General

Malware Config

Signatures

Files

• ba3e9e13da5c3cd90bd729eabbd98c5e.bin

  .zip

  Password: infected

• 4cbae49ea38538510e34c36627d4476c83334777bc514fa3e3b50cc2f75d87cd.zip

  .zip

  Password: infected

• BIHBXRSIVW.rCJ

  .dll windows x86

  Password: infected

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Exports

  Exports

  KDAGYL0X2DYMK3FUX84VW

  TMethodImplementationIntercept

  __dbk_fcall_wrapper

  dbkFCallWrapperAddr

  Sections

  Size: 3.4MB - Virtual size: 10.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 11KB - Virtual size: 23KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 116KB - Virtual size: 202KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 46KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 1KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 1KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 512B - Virtual size: 191B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 69B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 455KB - Virtual size: 828KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 307KB - Virtual size: 307KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .edata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 1KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .themida

  Size: - Virtual size: 15.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 10.3MB - Virtual size: 10.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

• YPRII8GSNC37Q6VEFsss

  .exe windows x86

  Password: infected

  843075fba28109153465b53d9d36a319

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSACleanup

  recv

  socket

  getservbyname

  WSASetLastError

  WSAAsyncSelect

  closesocket

  gethostbyaddr

  gethostbyname

  send

  getservbyport

  gethostname

  inet_ntoa

  connect

  inet_addr

  WSAStartup

  ioctlsocket

  htonl

  WSAGetLastError

  htons

  ntohs

  shutdown

  winmm

  waveOutGetVolume

  mixerGetLineInfoW

  mixerSetControlDetails

  mixerGetControlDetailsW

  mixerGetLineControlsW

  mixerGetDevCapsW

  waveOutSetVolume

  mixerClose

  mixerOpen

  mciSendStringW

  joyGetDevCapsW

  joyGetPosEx

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  comctl32

  ImageList_GetIconSize

  ImageList_Create

  ImageList_Destroy

  ImageList_AddMasked

  ImageList_ReplaceIcon

  CreateStatusWindowW

  InitCommonControlsEx

  psapi

  GetModuleBaseNameW

  GetModuleFileNameExW

  wininet

  InternetReadFile

  InternetOpenUrlW

  InternetCloseHandle

  InternetReadFileExA

  InternetOpenW

  kernel32

  GlobalFree

  GlobalUnlock

  GetEnvironmentVariableW

  FreeLibrary

  WideCharToMultiByte

  GetSystemDirectoryA

  GetProcAddress

  LoadLibraryA

  GetCurrentThreadId

  lstrcmpiW

  GetStringTypeExW

  CreateThread

  SetThreadPriority

  GetExitCodeThread

  CloseHandle

  CreateMutexW

  GetLastError

  LoadLibraryW

  GetModuleHandleW

  GetVersionExW

  DeleteCriticalSection

  GetModuleFileNameW

  GetFileAttributesW

  GetFullPathNameW

  GetSystemTimeAsFileTime

  LoadResource

  LockResource

  SizeofResource

  GetShortPathNameW

  FindFirstFileW

  FindNextFileW

  FindClose

  FileTimeToLocalFileTime

  SetEnvironmentVariableW

  Beep

  MoveFileW

  OutputDebugStringW

  CreateProcessW

  MultiByteToWideChar

  GetExitCodeProcess

  WriteProcessMemory

  ReadProcessMemory

  GetCurrentProcessId

  OpenProcess

  TerminateProcess

  SetPriorityClass

  GlobalAlloc

  GetLocalTime

  GetDateFormatW

  GetTimeFormatW

  GetDiskFreeSpaceExW

  SetVolumeLabelW

  CreateFileW

  DeviceIoControl

  GetDriveTypeW

  GetVolumeInformationW

  GetDiskFreeSpaceW

  GetCurrentDirectoryW

  CreateDirectoryW

  ReadFile

  WriteFile

  DeleteFileW

  CopyFileW

  SetFileAttributesW

  LocalFileTimeToFileTime

  SetFileTime

  GetFileSizeEx

  GetSystemTime

  GetSystemDefaultUILanguage

  GetComputerNameW

  GetSystemWindowsDirectoryW

  GetTempPathW

  EnterCriticalSection

  LeaveCriticalSection

  VirtualProtect

  QueryDosDeviceW

  CompareStringW

  RemoveDirectoryW

  GetCurrentProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  FormatMessageW

  GetPrivateProfileStringW

  GetPrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  WritePrivateProfileStringW

  WritePrivateProfileSectionW

  SetEndOfFile

  GetACP

  GetFileType

  GetStdHandle

  SetFilePointerEx

  SystemTimeToFileTime

  FileTimeToSystemTime

  GetFileSize

  VirtualAllocEx

  VirtualFreeEx

  EnumResourceNamesW

  LoadLibraryExW

  GlobalSize

  GlobalLock

  FindResourceW

  SetErrorMode

  InitializeCriticalSection

  GetCPInfo

  SetCurrentDirectoryW

  Sleep

  GetTickCount

  MulDiv

  ExitProcess

  HeapSize

  HeapQueryInformation

  GetCommandLineW

  HeapSetInformation

  GetStartupInfoW

  InterlockedIncrement

  InterlockedDecrement

  HeapAlloc

  HeapFree

  HeapReAlloc

  GetOEMCP

  IsValidCodePage

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetStringTypeW

  HeapCreate

  InitializeCriticalSectionAndSpinCount

  RaiseException

  SetHandleCount

  IsProcessorFeaturePresent

  LCMapStringW

  RtlUnwind

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  FlushFileBuffers

  SetFilePointer

  WriteConsoleW

  SetStdHandle

  GetProcessHeap

  SetLastError

  VirtualQuery

  user32

  SetFocus

  SetWindowRgn

  SetWindowPos

  SetLayeredWindowAttributes

  InvalidateRect

  EnableWindow

  GetWindowTextLengthW

  EnumWindows

  IsZoomed

  IsIconic

  EnumDisplayMonitors

  RegisterWindowMessageW

  GetSysColor

  GetSysColorBrush

  DrawIconEx

  FillRect

  DefWindowProcW

  SetForegroundWindow

  DialogBoxParamW

  SendDlgItemMessageW

  GetDlgItem

  SetDlgItemTextW

  MessageBeep

  GetCursorInfo

  GetLastInputInfo

  GetSystemMenu

  GetMenuItemCount

  GetMenuItemID

  GetSubMenu

  GetMenuStringW

  ExitWindowsEx

  SetMenu

  FlashWindow

  GetPropW

  SetPropW

  RemovePropW

  MapWindowPoints

  RedrawWindow

  SetParent

  GetClassInfoExW

  DefDlgProcW

  GetAncestor

  UpdateWindow

  GetMessagePos

  GetClassLongW

  CallWindowProcW

  CheckRadioButton

  IntersectRect

  GetUpdateRect

  PtInRect

  CreateDialogIndirectParamW

  CreateAcceleratorTableW

  DestroyAcceleratorTable

  InsertMenuItemW

  SetMenuDefaultItem

  RemoveMenu

  SetMenuItemInfoW

  IsMenu

  GetMenuItemInfoW

  CreateMenu

  CreatePopupMenu

  SetMenuInfo

  AppendMenuW

  DestroyMenu

  TrackPopupMenuEx

  CopyImage

  SetActiveWindow

  CreateIconFromResourceEx

  EnumClipboardFormats

  GetWindow

  BringWindowToTop

  GetTopWindow

  GetQueueStatus

  LoadImageW

  ChangeClipboardChain

  IsWindowVisible

  LoadAcceleratorsW

  EnableMenuItem

  GetMenu

  CreateWindowExW

  RegisterClassExW

  LoadCursorW

  DestroyIcon

  DestroyWindow

  IsCharAlphaW

  MapVirtualKeyW

  VkKeyScanExW

  MapVirtualKeyExW

  GetKeyboardLayoutNameW

  ActivateKeyboardLayout

  GetGUIThreadInfo

  GetWindowTextW

  mouse_event

  WindowFromPoint

  GetSystemMetrics

  keybd_event

  SetKeyboardState

  GetKeyboardState

  GetCursorPos

  GetAsyncKeyState

  AttachThreadInput

  SendInput

  UnregisterHotKey

  PostQuitMessage

  SendMessageTimeoutW

  UnhookWindowsHookEx

  SetWindowsHookExW

  PostThreadMessageW

  IsCharAlphaNumericW

  IsCharUpperW

  IsCharLowerW

  ToUnicodeEx

  GetKeyboardLayout

  CallNextHookEx

  CharLowerW

  ReleaseDC

  GetDC

  MessageBoxW

  OpenClipboard

  GetClipboardData

  GetClipboardFormatNameW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  PostMessageW

  FindWindowW

  EndDialog

  IsWindow

  DispatchMessageW

  TranslateMessage

  ShowWindow

  CountClipboardFormats

  ClientToScreen

  EnumChildWindows

  MoveWindow

  GetWindowRect

  GetMonitorInfoW

  MonitorFromPoint

  GetClientRect

  SystemParametersInfoW

  AdjustWindowRectEx

  DrawTextW

  SetRect

  GetIconInfo

  CreateIconIndirect

  SetWindowTextW

  SetWindowLongW

  ScreenToClient

  IsDialogMessageW

  SendMessageW

  IsWindowEnabled

  GetWindowLongW

  GetKeyState

  TranslateAcceleratorW

  KillTimer

  PeekMessageW

  GetFocus

  GetClassNameW

  GetWindowThreadProcessId

  GetForegroundWindow

  GetMessageW

  SetTimer

  GetParent

  GetDlgCtrlID

  CharUpperW

  IsClipboardFormatAvailable

  BlockInput

  SetClipboardViewer

  CheckMenuItem

  RegisterHotKey

  gdi32

  GdiFlush

  CreateDIBSection

  EnumFontFamiliesExW

  SetBrushOrgEx

  SetBkColor

  GetPixel

  BitBlt

  CreatePatternBrush

  SetBkMode

  GetCharABCWidthsW

  GetClipBox

  FillRgn

  GetClipRgn

  ExcludeClipRect

  GetDeviceCaps

  DeleteObject

  CreateFontW

  CreateSolidBrush

  CreateCompatibleBitmap

  GetSystemPaletteEntries

  GetDIBits

  CreateCompatibleDC

  CreatePolygonRgn

  CreateRectRgn

  CreateRoundRectRgn

  CreateEllipticRgn

  DeleteDC

  GetObjectW

  GetTextMetricsW

  GetTextFaceW

  SelectObject

  GetStockObject

  CreateDCW

  SetTextColor

  comdlg32

  CommDlgExtendedError

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  GetUserNameW

  LockServiceDatabase

  OpenSCManagerW

  RegEnumKeyExW

  RegEnumValueW

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  RegSetValueExW

  RegCreateKeyExW

  RegQueryValueExW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  CloseServiceHandle

  RegConnectRegistryW

  UnlockServiceDatabase

  shell32

  DragQueryPoint

  SHEmptyRecycleBinW

  SHFileOperationW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetDesktopFolder

  SHGetMalloc

  SHGetFolderPathW

  ShellExecuteExW

  Shell_NotifyIconW

  DragFinish

  DragQueryFileW

  ExtractIconW

  ole32

  OleInitialize

  OleUninitialize

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CLSIDFromString

  CLSIDFromProgID

  CoGetObject

  StringFromGUID2

  CreateStreamOnHGlobal

  oleaut32

  OleLoadPicture

  SafeArrayUnaccessData

  SafeArrayGetElemsize

  SafeArrayAccessData

  SafeArrayUnlock

  SafeArrayPtrOfIndex

  SafeArrayLock

  SafeArrayDestroy

  GetActiveObject

  SysStringLen

  SysFreeString

  SafeArrayCreate

  VariantClear

  VariantChangeType

  SysAllocString

  SafeArrayCopy

  VariantCopyInd

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetDim

  Sections

  .text

  Size: 685KB - Virtual size: 684KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 152KB - Virtual size: 151KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 38KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• ZV2Z6ODFD5WTXMBPQPN6QGO2Cuuu