General

Malware Config

Signatures

Files

• c47525e3eeff5cafb1125a7f52314de9a3577a94b9c9b11ee91bc5e011f0e3c0

  .exe windows x86

  d69e4c13e25f0ad622344ac56118c0df

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetComputerNameW

  GetModuleFileNameA

  GetCurrentProcessId

  OpenProcess

  GetModuleFileNameW

  SetLastError

  WaitForSingleObject

  CreateEventW

  FreeLibrary

  WinExec

  GetPrivateProfileStringW

  CopyFileW

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  LocalFree

  LocalAlloc

  LoadResource

  FindResourceW

  SizeofResource

  LockResource

  GetTickCount

  GetCurrentThread

  Sleep

  GetProcessHeap

  HeapAlloc

  GetLastError

  GetTempPathA

  SetCurrentDirectoryW

  GetShortPathNameA

  LoadLibraryW

  GetProcAddress

  WideCharToMultiByte

  MultiByteToWideChar

  SystemTimeToFileTime

  DosDateTimeToFileTime

  GetCurrentProcess

  DuplicateHandle

  CloseHandle

  WriteFile

  SetFileTime

  SetFilePointer

  ReadFile

  GetFileType

  CreateFileW

  CreateDirectoryW

  TerminateProcess

  GetCurrentDirectoryW

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  GetTimeZoneInformation

  GetFileSizeEx

  GetConsoleOutputCP

  SetFilePointerEx

  ReadConsoleW

  GetConsoleMode

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetCommandLineW

  GetCommandLineA

  GetStdHandle

  ExitProcess

  GetModuleHandleExW

  FreeLibraryAndExitThread

  ExitThread

  CreateThread

  LoadLibraryExW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  RtlUnwind

  RaiseException

  GetStringTypeW

  WriteConsoleW

  GetCPInfo

  CompareStringEx

  LCMapStringEx

  DecodePointer

  EncodePointer

  InitializeCriticalSectionEx

  InitializeSListHead

  GetStartupInfoW

  IsDebuggerPresent

  GetModuleHandleW

  ResetEvent

  SetEvent

  InitializeCriticalSectionAndSpinCount

  IsProcessorFeaturePresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  FlushFileBuffers

  QueryPerformanceCounter

  MapViewOfFile

  CreateFileMappingW

  AreFileApisANSI

  TryEnterCriticalSection

  HeapCreate

  HeapFree

  EnterCriticalSection

  GetFullPathNameW

  GetDiskFreeSpaceW

  OutputDebugStringA

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  GetFileAttributesW

  GetCurrentThreadId

  UnmapViewOfFile

  HeapValidate

  HeapSize

  FormatMessageW

  GetDiskFreeSpaceA

  GetFileAttributesA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  LoadLibraryA

  WaitForSingleObjectEx

  DeleteFileA

  DeleteFileW

  HeapReAlloc

  GetSystemInfo

  HeapCompact

  HeapDestroy

  UnlockFile

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  advapi32

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  LookupAccountNameW

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  IsValidSecurityDescriptor

  InitializeSecurityDescriptor

  InitializeAcl

  GetTokenInformation

  GetLengthSid

  FreeSid

  EqualSid

  DuplicateToken

  AllocateAndInitializeSid

  AddAccessAllowedAce

  AccessCheck

  OpenThreadToken

  OpenProcessToken

  shell32

  ShellExecuteExA

  ole32

  CoInitializeEx

  CoGetObject

  CoUninitialize

  wininet

  InternetGetCookieExA

  netapi32

  Netbios

  ntdll

  RtlInitUnicodeString

  NtFreeVirtualMemory

  LdrEnumerateLoadedModules

  RtlEqualUnicodeString

  RtlAcquirePebLock

  NtAllocateVirtualMemory

  RtlReleasePebLock

  RtlNtStatusToDosError

  RtlCreateHeap

  RtlDestroyHeap

  RtlAllocateHeap

  RtlFreeHeap

  NtClose

  NtOpenKey

  NtEnumerateValueKey

  NtQueryValueKey

  Sections

  .text

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .mwsjhus

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 174KB - Virtual size: 174KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .mwsjhus

  Size: 512B - Virtual size: 80B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ