General

Malware Config

Signatures

Files

• c2d29eae29b580373b1f7cdf9635370f686aadf586c811d5b6001441b4008ade

  .exe windows x86

  b8cee3794245cfbd2fd3c48305c90847

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ExitThread

  SetFilePointer

  SetUnhandledExceptionFilter

  GetTickCount

  TerminateThread

  GetPrivateProfileStringW

  WideCharToMultiByte

  GetModuleHandleW

  MoveFileW

  CreateWaitableTimerW

  WriteConsoleW

  WaitForMultipleObjects

  TlsAlloc

  WaitForSingleObject

  MoveFileExW

  GetLocalTime

  HeapAlloc

  LCMapStringW

  EnterCriticalSection

  SetHandleCount

  CreateThread

  FindFirstFileW

  GetProcAddress

  CloseHandle

  GetFileSizeEx

  InterlockedDecrement

  Sleep

  MultiByteToWideChar

  SetWaitableTimer

  GetConsoleMode

  IsValidCodePage

  HeapFree

  GetStartupInfoW

  GetConsoleCP

  ReleaseMutex

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetStringTypeW

  HeapSize

  SetFilePointerEx

  CreateFileW

  InterlockedIncrement

  CreateEventW

  ReadFile

  CreateMutexW

  GetCurrentProcessId

  QueryPerformanceCounter

  DeleteCriticalSection

  GetModuleFileNameW

  TerminateProcess

  SetStdHandle

  GetFullPathNameW

  GetCPInfo

  GetStdHandle

  GetFileType

  SetFileTime

  LoadLibraryW

  GetCurrentProcess

  HeapCreate

  FindNextFileW

  ReadConsoleInputA

  FlushFileBuffers

  GetCommandLineW

  FreeEnvironmentStringsW

  GetLastError

  WriteFile

  VirtualAlloc

  SetLastError

  HeapSetInformation

  GetEnvironmentStringsW

  ExitProcess

  UnhandledExceptionFilter

  FindClose

  SleepEx

  SetCurrentDirectoryW

  TlsSetValue

  TlsGetValue

  SetConsoleMode

  LeaveCriticalSection

  RtlUnwind

  IsDebuggerPresent

  TlsFree

  CreateDirectoryW

  GetACP

  HeapReAlloc

  DeleteFileW

  SetEvent

  GetOEMCP

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  gdi32

  ChoosePixelFormat

  advapi32

  DeleteService

  CreateServiceW

  OpenServiceW

  ChangeServiceConfig2W

  CloseServiceHandle

  OpenSCManagerW

  ControlService

  RegisterServiceCtrlHandlerW

  StartServiceW

  StartServiceCtrlDispatcherW

  SetServiceStatus

  wininet

  InternetSetOptionW

  InternetReadFile

  InternetOpenW

  HttpSendRequestA

  HttpOpenRequestA

  InternetQueryDataAvailable

  InternetConnectA

  InternetCloseHandle

  HttpQueryInfoA

  netapi32

  NetApiBufferFree

  wtsapi32

  WTSVirtualChannelClose

  dnsapi

  DnsReplaceRecordSetA

  Exports

  Exports

  _nax

  Sections

  .text

  Size: 556KB - Virtual size: 555KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .abc

  Size: 219KB - Virtual size: 219KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .234

  Size: - Virtual size: 5.3MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 828B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .joke

  Size: 512B - Virtual size: 109B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .poke

  Size: 512B - Virtual size: 88B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 57B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ