General

Malware Config

Signatures

Files

• 2df6d622ef0513a2b78fe8ce46a77bdd43a92da92107a41b0e064661373ab5f3

  .exe windows x86

  b5ded07ad5b3bcda876a33544a00306e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetEndOfFile

  GetDiskFreeSpaceExW

  GetSystemInfo

  GetSystemDirectoryW

  GetNativeSystemInfo

  ResetEvent

  SetEvent

  PostQueuedCompletionStatus

  GetExitCodeThread

  CreateEventW

  CreateIoCompletionPort

  InterlockedExchange

  GetQueuedCompletionStatus

  WaitForMultipleObjects

  GetThreadLocale

  SetThreadLocale

  GetFileAttributesExW

  lstrcmpA

  FileTimeToSystemTime

  SleepEx

  FormatMessageA

  GetFileType

  GetStdHandle

  PeekNamedPipe

  ExpandEnvironmentStringsA

  QueryPerformanceCounter

  LoadLibraryA

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  GetFullPathNameW

  GetCurrentDirectoryW

  GetTimeZoneInformation

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  SetStdHandle

  GetConsoleCP

  ReadConsoleW

  GetACP

  ReadConsoleInputA

  GetConsoleMode

  SetConsoleCtrlHandler

  ExitProcess

  SetFilePointerEx

  GetDriveTypeW

  GetModuleHandleExW

  ExitThread

  SystemTimeToTzSpecificLocalTime

  FindFirstFileExW

  RtlUnwind

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  ReleaseSemaphore

  VirtualProtect

  FreeLibraryAndExitThread

  GetThreadTimes

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  GetThreadPriority

  SwitchToThread

  SignalObjectAndWait

  CreateTimerQueue

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetCPInfo

  GetSystemTimeAsFileTime

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  GetStringTypeW

  TryEnterCriticalSection

  WaitForSingleObjectEx

  DuplicateHandle

  LoadLibraryExA

  VirtualFree

  VirtualAlloc

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  IsDebuggerPresent

  lstrlenA

  MoveFileExW

  SetFileAttributesW

  SystemTimeToFileTime

  GetSystemTime

  GetComputerNameW

  GetCurrentProcessId

  SetFilePointer

  LocalFree

  DeviceIoControl

  GetPrivateProfileStringW

  GetStartupInfoW

  CreatePipe

  CreateProcessW

  RemoveDirectoryW

  TerminateProcess

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  GetShortPathNameW

  GetCurrentThread

  SetThreadPriority

  GetCurrentProcess

  SetPriorityClass

  GetEnvironmentVariableW

  GetFileTime

  lstrlenW

  TerminateThread

  WaitForSingleObject

  InitializeCriticalSection

  GetVersionExW

  GetTempPathW

  GetVersion

  MulDiv

  GlobalFree

  OpenProcess

  GetModuleHandleA

  VerifyVersionInfoW

  VerSetConditionMask

  GetTickCount

  FreeResource

  GlobalLock

  GlobalAlloc

  LoadLibraryExW

  lstrcmpiW

  DecodePointer

  WritePrivateProfileStringW

  Sleep

  WideCharToMultiByte

  MultiByteToWideChar

  SetLastError

  RaiseException

  GetCurrentThreadId

  DeleteFileW

  FindClose

  FindNextFileW

  FindFirstFileW

  OutputDebugStringW

  CopyFileW

  CreateDirectoryW

  CreateThread

  InterlockedIncrement

  InterlockedDecrement

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  FreeLibrary

  LoadLibraryW

  GetModuleFileNameW

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  ReadFile

  GetFileSize

  FlushFileBuffers

  WriteFile

  GetModuleHandleW

  GetProcAddress

  CreateFileW

  GetLastError

  CloseHandle

  SetEnvironmentVariableA

  WriteConsoleW

  SetConsoleMode

  user32

  SetWindowLongW

  CreateWindowExW

  LoadCursorW

  GetClassInfoExW

  RegisterClassExW

  UnregisterClassW

  SendMessageW

  DestroyWindow

  GetWindowLongW

  CallWindowProcW

  KillTimer

  PostMessageW

  SetTimer

  LoadIconW

  SetWindowPos

  MapWindowPoints

  GetClientRect

  GetParent

  GetWindowRect

  GetMonitorInfoW

  MonitorFromWindow

  GetWindow

  PostQuitMessage

  ShowWindow

  GetDlgItem

  CharNextW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  PeekMessageW

  MessageBoxW

  SetWindowTextW

  CopyRect

  SetRectEmpty

  EqualRect

  SetCursor

  ClientToScreen

  GetCursorPos

  PtInRect

  ScreenToClient

  GetDoubleClickTime

  IntersectRect

  GetDC

  ReleaseDC

  SystemParametersInfoW

  BeginPaint

  EndPaint

  IsIconic

  InvalidateRect

  TrackMouseEvent

  SetCapture

  ReleaseCapture

  DefWindowProcW

  SetFocus

  SetForegroundWindow

  FindWindowExW

  IsWindow

  MessageBoxA

  GetUserObjectInformationW

  GetProcessWindowStation

  wsprintfW

  IsClipboardFormatAvailable

  SetWindowRgn

  MoveWindow

  EnableWindow

  GetForegroundWindow

  GetWindowTextW

  IsWindowVisible

  IsZoomed

  MonitorFromRect

  OffsetRect

  SetCaretPos

  GetSysColor

  SetLayeredWindowAttributes

  LoadImageW

  IsRectEmpty

  GetIconInfo

  DrawIconEx

  FillRect

  DrawTextW

  UpdateLayeredWindow

  GetWindowTextLengthW

  GetFocus

  UpdateWindow

  GetKeyState

  SetActiveWindow

  GetWindowThreadProcessId

  AttachThreadInput

  BringWindowToTop

  GetCaretBlinkTime

  CreateCaret

  RegisterClipboardFormatW

  gdi32

  ExtSelectClipRgn

  CreateRectRgnIndirect

  SaveDC

  SetTextCharacterExtra

  GetCurrentObject

  GetTextColor

  CreateFontIndirectW

  Rectangle

  CreatePen

  SetBkColor

  SetTextColor

  SetBkMode

  CreateSolidBrush

  SetBitmapBits

  RestoreDC

  StretchBlt

  SetStretchBltMode

  SetPixel

  GetObjectW

  CreateDIBSection

  CreateRectRgn

  CombineRgn

  CreateRoundRectRgn

  DeleteDC

  DeleteObject

  BitBlt

  SelectObject

  CreateCompatibleDC

  GetDeviceCaps

  GetStockObject

  GetViewportOrgEx

  GetBitmapBits

  advapi32

  CryptCreateHash

  ReportEventA

  RegisterEventSourceA

  DeregisterEventSource

  FreeSid

  CheckTokenMembership

  AllocateAndInitializeSid

  RegSetKeySecurity

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  DeleteService

  CloseServiceHandle

  ControlService

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  GetSidSubAuthority

  GetSidSubAuthorityCount

  GetSidIdentifierAuthority

  LookupAccountNameW

  GetUserNameW

  RegEnumKeyW

  RegQueryValueExW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegCloseKey

  RegDeleteKeyW

  CryptDecrypt

  CryptEncrypt

  CryptDeriveKey

  CryptHashData

  CryptReleaseContext

  CryptDestroyKey

  CryptDestroyHash

  CryptAcquireContextW

  shell32

  ShellExecuteW

  ord165

  SHCreateDirectoryExW

  SHChangeNotify

  SHGetPathFromIDListW

  SHGetSpecialFolderLocation

  SHGetMalloc

  SHGetSpecialFolderPathW

  ShellExecuteExW

  ole32

  CoInitializeSecurity

  OleRun

  RegisterDragDrop

  StgCreateDocfileOnILockBytes

  CreateILockBytesOnHGlobal

  CreateStreamOnHGlobal

  CoUninitialize

  CoInitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  oleaut32

  VarBstrCmp

  SysAllocString

  VarUI4FromStr

  LoadTypeLi

  SysAllocStringByteLen

  VariantInit

  SysStringByteLen

  LoadRegTypeLi

  SysFreeString

  SysStringLen

  VariantClear

  SysAllocStringLen

  GetErrorInfo

  VariantCopy

  shlwapi

  PathRemoveFileSpecW

  PathAppendW

  PathFileExistsW

  StrCmpIW

  PathIsDirectoryW

  PathCombineW

  PathFindFileNameW

  PathRemoveBackslashW

  SHDeleteValueW

  SHSetValueW

  SHDeleteKeyW

  SHGetValueW

  PathSearchAndQualifyW

  PathIsRootW

  comctl32

  ord17

  InitCommonControlsEx

  msimg32

  AlphaBlend

  wininet

  HttpSendRequestW

  HttpOpenRequestW

  InternetConnectW

  InternetSetOptionW

  InternetOpenW

  InternetCrackUrlW

  HttpQueryInfoW

  InternetReadFile

  InternetCloseHandle

  gdiplus

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromFile

  GdipGetImagePixelFormat

  GdipGetImageHeight

  GdipGetImageWidth

  GdipCloneImage

  GdipDrawImageRectI

  GdipSetInterpolationMode

  GdipCreateBitmapFromScan0

  GdipGetImageGraphicsContext

  GdipDisposeImage

  GdipAlloc

  GdipFree

  GdipDeleteBrush

  GdipCloneBrush

  GdipCreateSolidFill

  GdipCreateFromHDC

  GdipSetTextRenderingHint

  GdipDrawString

  GdipCreateFontFamilyFromName

  GdipCreateFont

  GdipDeleteFont

  GdiplusStartup

  GdipDeleteGraphics

  GdipDeleteFontFamily

  riched20

  ord4

  psapi

  GetModuleFileNameExW

  crypt32

  CryptBinaryToStringW

  CryptStringToBinaryW

  netapi32

  Netbios

  ws2_32

  getsockname

  getpeername

  connect

  closesocket

  bind

  send

  recv

  WSASetLastError

  select

  __WSAFDIsSet

  WSACleanup

  WSAStartup

  getsockopt

  setsockopt

  socket

  WSAIoctl

  getaddrinfo

  freeaddrinfo

  accept

  listen

  recvfrom

  htons

  getservbyname

  gethostbyname

  WSAGetLastError

  htonl

  shutdown

  gethostname

  ioctlsocket

  ntohs

  sendto

  wldap32

  ord142

  ord79

  ord167

  ord147

  ord301

  ord127

  ord27

  ord26

  ord118

  ord41

  ord208

  ord216

  ord133

  ord46

  ord145

  ord14

  iphlpapi

  GetAdaptersInfo

  GetIpAddrTable

  secur32

  GetUserNameExW

  Sections

  .text

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 514KB - Virtual size: 514KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 59KB - Virtual size: 167KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 222KB - Virtual size: 222KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 103KB - Virtual size: 102KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ