ipts[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ipts.exe
Size

102.8MB
MD5

f9e0504a16a2abf9a7560a101af0e904
SHA1

f5d9b94fdaff211ad1722d2abc438a1c432e18e3
SHA256

81b920273928601223403fd3a8249d7250cdbbd23fc695d3b263c7e00bc58d87
SHA512

c2cac9985fe45b0a947bd7423e1cf79af3749edbd37601428bd3a230a472ae2f6f6610fe693aed284993a03569c347aa68c9b9c4033127843600ad0d4a482653
SSDEEP

1572864:dNOzntWJh/AGloKgHpxRJKYsSeqQEWd2x6t0bRst3irX/+WBWFbhbh9Z1nHeMolx:dJf9moZTiMEO

Score

1^/10

Malware Config

Signatures

Files

ipts.exe
.exe windows x86

f0f27850bf11b6acda5409b53cfca8b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

gdi32

AddFontMemResourceEx
BitBlt
CancelDC
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
EnumFontFamiliesExW
EqualRgn
ExtEscape
ExtTextOutW
GdiAlphaBlend
GdiFlush
GetCharABCWidthsW
GetCurrentObject
GetDIBits
GetDeviceCaps
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetICMProfileW
GetObjectW
GetOutlineTextMetricsW
GetRgnBox
GetStockObject
GetTextExtentPointI
GetTextFaceW
GetTextMetricsW
GetWorldTransform
ModifyWorldTransform
PtInRegion
RemoveFontMemResourceEx
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SetAbortProc
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCBrushColor
SetDCPenColor
SetDIBits
SetDIBitsToDevice
SetGraphicsMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchBlt

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrCmp
VarUI4FromStr
VariantClear
VariantCopy
VariantInit

shell32

CommandLineToArgvW
DragQueryFileW
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathRemoveExtensionW
ord12
SHGetValueW
StrCmpNIW
StrCpyW
StrDupW
StrStrIA
StrStrIW

user32

AdjustWindowRectEx
AllowSetForegroundWindow
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharNextW
CharUpperW
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseTouchInputHandle
CloseWindowStation
CreateCaret
CreateDesktopW
CreateIconIndirect
CreateWindowExW
CreateWindowStationW
DefRawInputProc
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyWindow
DispatchMessageW
DisplayConfigGetDeviceInfo
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndPaint
EnumChildWindows
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FlashWindowEx
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardSequenceNumber
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDisplayConfigBufferSizes
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGuiResources
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastInputInfo
GetLayeredWindowAttributes
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetPropW
GetQueueStatus
GetRawInputData
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationW
GetUserObjectSecurity
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
IntersectRect
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadImageW
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OffsetRect
OpenClipboard
OpenInputDesktop
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PrintWindow
PtInRect
QueryDisplayConfig
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterHotKey
RegisterPowerSettingNotification
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendInput
SendMessageTimeoutW
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuDefaultItem
SetParent
SetProcessDPIAware
SetProcessWindowStation
SetPropW
SetRect
SetRectEmpty
SetThreadDesktop
SetTimer
SetWinEventHook
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowWindow
SystemParametersInfoW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterHotKey
UnregisterPowerSettingNotification
UpdateLayeredWindow
WindowFromPoint

winmm

midiInAddBuffer
midiInClose
midiInGetDevCapsW
midiInGetNumDevs
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInUnprepareHeader
midiOutClose
midiOutGetDevCapsW
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutShortMsg
midiOutUnprepareHeader
timeBeginPeriod
timeEndPeriod
timeGetTime
waveInGetNumDevs
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketW
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSARecv
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASetEvent
WSASetLastError
WSASetServiceW
WSASocketW
WSAStartup
WSAWaitForMultipleEvents
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
CallbackMayRunLong
CancelIo
CancelIoEx
CheckRemoteDebuggerPresent
ClearCommError
CloseHandle
CloseThreadpool
CloseThreadpoolWork
CompareStringW
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMemoryResourceNotification
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateThreadpool
CreateThreadpoolWork
CreateToolhelp32Snapshot
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesEx
EnumSystemLocalesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceExW
FindResourceW
FlsAlloc
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommModemStatus
GetCommState
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatEx
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetVolumePathNameW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsValidCodePage
IsValidLocale
IsWow64Process
K32EnumProcessModules
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCIDToLocaleName
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PowerClearRequest
PowerCreateRequest
PowerSetRequest
Process32FirstW
Process32NextW
ProcessIdToSessionId
PurgeComm
QueryDosDeviceW
QueryFullProcessImageNameW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
RaiseFailFastException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
RtlCaptureStackBackTrace
RtlUnwind
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessDEPPolicy
SetProcessShutdownParameters
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SubmitThreadpoolWork
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolWorkCallbacks
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WerRegisterRuntimeExceptionModule
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA
lstrcmpiW
lstrlenW

propsys

PSCreateMemoryPropertyStore
VariantCompare

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

CancelIPChangeNotify
GetAdaptersAddresses
GetAdaptersInfo
NotifyAddrChange

dxgi

CreateDXGIFactory1

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

oleacc

AccessibleChildren
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
WindowFromAccessibleObject

uiautomationcore

UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaReturnRawElementProvider

comctl32

InitCommonControlsEx

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetUsagesEx
HidP_GetValueCaps

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertAddEncodedCertificateToStore
CertAddStoreToCollection
CertCloseStore
CertCompareCertificateName
CertControlStore
CertCreateCTLContext
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindCertificateInStore
CertFindExtension
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIssuerCertificateFromStore
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptProtectData
CryptUnprotectData
CryptVerifyCertificateSignatureEx

dwmapi

DwmDefWindowProc
DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

dwrite

DWriteCreateFactory

uxtheme

CloseThemeData
DrawThemeBackground
ord47
GetThemeBackgroundContentRect
GetThemePartSize
OpenThemeData

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

winspool.drv

ClosePrinter
DeviceCapabilitiesW
DocumentPropertiesW
EnumPrintersW
ord203
GetPrinterDriverW
GetPrinterW
OpenPrinterW

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

secur32

AcquireCredentialsHandleA
AcquireCredentialsHandleW
CompleteAuthToken
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextA
InitializeSecurityContextW
QueryContextAttributesW
QuerySecurityPackageInfoW

comdlg32

PrintDlgExW

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetIMEFileNameW
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetOpenStatus

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

Exports

Exports

?SetCanCreateMediaPlayerCallback@MediaFactory@content@@SAXV?$RepeatingCallback@$$A6A_NPAVRenderFrame@content@@@Z@base@@@Z
GetHandleVerifier
GetMainTargetServices
IsSandboxedProcess

Sections

.text
Size: 86.8MB - Virtual size: 86.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 431KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 205B

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0f27850bf11b6acda5409b53cfca8b6

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

gdi32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

kernel32

propsys

userenv

iphlpapi

dxgi

wtsapi32

oleacc

uiautomationcore

comctl32

hid

version

crypt32

dwmapi

dwrite

uxtheme

usp10

winspool.drv

d3d9

dxva2

secur32

comdlg32

urlmon

winhttp

imm32

dhcpcsvc

Exports

Exports

Sections

.text Size: 86.8MB - Virtual size: 86.8MB

.rdata Size: 12.2MB - Virtual size: 12.2MB

.data Size: 431KB - Virtual size: 2.5MB

.00cfg Size: 512B - Virtual size: 4B

.rodata Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 401B

.voltbl Size: 512B - Virtual size: 205B

CPADinfo Size: 512B - Virtual size: 40B

malloc_h Size: 512B - Virtual size: 193B

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 86.8MB - Virtual size: 86.8MB

.rdata
Size: 12.2MB - Virtual size: 12.2MB

.data
Size: 431KB - Virtual size: 2.5MB

.00cfg
Size: 512B - Virtual size: 4B

.rodata
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 401B

.voltbl
Size: 512B - Virtual size: 205B

CPADinfo
Size: 512B - Virtual size: 40B

malloc_h
Size: 512B - Virtual size: 193B

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 3.3MB - Virtual size: 3.3MB