General

Malware Config

Signatures

Files

• 53d6ddd82fc6faa5549fb887bbcad87759d93ee27c12a3cac74637d6e881dc08

  .exe windows x86

  68b5e41a24d5a26c1c2196733789c238

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mpr

  WNetCancelConnection2W

  WNetOpenEnumW

  WNetEnumResourceW

  WNetCloseEnum

  WNetAddConnection2W

  ole32

  CoCreateInstance

  CoSetProxyBlanket

  CoInitializeEx

  CoInitializeSecurity

  activeds

  ord9

  user32

  wsprintfW

  advapi32

  LookupAccountSidW

  GetTokenInformation

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  OpenProcessToken

  GetUserNameW

  QueryServiceStatusEx

  OpenServiceA

  OpenSCManagerW

  OpenSCManagerA

  EnumServicesStatusA

  StartServiceW

  CryptDestroyKey

  DeleteService

  CreateServiceW

  CryptAcquireContextW

  CryptReleaseContext

  CloseServiceHandle

  CryptImportKey

  CryptEncrypt

  ControlService

  ntdll

  RtlGetNativeSystemInformation

  RtlGetVersion

  ZwQuerySystemInformation

  shell32

  ord680

  CommandLineToArgvW

  kernel32

  GetComputerNameA

  TerminateProcess

  OpenProcess

  lstrcmpiA

  GetModuleFileNameW

  GetTempPathW

  CreateProcessW

  GetSystemInfo

  GlobalMemoryStatus

  GetComputerNameW

  DeleteFileW

  CopyFileW

  GetStdHandle

  InitializeCriticalSection

  ReleaseSemaphore

  lstrlenA

  SetConsoleCursorPosition

  GetConsoleScreenBufferInfo

  WriteConsoleW

  AllocConsole

  DeleteCriticalSection

  LeaveCriticalSection

  HeapAlloc

  GetProcessHeap

  lstrcpyW

  lstrcatW

  lstrlenW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetVolumeInformationW

  GetLastError

  HeapFree

  CreateFileW

  WriteFile

  CloseHandle

  SetLastError

  HeapReAlloc

  GetCurrentProcessId

  WideCharToMultiByte

  Sleep

  GetTickCount

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetCurrentProcess

  SetEvent

  TlsAlloc

  WaitForSingleObject

  CreateEventA

  CreateThread

  GetTickCount64

  CreateSemaphoreA

  SetFileAttributesW

  DeviceIoControl

  lstrcmpiW

  ResetEvent

  TerminateThread

  GetFileSizeEx

  ReadFile

  SetEndOfFile

  SetFileInformationByHandle

  SetFilePointerEx

  TlsGetValue

  TlsSetValue

  GetDriveTypeW

  GetCommandLineW

  ExitProcess

  SetErrorMode

  EnterCriticalSection

  shlwapi

  StrCmpNIW

  StrStrIW

  StrStrIA

  SHRegSetUSValueW

  StrCmpIW

  StrChrW

  netapi32

  NetGetDCName

  NetGetJoinInformation

  NetShareEnum

  NetApiBufferFree

  oleaut32

  SysFreeString

  SysAllocString

  msvcrt

  memset

  feof

  fgetws

  _wfopen

  _vsnwprintf

  fclose

  _getch

  Sections

  .text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .c

  Size: 19KB - Virtual size: 18KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .r

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .d

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ