Extracted

• remus.exe

  .exe windows x64

  2d5aa2bacb12ffd10966c83ca6563356

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  crypt32

  CertFindCertificateInStore

  CertCloseStore

  CertEnumCertificatesInStore

  CertFreeCertificateContext

  PFXImportCertStore

  CryptDecodeObjectEx

  CertAddCertificateContextToStore

  CertFindExtension

  CryptStringToBinaryA

  CertGetNameStringA

  CryptQueryObject

  CertCreateCertificateChainEngine

  CertFreeCertificateChainEngine

  CertGetCertificateChain

  CertOpenStore

  CertFreeCertificateChain

  kernel32

  HeapSize

  MultiByteToWideChar

  GetTempPathA

  FormatMessageW

  GetDiskFreeSpaceA

  GetLastError

  GetFileAttributesA

  GetFileAttributesExW

  OutputDebugStringW

  FlushViewOfFile

  CreateFileA

  LoadLibraryA

  WaitForSingleObjectEx

  DeleteFileA

  DeleteFileW

  HeapReAlloc

  CloseHandle

  GetSystemInfo

  HeapAlloc

  HeapCompact

  HeapDestroy

  UnlockFile

  LocalFree

  LockFileEx

  GetFileSize

  DeleteCriticalSection

  GetCurrentProcessId

  GetProcessHeap

  SystemTimeToFileTime

  FreeLibrary

  WideCharToMultiByte

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  CreateFileMappingW

  MapViewOfFile

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  InitializeCriticalSectionEx

  SleepEx

  QueryPerformanceFrequency

  GetSystemDirectoryA

  GetModuleHandleA

  SetLastError

  MoveFileExA

  GetEnvironmentVariableA

  GetStdHandle

  GetFileType

  PeekNamedPipe

  WaitForMultipleObjects

  VerSetConditionMask

  VerifyVersionInfoA

  GetFileSizeEx

  FindFirstFileW

  FindNextFileW

  FindClose

  RaiseException

  DecodePointer

  GetCurrentThreadId

  WriteConsoleW

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetFileAttributesW

  CreateFileW

  WaitForSingleObject

  CreateMutexW

  GetTempPathW

  UnlockFileEx

  SetEndOfFile

  GetFullPathNameA

  SetFilePointer

  InitializeCriticalSection

  LeaveCriticalSection

  LockFile

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  HeapValidate

  SetStdHandle

  GetCurrentDirectoryW

  GetTimeZoneInformation

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetConsoleOutputCP

  ReadConsoleW

  GetConsoleMode

  GetModuleFileNameW

  FileTimeToSystemTime

  SystemTimeToTzSpecificLocalTime

  GetFileInformationByHandle

  GetDriveTypeW

  ExitProcess

  GetModuleHandleExW

  FreeLibraryAndExitThread

  ExitThread

  CreateThread

  LoadLibraryExW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  RtlPcToFileHeader

  InterlockedPushEntrySList

  RtlUnwindEx

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  RtlUnwind

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  CreateEventW

  ResetEvent

  SetEvent

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  GetCPInfo

  GetStringTypeW

  LCMapStringEx

  EncodePointer

  GetModuleHandleW

  OutputDebugStringA

  GetDiskFreeSpaceW

  WriteFile

  GetFullPathNameW

  EnterCriticalSection

  HeapFree

  HeapCreate

  TryEnterCriticalSection

  ReadFile

  AreFileApisANSI

  Sleep

  GetProcAddress

  LoadLibraryW

  FindFirstFileExW

  UnmapViewOfFile

  MoveFileExW

  SetFileAttributesW

  GetFileTime

  SetFilePointerEx

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  GetExitCodeThread

  user32

  GetCursorPos

  advapi32

  CryptCreateHash

  RegCloseKey

  CryptAcquireContextA

  CryptReleaseContext

  CryptGetHashParam

  CryptGenRandom

  CryptHashData

  CryptDestroyHash

  CryptDestroyKey

  CryptImportKey

  CryptEncrypt

  GetSecurityInfo

  shell32

  SHGetKnownFolderPath

  SHGetFolderPathW

  ole32

  CoCreateInstance

  CoUninitialize

  CoTaskMemFree

  CoInitialize

  bcrypt

  BCryptGenerateSymmetricKey

  BCryptDestroyKey

  BCryptSetProperty

  BCryptGetProperty

  BCryptOpenAlgorithmProvider

  BCryptCloseAlgorithmProvider

  BCryptEncrypt

  BCryptDeriveKeyPBKDF2

  BCryptCreateHash

  BCryptGenRandom

  BCryptDestroyHash

  BCryptHashData

  BCryptFinishHash

  ws2_32

  WSACloseEvent

  WSAEnumNetworkEvents

  getaddrinfo

  ioctlsocket

  listen

  htonl

  accept

  select

  __WSAFDIsSet

  WSACleanup

  WSAStartup

  WSAIoctl

  WSASetLastError

  socket

  setsockopt

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  bind

  closesocket

  WSAGetLastError

  send

  recv

  WSAEventSelect

  recvfrom

  sendto

  gethostname

  ntohl

  freeaddrinfo

  WSACreateEvent

  normaliz

  IdnToAscii

  wldap32

  ord22

  ord41

  ord50

  ord45

  ord27

  ord211

  ord46

  ord217

  ord143

  ord32

  ord33

  ord35

  ord79

  ord30

  ord200

  ord26

  ord301

  ord60

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 336KB - Virtual size: 335KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 30KB - Virtual size: 51KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 71KB - Virtual size: 70KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ