General

Malware Config

Signatures

Files

• cleaner_fixed.exe

  .exe windows x64

  f73b888923e673a768df4bffb6e90a20

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  IsDebuggerPresent

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  RegCloseKey

  ole32

  CoTaskMemFree

  msvcp140

  ??Bid@locale@std@@QEAA_KXZ

  iphlpapi

  GetAdaptersInfo

  vcruntime140

  __current_exception

  vcruntime140_1

  __CxxFrameHandler4

  api-ms-win-crt-runtime-l1-1-0

  _seh_filter_exe

  api-ms-win-crt-heap-l1-1-0

  malloc

  api-ms-win-crt-stdio-l1-1-0

  _fseeki64

  api-ms-win-crt-filesystem-l1-1-0

  _unlock_file

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-string-l1-1-0

  toupper

  api-ms-win-crt-multibyte-l1-1-0

  _mbscmp

  api-ms-win-crt-math-l1-1-0

  ceilf

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �:�[#y:m`f�m�@e�v�o����Y2��$�6����w�������ϸ�no�(�+]��v�y���;ʬ� ����<�aq w�j{�R�o��B3��,�1f�[�!|�7D��yr��m���ד6�+f�)s���k��
  �KP�?�Tc�6%L����y���n�<������T ��.�qn:c�ۈ��#Ӄ�u�fl�pX�v���N�S���y�<��P�qI��,����j&>P�1'|¨j��6FÂl�CC_��^�l�Of�g��fK+�������s�~���,ߩ�HD���{�ZX�T{TU����S�"Xߦ��T���*�B��F����I(z(q�Z�9�4��1��;e�8GM��LԀ�Z�������� I@�P#�AaQű��i�����!���ܱr����d�� ��Y�9�Fk�C��ЊF�����c|������*-ȵZs�Q�t�9�ҩ�-�vL�*��zX���!���k����Edg��� �(D�����Pq B^�j�8��!� �s{d�����u��q�5A��&XS�ܰsl�%�����0����봻�x�AU1�����A>>�>�$��>=�\1�(�򈞣!�ޒ�%��1�4C����ޤD̉���ԑ���A���L,��+)+�;���u"��e+�]*���Z��y�����)8~��޳�,�a<���޸�K+�CdD��s4R�"�q=r�A%�%^�����씥̨@\��yZ:�\��v.�B�̩���H\�9�ȭ���‘;|*�������0dN�e�7pM�D�Z<=~��ZL�/����3&���ٷ{K�ywq��݇��c3�f����(Ս��Tbn�B-���FȆ�P����!���|�il�� ��*��I��_���X���!�9c(K%N�� !���{�ˇ>� %�t�qj���4��5 a��q�Tc�+(c'�������Ew�4fx��y2D�^bG3�J��!jV��쪌�!wo. T���<�Xշ��O��I��В�
  a��(�:���u��hq'mx�N�8�j�����ws*�>ؐ;H��|x��m�k ���׬f��C�ME;+z�. �a<�B�oX�cE`�U��2�r,�Ng��=nf@�~�\λ��L~���5)���0X����ﶗ�y@8�W6��Ą��k�Qפ�]E�8=���q$���C�uΟ(-���:�����ѹ�4���R0���
  �3���`Ѥ�#@7�D+cFR��)~~R"�\��B+e���`f� (.��Y!$Τ����Gd��I��`1�tҸس�C;Ƕ�\ޘ�[q��h�U�/9��l��p��fR���)T8N��O��v����xLJ]7e�Yn��2�'����r���&k}ȹ��x��)���b�5~p]����9>�GY�S�ߑØ�I#�f����!=�����+�E��~��IN��/*��H��6������`;�����];�s&3�î{2���`�=.���,�z>M��؞����\��CxOp��<�t(,�tp2&C<iI/r�{\��ߨf�Þ����e2�  vXZDG���!�I7Ñ55�ؘ�땐7=��k�:bj��Q�d�7���X�ߑQ*����-�Z���P��� ����ko;�'����$�t%.�n�m�;Aj����w�g�Kp㎵ئO�Qh$�r��ފ.�w������DC�s��-2wz�%��cBD���Dm�4��eN<�����[c!�^"������G��z��Q�2.���[[5^�G*���/3)~ҧb�ܙ����@�6�|Ϳ�ez��f*p���5�m���Wi�*�
  GܮυC��a�zԸ�6�;�T�BV�����iih��d^�<����kfx�g��C>�)4�����" �^8<���`�]�-Ƭ���/��y���=���l62i�L��A��{u��nG�,���_2�)ƒ�<�{"�]�Μ3��y�6�A�*�1�w�+|��ʊv�5�KT�0B&�D����
  �$��P�mFay�����z�b|թ��4�Q87����$�s�p���%��R�l�w$�PD9 /{}��%�٠�d����>��;���� ��-�+{ü�7s."L�4|�>�e�N5�A\#�Lپ����|�K+?�H���%�b��z=^ذr?���Lm�a�%ʷ*�8�z'���coքb��y8�Xs���#7�˓��7��,�]���41~YV��C����S~�����A :^��QP�~2Q tv�S�/�5��D:�w��:�3p���uq��R�!�,n������A��Rf!c�ϧ^i3n'\�wG�3W&���z��b٘���;�*���PH �E��Jf �M�3m�rEm yY�]�Dŝ�� �+��k,C�'/�'2o<��،�Ɔ刻y��ZRm?).v��*Fg��������4�m��������+4zghE'�L.i&6��������YP0s���c� ��6t-�R���I���_�w���|�>k�� ���i.��46�(<�b�[��g�`f�$�,�
  #D��ꋔ�q�T���`�v�K�Y��_�pC�f��1���:磟axzY���j2b�'k�������A�,~�Q��l���5a }-�\�Z'rK�G�]��y6Q��wW��m�5�_��u=!OT�w���i��EL��I7\G�(-�К�� \����c��:Rv�I^m3����kwg��pV0�^d�L8��J�H�F)�D��$,Ơ'�ְ2�k,��J@6�BrV}�H�8&��)��"���{eG�7��O��G�2�i�rI*�I)R�M;�NI?��먋vȫ��ە5�}`���W��}��sRD@����є�� Ө@Z@&[���ӕ�� ~p�8��7��c�̾a��ZZ�/_uD�8&�qY ��D�4S8>��!�д�Q������B_&�t>�#\�����*/���ft��U��C^:K_U�2A/3�#D�<W�������Po|!hwY�GVE��nW�� ���P�A����JdǚB]��d)=�q��(��Wqѩ��*�����̾�ӡ��@��z��Cd��3�p¬�{�O�w��

  Sections

  .text

  Size: - Virtual size: 178KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 964KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.1MB - Virtual size: 6.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 192B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 476B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ