General

Malware Config

Signatures

Files

• dd30198ea41d5015bbb55030481bee96.bin

  .zip

  Password: infected

• 69ab392dfe42b299677871707364b4b59da9a4e466eda0065db4dc6da89f9321.exe

  .exe windows x86

  Password: infected

  078c527316e58c8f8358ebd022c4bbdf

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetConsoleAliasExesLengthA

  InterlockedIncrement

  SetMailslotInfo

  GetLogicalDriveStringsW

  WritePrivateProfileSectionA

  CreateDirectoryW

  FreeEnvironmentStringsA

  GetModuleHandleW

  GetTickCount

  EnumCalendarInfoExW

  WaitNamedPipeW

  EnumTimeFormatsW

  SetProcessPriorityBoost

  GetSystemDirectoryW

  GetPrivateProfileStructW

  GetCalendarInfoA

  GetProcessHandleCount

  LeaveCriticalSection

  GetFileAttributesA

  GetFileAttributesW

  SetSystemPowerState

  GetModuleFileNameW

  CompareStringW

  GetVolumePathNameA

  GetShortPathNameA

  EnumSystemLocalesA

  GetPrivateProfileIntW

  ConvertThreadToFiber

  MoveFileW

  SetComputerNameA

  SearchPathA

  OpenWaitableTimerA

  LoadLibraryA

  WriteConsoleA

  InterlockedExchangeAdd

  LocalAlloc

  DeleteTimerQueue

  MoveFileA

  BuildCommDCBAndTimeoutsW

  FindFirstVolumeMountPointW

  IsSystemResumeAutomatic

  AddAtomW

  GetDiskFreeSpaceA

  OpenJobObjectW

  FindFirstVolumeMountPointA

  EnumDateFormatsA

  GetModuleHandleA

  FindNextFileW

  GetStringTypeW

  GetConsoleTitleW

  SetCalendarInfoA

  SetThreadAffinityMask

  SetFileShortNameA

  FindAtomW

  GetVolumeNameForVolumeMountPointW

  DeleteFileW

  AreFileApisANSI

  GetDriveTypeW

  GetProcAddress

  CreateMutexW

  CloseHandle

  WriteConsoleW

  GetLastError

  HeapFree

  DeleteFileA

  WideCharToMultiByte

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  RaiseException

  HeapAlloc

  IsProcessorFeaturePresent

  EncodePointer

  DecodePointer

  HeapCreate

  EnterCriticalSection

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  GetCurrentProcess

  GetCPInfo

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  SetLastError

  GetCurrentThreadId

  SetHandleCount

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  GetFileType

  DeleteCriticalSection

  ExitProcess

  WriteFile

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  Sleep

  RtlUnwind

  LCMapStringW

  MultiByteToWideChar

  SetFilePointer

  GetConsoleCP

  GetConsoleMode

  HeapSize

  LoadLibraryW

  HeapReAlloc

  FlushFileBuffers

  SetStdHandle

  CreateFileW

  gdi32

  GetCharABCWidthsW

  SelectObject

  shell32

  DuplicateIcon

  Sections

  .text

  Size: 75KB - Virtual size: 75KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 78KB - Virtual size: 40.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 122KB - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ