General

Malware Config

Signatures

Files

• 319157bf510e966d20d5129f1966ece7cb18c2d3d781a31a95f0af3be5926749

  .exe windows x64

  dfa36f990ec4fe5742df035f8aef91d7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  secur32

  LsaFreeReturnBuffer

  LsaGetLogonSessionData

  LsaEnumerateLogonSessions

  kernel32

  GetCurrentProcess

  DuplicateHandle

  GetModuleHandleA

  GetCurrentThread

  GetStdHandle

  GetConsoleMode

  WaitForSingleObject

  WriteConsoleW

  SetLastError

  WaitForSingleObjectEx

  LoadLibraryA

  CreateMutexA

  ReleaseMutex

  GetEnvironmentVariableW

  RtlLookupFunctionEntry

  FormatMessageW

  GetTempPathW

  CreateFileW

  SetFilePointerEx

  GetFullPathNameW

  GetFinalPathNameByHandleW

  FindNextFileW

  FindFirstFileW

  FindClose

  SetHandleInformation

  CreateThread

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetSystemTimeAsFileTime

  GetCurrentDirectoryW

  RtlCaptureContext

  AcquireSRWLockShared

  ReleaseSRWLockShared

  SetFileInformationByHandle

  CopyFileExW

  GetDriveTypeW

  GetVolumeInformationW

  GetDiskFreeSpaceExW

  DeviceIoControl

  OpenProcess

  ReadProcessMemory

  GetProcessTimes

  GetSystemTimes

  GetProcessIoCounters

  LocalFree

  VirtualQueryEx

  GlobalMemoryStatusEx

  PostQueuedCompletionStatus

  GetTickCount

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetSystemDirectoryA

  WakeConditionVariable

  MultiByteToWideChar

  WideCharToMultiByte

  MoveFileExA

  GetEnvironmentVariableA

  SleepEx

  VerSetConditionMask

  VerifyVersionInfoW

  CreateFileA

  GetFileSizeEx

  ReadFile

  RtlVirtualUnwind

  FlushFileBuffers

  MapViewOfFile

  CreateFileMappingW

  FormatMessageA

  GetSystemTime

  SystemTimeToFileTime

  GetCurrentProcessId

  GetFileSize

  LockFileEx

  UnlockFile

  HeapDestroy

  HeapCompact

  LoadLibraryW

  DeleteFileW

  DeleteFileA

  FlushViewOfFile

  OutputDebugStringW

  GetFileAttributesExW

  GetFileAttributesA

  GetDiskFreeSpaceA

  GetTempPathA

  HeapSize

  HeapValidate

  UnmapViewOfFile

  GetFileAttributesW

  CreateMutexW

  UnlockFileEx

  SetEndOfFile

  GetFullPathNameA

  SetFilePointer

  LockFile

  OutputDebugStringA

  GetDiskFreeSpaceW

  WriteFile

  HeapCreate

  AreFileApisANSI

  InitializeCriticalSection

  TryEnterCriticalSection

  GetCurrentThreadId

  TerminateProcess

  GetSystemInfo

  SetFileCompletionNotificationModes

  CreateIoCompletionPort

  GetQueuedCompletionStatusEx

  TryAcquireSRWLockExclusive

  SleepConditionVariableSRW

  SwitchToThread

  GetModuleHandleW

  ReleaseSRWLockExclusive

  CreateDirectoryW

  HeapReAlloc

  HeapFree

  GetProcessHeap

  HeapAlloc

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetFileInformationByHandle

  SetThreadStackGuarantee

  AddVectoredExceptionHandler

  GetFileInformationByHandleEx

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  GetComputerNameExW

  GetLogicalDrives

  GetTickCount64

  GetUserPreferredUILanguages

  WakeAllConditionVariable

  GetLastError

  AcquireSRWLockExclusive

  CloseHandle

  IsProcessorFeaturePresent

  InitializeSListHead

  IsDebuggerPresent

  Sleep

  advapi32

  RegOpenKeyExW

  SystemFunction036

  OpenProcessToken

  GetTokenInformation

  LookupAccountSidW

  GetUserNameW

  CryptAcquireContextA

  CryptReleaseContext

  CryptGetHashParam

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  RegQueryValueExW

  ws2_32

  getpeername

  getsockopt

  WSACleanup

  WSAStartup

  freeaddrinfo

  getaddrinfo

  setsockopt

  WSASocketW

  bind

  connect

  WSAGetLastError

  recvfrom

  closesocket

  WSACreateEvent

  WSAEnumNetworkEvents

  WSAEventSelect

  WSAResetEvent

  ioctlsocket

  WSAIoctl

  WSACloseEvent

  WSARecv

  WSAWaitForMultipleEvents

  ntohs

  WSASetLastError

  htons

  socket

  __WSAFDIsSet

  accept

  htonl

  listen

  select

  shutdown

  recv

  send

  getsockname

  WSASend

  crypt32

  CertGetNameStringA

  CertGetCertificateChain

  CertFreeCertificateChain

  CertCreateCertificateChainEngine

  CryptQueryObject

  CertFindExtension

  CertAddCertificateContextToStore

  CryptDecodeObjectEx

  PFXImportCertStore

  CryptStringToBinaryA

  CertCloseStore

  CertFreeCertificateContext

  CertDuplicateCertificateContext

  CertGetEnhancedKeyUsage

  CertEnumCertificatesInStore

  CertOpenStore

  CertFreeCertificateChainEngine

  CertFindCertificateInStore

  CryptUnprotectData

  oleaut32

  SysFreeString

  VariantClear

  SysAllocString

  SafeArrayAccessData

  SysAllocStringLen

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayUnaccessData

  pdh

  PdhAddEnglishCounterW

  PdhOpenQueryA

  PdhRemoveCounter

  PdhGetFormattedCounterValue

  PdhCloseQuery

  PdhCollectQueryData

  iphlpapi

  GetIfTable2

  GetIfEntry2

  FreeMibTable

  netapi32

  NetApiBufferFree

  NetUserGetLocalGroups

  NetUserEnum

  user32

  GetMonitorInfoW

  EnumDisplaySettingsExW

  EnumDisplayMonitors

  gdi32

  StretchBlt

  GetObjectW

  DeleteObject

  DeleteDC

  CreateDCW

  GetDIBits

  CreateCompatibleDC

  GetDeviceCaps

  CreateCompatibleBitmap

  SelectObject

  SetStretchBltMode

  shell32

  CommandLineToArgvW

  SHGetKnownFolderPath

  ole32

  CoUninitialize

  CoTaskMemFree

  CoInitializeEx

  CoInitializeSecurity

  CoSetProxyBlanket

  CoCreateInstance

  bcrypt

  BCryptOpenAlgorithmProvider

  BCryptCloseAlgorithmProvider

  BCryptGenRandom

  ntdll

  NtCancelIoFileEx

  NtDeviceIoControlFile

  RtlGetVersion

  NtCreateFile

  RtlNtStatusToDosError

  NtQueryInformationProcess

  NtQuerySystemInformation

  powrprof

  CallNtPowerInformation

  psapi

  GetPerformanceInfo

  GetModuleFileNameExW

  EnumProcessModulesEx

  vcruntime140

  memchr

  strstr

  strchr

  memcmp

  memmove

  __CxxFrameHandler3

  memset

  memcpy

  __current_exception

  __current_exception_context

  __C_specific_handler

  strrchr

  api-ms-win-crt-string-l1-1-0

  strncpy

  wcslen

  strcspn

  strlen

  strspn

  _strdup

  strcpy

  strcmp

  strpbrk

  strncmp

  api-ms-win-crt-heap-l1-1-0

  free

  calloc

  malloc

  _msize

  realloc

  _set_new_mode

  api-ms-win-crt-runtime-l1-1-0

  _cexit

  __p___argv

  __p___argc

  __sys_errlist

  _exit

  exit

  _initterm_e

  _initterm

  _register_thread_local_exe_atexit_callback

  _initialize_narrow_environment

  _configure_narrow_argv

  _set_app_type

  _seh_filter_exe

  _endthreadex

  __sys_nerr

  _initialize_onexit_table

  _wassert

  terminate

  abort

  _errno

  _c_exit

  _crt_atexit

  _beginthreadex

  _register_onexit_function

  _get_initial_narrow_environment

  api-ms-win-crt-convert-l1-1-0

  atoi

  strtol

  strtoll

  strtoul

  wcstombs

  api-ms-win-crt-stdio-l1-1-0

  _open

  _close

  fopen

  feof

  __stdio_common_vsprintf

  _lseeki64

  fgets

  fflush

  _read

  ftell

  _set_fmode

  __p__commode

  _write

  fread

  fseek

  __stdio_common_vsscanf

  __acrt_iob_func

  fwrite

  fputs

  fclose

  fputc

  api-ms-win-crt-utility-l1-1-0

  qsort

  _rotl64

  api-ms-win-crt-time-l1-1-0

  _time64

  strftime

  _localtime64_s

  _gmtime64

  api-ms-win-crt-filesystem-l1-1-0

  _access

  _stat64

  _unlink

  _fstat64

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  log

  _dclass

  _fdopen

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 3.8MB - Virtual size: 3.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 28KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 113KB - Virtual size: 112KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 44KB - Virtual size: 43KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ