General

Malware Config

Signatures

Files

• cafefec8ed6188e21296fce53d063f379c440bdc03bb42762201b4a59fddf7f7

  .exe windows x86

  0898d10774f13ede8370f3f926c4ec26

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  newdev

  UpdateDriverForPlugAndPlayDevicesW

  iphlpapi

  GetIpAddrTable

  user32

  CreateWindowExW

  IsWindow

  GetDlgItem

  SendMessageA

  DestroyWindow

  EnumChildWindows

  GetWindowThreadProcessId

  kernel32

  TlsAlloc

  GetSystemTimeAsFileTime

  TerminateProcess

  TlsFree

  TlsGetValue

  GetCPInfo

  AddAtomA

  GetVersionExA

  UnhandledExceptionFilter

  GetACP

  GetStartupInfoA

  VirtualAlloc

  GetEnvironmentStringsW

  SetEndOfFile

  QueryPerformanceCounter

  GetCurrentProcessId

  EnumResourceNamesW

  GetFileType

  SetHandleCount

  TlsSetValue

  WriteFile

  GetSystemInfo

  VirtualFree

  HeapDestroy

  lstrcatW

  GetLocaleInfoA

  GetModuleFileNameA

  FreeEnvironmentStringsA

  IsBadWritePtr

  SetLastError

  HeapCreate

  GetOEMCP

  GetEnvironmentStrings

  VirtualQuery

  GetCurrentProcess

  InterlockedExchange

  HeapSize

  FreeEnvironmentStringsW

  GetStdHandle

  SetUnhandledExceptionFilter

  setupapi

  CM_Get_Global_State

  SetupDiGetDeviceRegistryPropertyW

  CMP_WaitNoPendingInstallEvents

  CM_Get_DevNode_Status

  mprapi

  MprConfigServerDisconnect

  MprConfigServerConnect

  MprConfigGetFriendlyName

  shell32

  SHGetFolderPathW

  Sections

  .text

  Size: 130KB - Virtual size: 281KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 128KB - Virtual size: 127KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ