General

Malware Config

Signatures

Files

• Updates.rar

  .rar
• Resource.bin
• Run.vbs

  .vbs
• WindowsService.exe

  .exe windows x64

  9aa125b7d69730c719ee12248cf73a8a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  SizeofResource

  FlsSetValue

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  ShowWindow

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  msvcp140

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  wininet

  InternetReadFile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  memcmp

  api-ms-win-crt-stdio-l1-1-0

  fputc

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  api-ms-win-crt-runtime-l1-1-0

  _exit

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-utility-l1-1-0

  srand

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �.�*�?v��x�Z6�C?nj���q@�Q:ug�4j찹Kw�j�c)����r�1��N�����L*�c�9�'G�uy��JKfcU�*Ĩd7�D�,R�^���(�.=�>��B�@<��v�Y~����7b�G!</�ot�0�����w��c�Ģ_~фg������*�,����Z)�hINs��� ً��=D����%/�N�P�n.z*�XeC⻦��XK6y��ę� {Z�byᲔQ��T�� �JV��΃B���֞x�̾�q�ǯ^N���۞�9���{��l�<�qk~��a��"���rN�p�Gg<K�W�{g �x�:s���`EG/�M쐮��V��|��� Y��I�K�����@��H�ǻ�����nή�|qA�l��κ~Jj��g�H ,���r��K�C�����Լ��E����"{�����k+6�Sx^5=F�0�cĮ�/�b&_ʳ6�F]o�>�1M���NH��YE�_����e�S+0|@���-�j�f2;"�����v�&�z�b�� �#Y�e�Qw wuJ'� L�y,h2��� yB9�M��"�]z4j��T���0�W����,�{�^�M���)U���M�k�B����/g��)xde�e��J\@a�"Fہf��f����V
  �*��1�0�`�����r¦��S�����)�1}�Q��`�[*(f�S˜��V���l�u�bH.{�a�E��.s� ot$�^P�n~�2��1��CeA|WpP�����=2�Fm��P��,�R2�x3�>&�0k��������L�t,��9ә>����������bq{GI��,��
  k���(f+ #* ��U���"�A�Jp�q��*Ў�HS�� ܲd� ��|k��8�Ab�:�s���|�?"Mm�'٠<��r��ߥS�������+��vl"���� ��_�)��R�ˡع�2d�9y��6b���j(+L����/c�z��ic��d�k��c���\�o� k�<g.kkAg��@/���Ea�n����j7�*�� N�\�\(���C�hW9�޵h\8}�ap�)��裍ơ|��g1o1vr�
  "��j�����n���K�")���=AR�'^���\$q� ٖ��b�ۦq�.��;cC��/�����)������#�yZLCsd�[�����y)ʉLv���&Z��9@�������X�E��?�D��A~�.Ӗ7y|=ՙ��������i�G��ұE�ނ> ��T�I�͒����˄nz�Q��"@��P�`˅����x�������,d*z�3j>=b w
  *<��D�����B�_aN�m���ו6�����s�;��ae��$Ya��^ F��b���'_���I�q������c�E� ��Drk��������:�p�$��p�[�o=6��7�E/���O�gz����ptx�������"�l�ɋ2�Xc<]��>�����!�|�E9�i:
  J��e׋$�����饉�v�+��S�}�T�1!&yt����ʎ�05�z���i�R��{왢�\�����n6놤[�p���@����.��i�/��&"��F$D�˅k�����Ӥ���T�v-�h��m>�/ݔ]e�(�{�!���;��m�� �̾����b�M�S�J�:�4�F1�0���pE�"<E׾��������\��⪅#>Rex���\:���{�}vC����nE��Cu��?��AT5?n���`���i9��E�uF�ߛ���R-�������P�$F�Rw'E��ᅐRǻ M(V)L���!F����o��ы�X����dj��/‚n�5��P?i�*{�݋OB�gװ*fP1�*�[oX�Wq�C���>o�k�¨ �km�|]�_��h ��
  T8Nm'��V�8s�~���S:r��b�.[���E�4���)E�� 3''���4��T��¼^V�H)x��w�~4������_���='�QV&J_\����LW��x`���o��ʱ�Ta��ܶxq��<g���sm-B��N�UC[!�ƞ�rW�Cϻm7��/��}ip!�:�4n��}�N�ur�1
  [�xpm��W*��Ep���H��"Ѩ��1�E!��71� u��HvC����Cb�q�{Q ���q�"?�R��YC'�P���I����zN������f�#��C���sֈ5�iȞ�_��*�",g�\���9�.��9"�D����2�/Ѣ���όad1��#b���Ki�ji���Sp�����+ͥ?�)
  yr\}"��~�߶3�$`�����6ϝR�90��V�C���'!���sn��coC��fs^;���q�,��� Օ��Q����H�}�b�_b���4+_�����j��FlP����S�L�O��*����%eXF�' ���)� )�[c~�4���S��ob!|��~v�!�n���ύ�3N,R�T�����ج�ȏKB)p��;0�;4��N�Lf�� �
  #��9�z���,
  |Pd��5���/���I��(X� �s�W��sE�ޯm���ְ������2���w�*�I�X�����*�߰ep80*���/g���nh�8�E�1�L�ވ<��cI��,]0O�TK��Jf��l-�^�[���fQ�B/1�ŸF�c���łT\_6���|���r��3��cF���T5�Y~�?}I�%�3sf�c��8P��,0�ދ�[�����ќngs�դ@�[4���%'��wJ�pp1%��Q�a�80���/K>:���  =�0&IMB�C��$C���J=Z�4gh����3z�K`i�Ұb�_�K
  ��h#窜�/������I)�߹��^���R#�M�=Ж1���M��5��)|����G�����xPGK���3?p�D��^"N��'b�C��jύd�=H����[1|�`�W�)o��UX��¯�2������G�&��+��PR�>�\Bƕ`�#��lO� 8���Ί�7��_�|V�C0�~��T$�����*�^es��t%7��߿�h 6&FFRL��Ohy$�yO��b6��_U4�(&��Ui�C����mV����"��ժ���~U�]

  Sections

  .text

  Size: - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 5.3MB - Virtual size: 5.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• import.reg
• md5.txt
• updatebackend.log