General

Malware Config

Signatures

Files

• fdf89cef00011f087f541cf26851ffcf.bin

  .zip

  Password: infected

• 338447d40e099471b745ab89c003011a8e3443fd687845a199b76ed67f462516.exe

  .exe windows x86

  Password: infected

  11ea24073ee65343ee563e3160c77fde

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrlenA

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  ExitProcess

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  DestroyWindow

  CharUpperBuffW

  gdi32

  GetObjectW

  ole32

  CoDecodeProxy

  Exports

  Exports

  I��g>�p3W�$�z�"���)��FYst]�1�@o��tnk��=Ď����)N^o���[��v�Ȯ*6>���4Gޜ6�5�XB��]���X� ��\X���>-�,"ޫ[�-`�����L��8��m�7!�Ɛ�dH��e��zp�C{��:�e8o�ࢡE��]ڗ� $��s`�g�塞G#������>���*[��6�סͅb��d�����C�m�2�t�� ��g^�&���0/�muBm�����9����.e7�2xRf���C[��&��,���E�avx
  ����n=ySְq�����`6���;�5���R�H{-}�\y.�9�ò��\*�o'(A&���Q� 1� `��%ApDt���HB�ۅ#SD>��gO�ԟ*�:I�T@��N"�f�SExV��<�+�fYZ�A$�[E������t7�<t<I\�8^��a���N�������jQե��s����J���LH>89nf6XMs��q�c�"Z�0p����e�h"Z���۴�< �|�_" ��im�-i`PKi�%]��By *�������N�<"��>Ő���g'���{qfj��>��f�n��b�ӏ<���C{��s:�C��&q9����w:�UŠ;+#}��Y��3j�:��gan#Ts�A<��+�]���{'�-L�n3�B�}?�M3ե0�N�x�h�ЩQ��#�8x��<�� mǥ���8��*�鲷��`�N�{a��$��΁����@>�5�z�Zo'/�����<p�����فL���+-�0�sya��I��JH̜Os�~{��+ �`�ռ��O��_V ��Ӡ�w��^��;�����`���{�?��]�D4��i?��9cbñe��u�v����@�� ��p�=fxS
  Ni *E=צ��wp�3��X��������G��"
  �_{�$������D�MQ�r �\6����Ǭ�5|R1��Efq��N��T4�Sk�(����!� ��k���S� r��d?��!�Ɩ�)�;Re��.2�07�;��>񑚹 �Y�8xw��&�銂�)�.�̑>/��/0D�`��V:)���):���\*_{�)���];I�� @�~c~�;]�2C诸��X~�D���-�b��Ut�kd����#4A�\�G���JKJ�[N�l��O��A u�a5�<,9A���{˞"���=�}��N����0d�k��[?����E���
  �P(��b��դ`���^V�H��\]ɪW�=-�Ыy�d�P0�ȵ�B]]->l��I��gfH���� ����T<dnu�z����C&3�ji_�:z�`�$��1@2T>^
  0�Q.��߱��d&�2����l�1�� �g�MNǕ��FZ:�Ѧp�|B-� �g�{�%n��R����t��S7SlQ�(�EN��(b�%�F���B����>>+��]�?�!��v�1�\�Й��<��XS�
  ��{�k7���x��B�)F-F���V?���B�l�dy۪�y�.�� �~F�<�\U� ������o/���~�Bb�r�,�hM*ed�kd+by��7:�ţS}�7��qwT§rS�m�ŏ���G�J���;<� ��&�[�����5 a�*ZE3%niG�ⴧ5!�#�t���/Gmatӂ~{��h�v��Lo|�-�m�z��'u��S�6h����#�i,��Y��r�􌹤��6��չݛB�x�UQq@�X�I�6�G��:���M�c��G�"����T���#�����@Tӣ�`��KFN�p>+g���c/_�����!�R����BLWvWC�n=�-��?��W ���:�:���Î��j�#��2k�q{J�w���an����f��
  ���b>�t�����}���<�n���xRL$n���� ��A�2�ƥ�̏G{��^ĺ!8xC"���5�?�|��p�;�v.���s��$n���!/w�<�*�jD��#T3����q��T�Ze��XaYF ����7R�\�z�pN:u�� V礟]Sw�Z�@V ������@��pC��5�y�?�����X,қ����&�!��|�<ML�]o]��qE >GH��@o�G��b�8��|��V��f�̪P�T�I���qQ�d�������š�~� �ѯ����t��5���H|�-D�9�ݚW��K^���N�r�7s�?fTö0�К�(��M x���H�����ƈJVȼ�(#���_�d�3���3�J2WW��N
  B�:�Me\��7�v� ��W���J�B���%�ѠYN��3kܚ��� d��So��������d�0<\9�
  �ɟ2}�\p�������q@e��}��?������2�Q9�b-"!���S�1GmF��-���nڭ���ė��������[����N�3���r��^�(��q��� :������56�0�Y
  }�hq�V�S��ʲN~�PO4��|�:<i\W��r�r �T����0TM��S���M�����QD"J����#Q�.�iKH_X�
  ���*1�E�3j@�1�s�i��j�_V�n�]+y���nC����P+�K"팍3GV|�����o��|%���*���O�"~�p��'��4��rV���& f$}â�4�:S�T̷D!�����B��d�����:!�KڢQ��G��y�r.�����v{Z�b�+�mv嬾�-������C/bx�n}�������� s�Q��:!�Cl���γ��Xm�V3�#$�� �?��>-�/])�d�eN!��5~�P���V������
  :$�(���nB�R��5Hʥc'y3�w�����^���D7�?�w �����f�|�_rH�&o�ʘ�e�HQT����Y�ow�PVŷ����CpV���Z���� �qZ٤6��ٙ�d)���P�ek�p��Rc���^��0��[Y��G8���;V��s
  z� �M�������쭍>T)��SO�5��ѓUʙUC�9�)�� �,X�#�g�0~V+SDz)�4���;���;��u�+��u ����=�>������8z����#[��*0J{:<� �TY���[߷<#o�QWx�

  Sections

  .text

  Size: - Virtual size: 93KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .{&c

  Size: - Virtual size: 3.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .Qn@

  Size: 1024B - Virtual size: 896B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .H.I

  Size: 6.2MB - Virtual size: 6.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 770KB - Virtual size: 770KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ