General

Malware Config

Signatures

Files

• b4cd73da2d48452218f1cd31ca321562.bin

  .zip

  Password: infected

• 2c5734f4d9cc0fc20f1a9e5c1fa0133f0894f73a24813be20b6a25da6d90842a.exe

  .exe windows x86

  Password: infected

  27646fe1057f21eaccb79bddb2ab15c5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  RaiseException

  GetLastError

  MultiByteToWideChar

  lstrlenA

  InterlockedDecrement

  GetProcAddress

  LoadLibraryA

  FreeResource

  SizeofResource

  LockResource

  LoadResource

  FindResourceA

  GetModuleHandleA

  Module32Next

  CloseHandle

  Module32First

  CreateToolhelp32Snapshot

  GetCurrentProcessId

  SetEndOfFile

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  LCMapStringA

  GetLocaleInfoA

  HeapFree

  GetProcessHeap

  HeapAlloc

  GetCommandLineA

  HeapCreate

  VirtualFree

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  VirtualAlloc

  HeapReAlloc

  HeapSize

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleHandleW

  Sleep

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  ReadFile

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  FlushFileBuffers

  SetFilePointer

  SetHandleCount

  GetFileType

  GetStartupInfoA

  RtlUnwind

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTickCount

  GetSystemTimeAsFileTime

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  CompareStringA

  CompareStringW

  SetEnvironmentVariableA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  CreateFileA

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  ole32

  OleInitialize

  oleaut32

  SafeArrayCreate

  SafeArrayAccessData

  SafeArrayUnaccessData

  SafeArrayDestroy

  SafeArrayCreateVector

  VariantClear

  VariantInit

  SysFreeString

  SysAllocString

  user32

  GetProcessWindowStation

  GetUserObjectInformationW

  Sections

  .text

  Size: - Virtual size: 101KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 3.3MB - Virtual size: 3.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 114KB - Virtual size: 237KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ