General

Malware Config

Signatures

Files

• 85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

  .exe windows x64

  58373ffd0758633945b3da12825958c0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  oleaut32

  SysAllocString

  SysFreeString

  mpr

  WNetCancelConnection2W

  WNetCloseEnum

  WNetOpenEnumW

  WNetEnumResourceW

  WNetAddConnection2W

  msvcrt

  _wfopen

  _vsnwprintf

  memset

  fgetws

  feof

  fclose

  _getch

  shlwapi

  StrChrW

  StrStrIW

  StrCmpNIW

  StrCmpIW

  StrStrIA

  SHRegSetUSValueW

  advapi32

  LookupAccountSidW

  GetTokenInformation

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  OpenProcessToken

  StartServiceW

  QueryServiceStatusEx

  GetUserNameW

  OpenServiceA

  OpenSCManagerW

  OpenSCManagerA

  EnumServicesStatusA

  DeleteService

  CreateServiceW

  ControlService

  CloseServiceHandle

  CryptEncrypt

  CryptImportKey

  CryptDestroyKey

  CryptReleaseContext

  CryptAcquireContextW

  netapi32

  NetGetJoinInformation

  NetShareEnum

  NetApiBufferFree

  NetGetDCName

  kernel32

  CopyFileW

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  lstrcpyA

  AllocConsole

  WriteConsoleW

  GetConsoleScreenBufferInfo

  SetConsoleCursorPosition

  SetFileAttributesW

  DeviceIoControl

  lstrcmpiW

  OpenProcess

  lstrcmpiA

  GetModuleFileNameW

  GetTempPathW

  CreateProcessW

  GetSystemInfo

  GlobalMemoryStatus

  GetComputerNameW

  GetStdHandle

  GetCurrentProcessId

  TerminateProcess

  GetComputerNameA

  lstrlenA

  TlsAlloc

  SetErrorMode

  ExitProcess

  GetCommandLineW

  RtlVirtualUnwind

  HeapAlloc

  GetProcessHeap

  lstrcpyW

  lstrcatW

  lstrlenW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetVolumeInformationW

  GetLastError

  HeapFree

  CreateFileW

  WriteFile

  CloseHandle

  SetLastError

  HeapReAlloc

  GetDriveTypeW

  WideCharToMultiByte

  Sleep

  GetTickCount

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetCurrentProcess

  SetEvent

  ReleaseSemaphore

  WaitForSingleObject

  CreateEventA

  CreateThread

  GetTickCount64

  CreateSemaphoreA

  ResetEvent

  TerminateThread

  GetFileSizeEx

  ReadFile

  SetEndOfFile

  SetFileInformationByHandle

  SetFilePointerEx

  TlsGetValue

  TlsSetValue

  DeleteFileW

  activeds

  ord9

  user32

  wsprintfW

  ole32

  CoCreateInstance

  CoInitializeSecurity

  CoSetProxyBlanket

  CoInitializeEx

  ntdll

  RtlGetVersion

  ZwQuerySystemInformation

  RtlGetNativeSystemInformation

  shell32

  CommandLineToArgvW

  ord680

  Sections

  .text

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .c

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .r

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .d

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE