General

Malware Config

Signatures

Files

• 5923bf9b6f3953178c81ce76b1aed809.bin

  .zip

  Password: infected

• f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.bin

  .exe windows x86

  Password: infected

  ac44d030aac7077131ee014b7adc735c

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WaitForSingleObject

  GetProcAddress

  GetModuleHandleW

  ReadFile

  SetFilePointer

  GetFileSize

  CreateFileW

  GetModuleFileNameA

  GetCommandLineW

  SetEndOfFile

  WriteFile

  CreateFileA

  GetFileAttributesA

  GetStartupInfoW

  GetCommandLineA

  ExitProcess

  RemoveDirectoryW

  CopyFileW

  GetModuleFileNameW

  GetCPInfo

  GetACP

  IsDBCSLeadByte

  HeapSize

  DeviceIoControl

  CreateProcessA

  GetTempPathA

  FindNextFileW

  GetSystemWow64DirectoryW

  ExpandEnvironmentStringsA

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenW

  GetLongPathNameW

  CreateProcessW

  GetTempFileNameA

  CreateDirectoryA

  DeleteFileA

  GetFileAttributesW

  CreateMutexA

  SetFilePointerEx

  GetFileSizeEx

  GetFileAttributesExW

  GetFileInformationByHandle

  GetVolumeInformationW

  MoveFileExW

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFullPathNameW

  ExpandEnvironmentStringsW

  OutputDebugStringA

  LoadLibraryA

  GetSystemDirectoryA

  FreeLibrary

  GetVersionExW

  GetCurrentProcess

  VirtualQuery

  ExitThread

  GetUserDefaultLangID

  GetUserDefaultUILanguage

  VerifyVersionInfoW

  VerSetConditionMask

  GlobalFree

  CreateThread

  LockResource

  LoadResource

  FindResourceExA

  FindResourceExW

  GlobalAlloc

  DebugBreak

  GlobalUnlock

  GlobalLock

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GlobalSize

  QueueUserAPC

  OpenThread

  SleepEx

  SetUnhandledExceptionFilter

  GetCurrentProcessId

  GetProcessTimes

  RaiseException

  FlushInstructionCache

  SetLastError

  TerminateThread

  CreateEventW

  SetEvent

  ResetEvent

  WaitForMultipleObjects

  GetExitCodeProcess

  GetTickCount

  SetThreadPriority

  GetTimeZoneInformation

  GetSystemTime

  SystemTimeToFileTime

  GetLocaleInfoW

  LCMapStringW

  GetExitCodeThread

  DuplicateHandle

  GetCurrentThread

  MapViewOfFile

  UnmapViewOfFile

  CompareFileTime

  LocalFree

  ReleaseMutex

  CreateFileMappingA

  ReleaseSemaphore

  CreateSemaphoreW

  SetThreadAffinityMask

  CreateEventA

  CreateWaitableTimerA

  SetWaitableTimer

  CancelWaitableTimer

  InterlockedExchangeAdd

  GetVersionExA

  GetVersion

  VirtualAlloc

  VirtualFree

  FlushFileBuffers

  GlobalMemoryStatusEx

  IsDebuggerPresent

  SetSystemTime

  FileTimeToSystemTime

  TlsAlloc

  TlsFree

  ResumeThread

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  CreateSemaphoreA

  HeapAlloc

  HeapFree

  HeapUnlock

  HeapWalk

  HeapLock

  HeapCreate

  HeapDestroy

  VirtualProtect

  GetNumberFormatW

  GetCurrencyFormatW

  CompareStringW

  GetDateFormatW

  GetTimeFormatW

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetProcessHeap

  GetProcessAffinityMask

  IsProcessorFeaturePresent

  GetStartupInfoA

  RtlUnwind

  UnhandledExceptionFilter

  HeapReAlloc

  GetSystemTimeAsFileTime

  GetStdHandle

  TerminateProcess

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  GetOEMCP

  IsValidCodePage

  LCMapStringA

  GetConsoleCP

  GetConsoleMode

  InitializeCriticalSectionAndSpinCount

  SetStdHandle

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringA

  SetEnvironmentVariableA

  LocalAlloc

  CloseHandle

  FindFirstFileW

  FindClose

  GetSystemDirectoryW

  LoadLibraryW

  GetModuleHandleA

  GetTempPathW

  GetTempFileNameW

  GetLastError

  DeleteFileW

  CreateDirectoryW

  GetSystemInfo

  SwitchToThread

  TlsGetValue

  TlsSetValue

  GetCurrentThreadId

  LeaveCriticalSection

  EnterCriticalSection

  TryEnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  InterlockedDecrement

  InterlockedIncrement

  InterlockedExchange

  InterlockedCompareExchange

  CreateWaitableTimerW

  Sleep

  advapi32

  CryptEncrypt

  CryptDestroyKey

  CryptImportKey

  CryptSetKeyParam

  CryptGetHashParam

  CryptHashData

  CryptDestroyHash

  CryptAcquireContextA

  CryptCreateHash

  RegOpenKeyA

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  RegOpenKeyExA

  RegQueryValueExW

  RegSetValueExW

  RegCreateKeyExW

  RegSetValueExA

  RegQueryValueExA

  RegCloseKey

  RegCreateKeyExA

  RegOpenKeyExW

  CryptDecrypt

  Exports

  Exports

  IAEModule_AEModule_PutKernel

  IAEModule_IAEKernel_LoadModule

  IAEModule_IAEKernel_UnloadModule

  _WinMainSandboxed@20

  Sections

  .text

  Size: 9.3MB - Virtual size: 9.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rodata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 827KB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.1MB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 445KB - Virtual size: 444KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ