CharNextA

  CharUpperA

  GetDesktopWindow

  SetWindowLongA

  GetWindowLongA

  CallWindowProcA

  GetDlgItem

  SetForegroundWindow

  SetWindowTextA

  SendDlgItemMessageA

  EnableWindow

  GetDlgItemTextA

  SendMessageA

  DispatchMessageA

  LoadStringA

  PeekMessageA

  MessageBoxA

  CharPrevA

  SetWindowPos

  ReleaseDC

  GetDC

  GetWindowRect

  ShowWindow

  DialogBoxIndirectParamA

  SetDlgItemTextA

  MessageBeep

  MsgWaitForMultipleObjects

  comctl32

  ord17

  version

  GetFileVersionInfoSizeA

  VerQueryValueA

  GetFileVersionInfoA

  Sections

  .text

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• SERVER~1.EXE

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 26KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 928B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Themida

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE