General

Malware Config

Signatures

Files

• 931e5e524aa50a86a2d3178e0c909fce879074a0e8f8aaba82dfec58a9612f3a

  .exe windows x86

  a7a9a18566e52db7fed27c8a0d15b2be

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalUnlock

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapValidate

  LCMapStringA

  LCMapStringW

  LoadLibraryExW

  LoadLibraryW

  MoveFileW

  MulDiv

  MultiByteToWideChar

  OpenProcess

  ReadFile

  RemoveDirectoryW

  RtlUnwind

  SearchPathW

  SetCalendarInfoA

  SetConsoleDisplayMode

  SetConsoleTitleA

  SetCurrentDirectoryW

  GetWindowsDirectoryW

  SetErrorMode

  SetFileAttributesW

  SetFilePointer

  SetFileTime

  SetVolumeMountPointW

  TerminateProcess

  VirtualAlloc

  WaitForSingleObject

  WideCharToMultiByte

  WriteFile

  WritePrivateProfileStringW

  lstrcatA

  lstrcatW

  lstrcmpA

  lstrcmpW

  lstrcmpiA

  lstrcmpiW

  lstrcpyA

  lstrcpyW

  lstrcpynA

  lstrcpynW

  lstrlenA

  lstrlenW

  GetVersionExW

  GetVersionExA

  GetVersion

  GetTickCount

  GetThreadTimes

  GetTempPathW

  GetTempFileNameW

  GetSystemWindowsDirectoryW

  GetSystemDirectoryW

  GetStringTypeW

  GetStringTypeA

  GetStdHandle

  GetShortPathNameW

  GetProcessIoCounters

  GetProcessHeap

  GetPrivateProfileStringW

  GetModuleHandleW

  GetModuleFileNameW

  GetLastError

  GetFullPathNameW

  GetFileSize

  GetFileAttributesW

  GetExitCodeProcess

  GetDiskFreeSpaceW

  GetCurrentProcessId

  GetCurrentProcess

  GetConsoleTitleA

  GetConsoleAliasesLengthW

  GetCommandLineW

  GetCommandLineA

  GetCommModemStatus

  GetAtomNameW

  FreeLibrary

  FoldStringW

  FindVolumeMountPointClose

  FindNextFileW

  FindFirstFileW

  FindCloseChangeNotification

  FindClose

  ExpandEnvironmentStringsW

  ExitProcess

  EnumDateFormatsW

  DeleteFileW

  CreateToolhelp32Snapshot

  CreateThread

  CreateProcessW

  CreateProcessA

  CreateFileW

  CreateDirectoryW

  CopyFileW

  CompareFileTime

  CloseHandle

  GetModuleHandleA

  LoadLibraryA

  Sleep

  GetProcAddress

  SetDefaultCommConfigW

  user32

  InvalidateRgn

  IsDialogMessageW

  IsDlgButtonChecked

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  LoadBitmapW

  LoadCursorW

  LoadImageW

  MessageBoxExA

  MessageBoxIndirectW

  MoveWindow

  OemToCharBuffW

  OemToCharW

  OpenClipboard

  PeekMessageW

  PostMessageA

  PostQuitMessage

  RealGetWindowClassW

  RegisterClassW

  RemovePropA

  ScreenToClient

  SendDlgItemMessageA

  SendIMEMessageExW

  SendMessageTimeoutW

  SendMessageW

  SetClassLongW

  SetClipboardData

  SetCursor

  SetDlgItemTextA

  SetDlgItemTextW

  SetForegroundWindow

  SetPropA

  SetThreadDesktop

  SetTimer

  SetUserObjectInformationA

  SetWindowLongW

  SetWindowPos

  SetWindowTextA

  SetWindowTextW

  ShowWindow

  ShowWindowAsync

  SystemParametersInfoA

  SystemParametersInfoW

  TrackPopupMenu

  TranslateMessage

  wsprintfA

  wsprintfW

  wvsprintfA

  wvsprintfW

  GetClassNameA

  GetClassInfoW

  InvalidateRect

  FindWindowExW

  FindWindowA

  FillRect

  ExitWindowsEx

  EqualRect

  EnumWindows

  EnumChildWindows

  EndPaint

  EndDialog

  EnableWindow

  EnableMenuItem

  EmptyClipboard

  DrawTextW

  DispatchMessageW

  DialogBoxParamW

  DestroyWindow

  DefWindowProcW

  DdeQueryStringA

  DdeAddData

  CreateWindowStationW

  CreateWindowExW

  CreateDialogParamW

  CheckDlgButton

  CharPrevW

  CharNextW

  CharNextA

  ChangeDisplaySettingsExA

  CallWindowProcW

  BeginPaint

  AppendMenuW

  GetSysColorBrush

  LoadCursorA

  LoadCursorFromFileA

  GetDC

  GetProcessWindowStation

  CreatePopupMenu

  OemKeyScan

  GetTopWindow

  EnumClipboardFormats

  IsCharUpperW

  GetShellWindow

  InSendMessage

  CloseWindow

  CharUpperW

  GetWindowTextLengthA

  VkKeyScanA

  CloseClipboard

  GetWindowTextLengthW

  GetForegroundWindow

  DestroyCursor

  GetWindowThreadProcessId

  GetWindowTextA

  GetWindowRect

  GetWindowPlacement

  GetWindowLongW

  GetWindowLongA

  GetWindow

  GetSystemMetrics

  GetSystemMenu

  GetSysColor

  GetSubMenu

  GetParent

  GetMessagePos

  GetLastInputInfo

  GetDlgItemTextW

  GetDlgItem

  GetDesktopWindow

  LoadIconA

  GetDialogBaseUnits

  GetAsyncKeyState

  GetCursorPos

  GetClipboardData

  GetAltTabInfoA

  GetClientRect

  FlashWindowEx

  gdi32

  GdiGetCharDimensions

  GdiGetPageHandle

  GdiRealizationInfo

  GetColorAdjustment

  GetDeviceCaps

  GetROP2

  GetTextCharsetInfo

  GetViewportOrgEx

  LineTo

  RestoreDC

  STROBJ_bEnumPositionsOnly

  EngFindResource

  SelectFontLocal

  SelectObject

  SetBkColor

  SetBkMode

  SetColorAdjustment

  SetPixelV

  SetRelAbs

  SetStretchBltMode

  SetTextCharacterExtra

  SetTextColor

  EngFillPath

  DeleteObject

  CreateFontIndirectW

  CreateBrushIndirect

  CreateMetaFileW

  GetEnhMetaFileW

  GetColorSpace

  AbortDoc

  AbortPath

  EndPage

  DeleteEnhMetaFile

  GetMapMode

  SetMetaRgn

  GetTextCharset

  CreateHalftonePalette

  SelectBrushLocal

  RealizePalette

  advapi32

  RegEnumValueW

  RegQueryValueExA

  RegCloseKey

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegOpenKeyExA

  RegOpenKeyA

  RegEnumKeyW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  shell32

  SHFileOperationW

  ShellExecuteA

  SHLoadNonloadedIconOverlayIdentifiers

  CommandLineToArgvW

  DragAcceptFiles

  DragFinish

  DragQueryFileA

  SHBrowseForFolderW

  SHEmptyRecycleBinW

  ShellExecuteW

  SHFreeNameMappings

  SHGetFileInfoW

  SHGetFolderPathA

  SHGetPathFromIDListA

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  ole32

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  OleUninitialize

  shlwapi

  StrStrIA

  StrRStrIA

  StrChrIA

  comctl32

  ImageList_Create

  ImageList_AddMasked

  ImageList_Destroy

  Sections

  .text

  Size: 51KB - Virtual size: 50KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 636B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ