General

Malware Config

Signatures

Files

• Spoof.exe

  .exe windows x64

  6f8741a75b95fa91c1c3a902c8cd470e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  MultiByteToWideChar

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  CryptEncrypt

  shell32

  ShellExecuteA

  msvcp140

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  normaliz

  IdnToAscii

  wldap32

  ord41

  crypt32

  CertFreeCertificateChain

  ws2_32

  getpeername

  rpcrt4

  RpcStringFreeA

  psapi

  GetModuleInformation

  userenv

  UnloadUserProfile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __std_exception_destroy

  api-ms-win-crt-runtime-l1-1-0

  _invalid_parameter_noinfo

  api-ms-win-crt-stdio-l1-1-0

  fputc

  api-ms-win-crt-heap-l1-1-0

  calloc

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-filesystem-l1-1-0

  _fstat64

  api-ms-win-crt-convert-l1-1-0

  strtoul

  api-ms-win-crt-locale-l1-1-0

  localeconv

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-string-l1-1-0

  strncpy

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �����қ��B��P��e�?K+���*���4�τL�D ����3��^Xt�$���u\�e�yC������Zإ���Z�Z�xv@���b]�/R-f:���F�Qu&vc.e��}�faE������,���^p�o�P4�z �=�>��Ʒ?�?���:�ת⁎?(���OFr�z< �m:\����Dҷ,Tk-x�['��Ư�ń3�c�N�01��P ,�T�30�;�SM��W��I�}'��XgR�Bf!�����^'�r���5^��m���iL;�7�)�8�r.6Bj�C��1��� �����b$�m�N�:*�R�`B�ƕ��A=CQ�!y39\�p���R\}�G���������Xۘs4'���X�����������}t�#-����a��>�x~q�
  ��j��A�XOꎗc��䊈x���fS��M���i D�;���zZ-5Z<Q�F2稟�*�/I��0�d—�ӟfȐ_�!3aq�d d�}M��g2Qj�� L�#l���Zc��h���$�}]J�N{����;��BPl!�(�JK�q�xJ1�r4����?���?��Il;9��A��8�{BF����o�)决x�(m'�n6`J��y`�����g0� s��
  �0Mկ\(Kp��>�8꾻�S��I��)�6:���D��_�����4m�K��tX��v-+��U1�KA�z���@�&'�0�q��>k��H��-ٮ��ˈ%���S���9Ɍ�|Ch���~���{����!�� fO珼�J)c=�N�����<���ƒ'�s��=�=�Ybˈ��b�ò�������0�3�����v??�6�5щ�����i΁��s��J�Ǵ��-�!��l�L�����]x���G��c�s�x�����i���͓ϵ�B!��]R������~-�c��/�L�z謁K -<�Y֖��h�?�M�q��_ߴ��hI4c�M��0�g}�PM[~�U.���j�9ؓ�)�#��L"s�YuLq�*r�{ � ` ��"�������E������p���F���Z�ך����4���BM|F�pZ}=O�#aF�C�����{+ ��r�I)r8�T�D6$X( ���.��z�GD�B~���Y��o�m�5;�`W�Qx�\Rn�ђzhT`2�>��v��ի�_NH :�U4O�Ĺp��}��'}�qfA2 ����(,�]b¼l���ՙ�I���d��'l� ���m26�4���t��CC#h�����A��N�ŵk6(N�6��+�Z�P���\��r51���/:�����+����X�$�H+,��]��k�w�} �Re�]��x`�!�?|u2����,'n���ubm��R7{� �8����؆<�Z,���bxtɨo�Q�:/7�+s�Y���V:=��?����z�H�~e�����}�rdY��XP[�7����������) x=/�f�kO�jd�f�
  ���41����Ł�� �"�l��&~oBd.u�L�_oa�� ��:E^ITTܮ���`���*8��33�y�� ."�lq3XJ4F5툩t�nZ���X9Bh'&=,�D�H��,�֧!Q���9�÷ξ^*:Tu}�X��'_�k(�q#�b�+$��ʔ�G�*q���v��/��i��؊�odj<�4��G�t�yf����u�������b��`N������z�yE��y=�K9"��P��`%_��7?����8��V1����N����sF�u���'�~� �j��
  ���|����Z3N�����ƸA���a� \\jַ��`�{Ξ;"�|F���i9<=$�x�z��/7#�j٬�4��&ϐ���=���/�3+=nu\���k-�F�
  $��E���Z�|縴E�S���G�5�E�/}�orZ� ى���R�CN6y�@�8w��2ӎ�֚����h+*zF�����"��g������\���f�e�:� rRoϝ[��?�o{��xI{D#��ٟ�[P��G��+�K]�r�h��o�>�ۘy&�$B�詔L���k�S��g�ȝ]�5'��ws��ۂ1ʱ@u�Q��v��1m�sFv����I��pIf��Q��M.[X=�wLnzMʓN -'<�ɥ�#���T)���SNV~gI�8� ��&��gY�o�E��E�S�N� ��I�ց�$*ж;�I��:�:"/��v̾D��M�}����T��76�K��ߧ��f�QA3��J��//1Ք�ͤMI��5��tp���--;K��]2�̪˳��_0�_� �Ŀ[L�1���� � �J�;�惭�Պ�e:�S�h�E��_<���Q�%�����3�Z�C Ď�tey�FS�8�n�<��T�o�-Ɉ!�e~��ј1uU���b�K����t���F�Y[Vk�k�O��C���w �f�9
  ����lk���R`W%4")r֦���$�����8�ج._;��(�ΰwa�l���h���TJ�|�D3l�~Z~�
  �M�%����TgOem"O~�r�G�9��B�kj��0��Y�-+(ē�#����A�7�q`����sɏV��E�Կ��g�`���+�\C,'.8C����sV�G9d��uș�4Q��#�ۢb��Ңb�����ஂ��(Q�r4=+�՜�;�d�g�*�RqI>c=MS���Hj�z����Ru��|o����(DV�����08 �Tc�{�C)�D�)7�>��8,��utVQ�o <`8� �as3m��]HPz���Ql�'xPy��s8��]�W�]u����7+H*��/�]�c�ZW%>1�p7:�Іx�a�1%�4���NK�����f���s��j��(����p��ԗ��.�U9T���@�����,#�Es2�|��4�?;xa��U�R>srеtNC�|���K3����I�<��ݪ�c{���>Zj-�e'$#DG����7�g{0�C��1p�%���(�OE�t���%��n�8�%�����A�։�Q����h�"Y���������5M $���e�R�T�.��ʎ�u�C�<^�TѤ��Ef�iGa~\�F_S�L6'hM�����

  Sections

  .text

  Size: - Virtual size: 429KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 63KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 4.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.7MB - Virtual size: 6.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 224B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ