General

Malware Config

Signatures

Files

• 55905254cf265513d01de6eaea080bb4.bin

  .zip

  Password: infected

• 4b9d2b24706d5462680423b09280e88e8b3902a4a15431081dbf94d9a25eb9c8.exe

  .exe windows x86

  Password: infected

  1da9bd2a660139c2d8ce0baa10e11ec5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  DeleteFileW

  SetEndOfFile

  CloseHandle

  CreateThread

  GetModuleHandleW

  GetProcAddress

  LoadLibraryA

  CopyFileW

  MoveFileW

  GetStdHandle

  CreateFileW

  WriteFile

  OutputDebugStringW

  LeaveCriticalSection

  QueryPerformanceFrequency

  HeapAlloc

  HeapFree

  GetProcessHeap

  InitializeCriticalSection

  DeleteCriticalSection

  ExitProcess

  GetCurrentThread

  SetThreadAffinityMask

  lstrlenW

  GetConsoleScreenBufferInfo

  SetConsoleTextAttribute

  WriteConsoleW

  QueryPerformanceCounter

  EnterCriticalSection

  IsProcessorFeaturePresent

  user32

  DialogBoxParamW

  EndDialog

  GetDlgItem

  SetDlgItemInt

  SetDlgItemTextW

  CheckDlgButton

  IsDlgButtonChecked

  EnableWindow

  SetWindowTextW

  wsprintfW

  MessageBoxW

  SendMessageW

  gdi32

  CreateFontW

  Sections

  .text

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .hjl

  Size: 50KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ