blackmoon | 73c9303b7ad95fc2943e07d0cb753565aef9697f985fff97f39912b95d0ecc79

Sharing

Copy URL Twitter E-mail

General

Target

73c9303b7ad95fc2943e07d0cb753565aef9697f985fff97f39912b95d0ecc79
Size

12.7MB
MD5

bdbcf46f061b85a61011c456437eb00d
SHA1

8b27bebd37d1fb4d9cefb3970c7040529097a5c3
SHA256

73c9303b7ad95fc2943e07d0cb753565aef9697f985fff97f39912b95d0ecc79
SHA512

b7171d2801f697b904b3babf57a44af28afcf5abe9146231617024911ad6ca9f5fe73c577ecf609197d40b8af487deb69f67bb8bbd8effa5d39930f77b5cbc37
SSDEEP

196608:qIy18w+znQmu19d5aUsDWr2nW7SlEr/G+IYGXU7v5h9TneBrhYjsRVX:qxv+zq4IIq7v/9jePYuVX

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73c9303b7ad95fc2943e07d0cb753565aef9697f985fff97f39912b95d0ecc79

Files

73c9303b7ad95fc2943e07d0cb753565aef9697f985fff97f39912b95d0ecc79
.exe windows x86

5ed743a8b531960cbe3d024edb45b979

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
Process32Next
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetLastError
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalGetAtomNameA
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
CreateToolhelp32Snapshot
GlobalAlloc
CreateFileA
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
InterlockedExchange
DeviceIoControl
GetTempPathA
lstrcmpW
RtlZeroMemory
lstrcmpiA
HeapDestroy
HeapCreate
GetAtomNameW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
MultiByteToWideChar
lstrcatW
lstrcmpiW
lstrcmpA
lstrlenW
lstrlenA
HeapFree
InterlockedDecrement
InterlockedIncrement
RtlMoveMemory
LocalSize
HeapAlloc
GetProcessHeap
IsDebuggerPresent
WideCharToMultiByte
GetProcAddress
CreateThread
CloseHandle
SetFilePointer
SetWaitableTimer
CreateWaitableTimerA
MoveFileA
CreateDirectoryA
GetCurrentProcessId
VirtualFree
VirtualAlloc
Sleep
TerminateProcess
OpenProcess
lstrcpyA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
MulDiv
LocalFree
FlushFileBuffers
lstrcpynA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GlobalFindAtomA
LCMapStringA
LoadLibraryA
FreeLibrary
GetCommandLineA
SetFileAttributesA
WriteFile
GlobalFree
GetStartupInfoA
CreateProcessA
WaitForSingleObject
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
WritePrivateProfileStringA
GetFileSize
ReadFile
GetModuleFileNameA
GetPrivateProfileStringA
IsBadReadPtr
HeapReAlloc
ExitProcess
GetModuleHandleA
GlobalUnlock
IsBadCodePtr
GlobalLock
GetLocalTime
GlobalMemoryStatusEx
GlobalAddAtomA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClassA
CreateWindowExA
GetClassLongA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetWindowPlacement
IsDialogMessageA
SendDlgItemMessageA
SetWindowTextA
GetDlgCtrlID
CreateDialogIndirectParamA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ClientToScreen
RegisterClipboardFormatA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
GetMessageA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
PostMessageA
GetWindow
PtInRect
GetWindowLongA
GetWindowTextA
GetCursorPos
GetClassInfoA
SystemParametersInfoA
FindWindowA
GetClassNameA
SendMessageA
SetActiveWindow
GetActiveWindow
GetForegroundWindow
GetAncestor
CharLowerW
CharUpperW
LoadStringW
SetMenuDefaultItem
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuStringW
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
InsertMenuW
AppendMenuW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
GetMenuInfo
LoadMenuW
GetSystemMenu
CreatePopupMenu
CreateMenu
DrawIconEx
LoadImageW
CreateIconFromResourceEx
UpdateLayeredWindow
PeekMessageA
GetDesktopWindow
SystemParametersInfoW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
WinHelpA
GetCapture
GetTopWindow
GetDlgItem
TrackMouseEvent
EndPaint
BeginPaint
SetWindowRgn
GetClientRect
IsWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
MsgWaitForMultipleObjects
GetWindowThreadProcessId
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
MessageBoxA
wsprintfA
SetWindowLongA
DispatchMessageA
CreateWindowStationA
EnableMenuItem
GetSystemMetrics
IsZoomed
IsIconic
SetRect
LoadIconW
EnumPropsExW
RemovePropA
RemovePropW
GetPropA
GetPropW
SetPropA
SetPropW
KillTimer
SetTimer
MessageBoxW
SetWindowTextW
SetParent
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetIconInfo
CopyIcon
PostMessageW
ShowWindow
DefWindowProcW
CreateMDIWindowW
DialogBoxParamW
CreateDialogParamW
EndDialog
DialogBoxIndirectParamW
DestroyWindow
SetClassLongW
GetClassLongW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
IsChild
GetMessageW
GetFocus
InvalidateRect
ReleaseDC
GetDC
CallWindowProcW
SetFocus
GetNextDlgTabItem
GetWindowRect
SetWindowPos
EnableWindow
IsWindowEnabled
IsWindowVisible
GetSysColor
DestroyAcceleratorTable
DestroyIcon
LoadCursorW
ReleaseCapture
SetCapture
SetCursor
DestroyCursor
SendMessageW
GetWindowLongW
GetParent
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
FindWindowExW
GetAsyncKeyState
SetWindowLongW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
DeleteService
ControlService
StartServiceA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
RegCloseKey

shell32

SHGetSpecialFolderPathA
DragQueryFileW
DragFinish
ShellExecuteA
Shell_NotifyIconW
CommandLineToArgvW
DragAcceptFiles

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString
GetHGlobalFromStream

shlwapi

PathFindFileNameW
StrTrimW
StrToIntW
PathFileExistsA
wvnsprintfW
PathRemoveFileSpecW
StrToIntExW

ws2_32

inet_ntoa
WSACleanup
select
WSAAsyncSelect
ntohs
getsockname
recv
send
connect
htons
inet_addr
socket
closesocket
WSAStartup
gethostbyname

gdi32

CreateBitmap
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
GetObjectA
GetDIBits
CreatePatternBrush
CreateEllipticRgn
CreateFontIndirectW
GetObjectW
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
CreateRoundRectRgn
GetTextMetricsA
SetBkColor
SetBkMode
SetTextColor
DeleteDC
SelectObject
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape

comctl32

ord17
InitCommonControlsEx

gdiplus

GdipCreateBitmapFromFile
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipVectorTransformMatrixPoints
GdipTransformMatrixPoints
GdipShearMatrix
GdipScaleMatrix
GdipInvertMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipGetMatrixElements
GdipSetMatrixElements
GdipCloneMatrix
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRect
GdipIsVisibleRegionPoint
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegion
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipIsOutlineVisiblePathPoint
GdipIsVisiblePathPoint
GdipWarpPath
GdipWindingModeOutline
GdipWidenPath
GdipFlattenPath
GdipGetPathWorldBounds
GdipTransformPath
GdipAddPathString
GdipAddPathPath
GdipAddPathPolygon
GdipAddPathPie
GdipAddPathEllipse
GdipAddPathRectangle
GdipAddPathClosedCurve2
GdipAddPathClosedCurve
GdipAddPathCurve2
GdipAddPathCurve
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipGetPathLastPoint
GdipReversePath
GdipClearPathMarkers
GdipSetPathMarker
GdipClosePathFigures
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathData
GdipGetPointCount
GdipSetPathFillMode
GdipGetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath2
GdipCloneBitmapArea
GdipCreateBitmapFromStream
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetLogFontA
GdipGetLogFontW
GdipCloneFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontW
GdipCreateFont
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateHICONFromBitmap
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageThumbnail
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipEndContainer
GdipBeginContainer2
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRect
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipIsClipEmpty
GdipGetVisibleClipBounds
GdipGetClipBounds
GdipGetClip
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipRect
GdipSetClipPath
GdipSetClipGraphics
GdipDrawImagePointsRect
GdipDrawImagePointRect
GdipDrawImagePoints
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawImage
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDrawString
GdipFillRegion
GdipFillClosedCurve2
GdipFillClosedCurve
GdipFillPath
GdipFillPie
GdipFillEllipse
GdipFillPolygon
GdipGraphicsClear
GdipBitmapSetResolution
GdipCreateSolidFill
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipGetFontHeightGivenDPI
GdipCreateBitmapFromResource
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilyMonospace
GdipGetFamilyName
GdipIsStyleAvailable
GdipGetEmHeight
GdipGetCellAscent
GdipGetCellDescent
GdipCreateTexture
GdipDrawClosedCurve2
GdipDrawClosedCurve
GdipDrawCurve2
GdipDrawCurve
GdipDrawPath
GdipDrawPolygon
GdipDrawPie
GdipDrawEllipse
GdipDrawRectangle
GdipGetLineSpacing
GdipCreatePath
GdipDrawBezier
GdipDrawArc
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetPageUnit
GdipSetPageUnit
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDeleteMatrix
GdipGetWorldTransform
GdipSetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipReleaseDC
GdipGetDC
GdipFlush
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipGetImageAttributesAdjustedPalette
GdipSetImageAttributesWrapMode
GdipSetImageAttributesRemapTable
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesColorKeys
GdipSetImageAttributesGamma
GdipSetImageAttributesNoOp
GdipSetImageAttributesThreshold
GdipResetImageAttributes
GdipSetImageAttributesToIdentity
GdipCloneImageAttributes
GdipCreateImageAttributes
GdipDeleteRegion
GdipDeletePath
GdipDeleteFont
GdiplusStartup
GdipDisposeImage
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipDeleteBrush
GdipFillRectangle
GdipIsMatrixEqual

atl

ord42

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

oledlg

ord8

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

wtsapi32

WTSSendMessageW

Exports

Exports

*��N�S��uj �2�� w��i��Ib�� !/��/��H�U�J�.z�ء}�)$h�B��^1�#A�3�_��D8< �g��mA��|<�T0ӡ�>�Hc\j��/��-��9� ��`�ן��7K5c��H-T��[�3�h�?JpC�/��s�#� ʠOfb��fJ�֦#�m;]�f#C&��wUhЉ��hc��j98�J��&:c�m�᧿��-�㭜v�A��r4�'G�h��6-�Fw��#�3V�&6��=�{6b��q7�H�l�] ��Zd�B9\�f��Մ��}6��b�ʞ��4�7�4��M?��W��%��t�� pA ��חB\��'#��.׹�1�xt�$��R��*�Ȑ�L��+�"��?��Ϫ��.p��s�]S1��R�� ,��m��σe5Z�� O��k�A�6*��,Z��P�?�g��^��Ɂ/#,�v�5\!4��J5��y|��~��ǁ��R�{T�8�{.�ZЦ�ԓ� c��TF�g4��z��D8�.-_.h5?�-Zt�&�>H5�bks�o� l�C<�4�Vhm0�7��NX�A��݁3��47oR@%��e9+@�E�E�-9d/vG��7V��I��U��+�i�J$W�,3P��P1U{��k8�I<��G�>/�i��]Ց��Hp��v�n�Q�6b'* ��5�d�sɕ��.��X�-UJ2��"4#��;G�� R�Ǉg��yLy��i�t'��h��Y��I�\ =И^��,i.�e��D<��12�Ի��5��7��[�� oV��d��e�� ?|Y�D�@��l��T�l��w##y�.Z��0��Z�w��lf1��g��J�7��n�I;O��D7�@8O�N��2�c�n K&�GՓL||-��^?x��c��ȷi �`��n�fHw�N�/П � ��vCR@CU$\��mӇ�1�p쬟�Pp�ߑZ�@�`b��%��XȜ��>��\�e��J�)� ��6�*\�BDk�/�-֚��$��Ǟ^)�r ��H��O�_7Fy��O G17M�YL��/u�X�� v��2�8��]�_i�� c@]�J��y�Ư(��}�j��y��S��1�g��0��&��U��>� U=�D�;��0��@!|��e��xO��+mShk��8�I1��oE�'��B�0$Gb�=d��?��]�� [�c&�Oi�j{�J7L"<�� ma�,\/_�V��cr4n�EZ�[�;mYҰ��@knT��)QQ��9>V��!�2`�ަ�aUJ#�p��C+o�;vK ��k#��T�gT;۞�õ��u�IGE�0�;��g��V�9��œ�O��]��-��RKK��;p�U�Dn�!H4�u��4��>l��]�猺��X�i0A��鰌{��[t�i`�=�ߧIr gw�<�j#��=��^��K��/K��i%öW�H��b��#��]�9g�LZ�\�JC��p�� ׾�9��m�y��qH�rn�Ŝ�~�j�t� !��J�F�+,��ι�'�?�O�Tٙ��[��Xa,]�d��0��Tg�?�'=��w(/zɍ9��>XҤ� {��v��B ��ԯB��4r��|�8�o�V�[�o��6�|�WK��/3��_2��ؾ��Rj�H�I��\9g�]ʴ��X��K��3^i��A.�3M��Ξ��.��t�OʙTB��&�B�[�� K$c^��Ƿ�2��u�{�|/��)x�9M��Z��"�,1'<��D�Mh2O�E��j�~z�z��z_L��EV�H��H[!e��Tb�R^�OUnN� Ȃ��-��7�O��ss�حE-�P�P�@��HӒ�<f��b��w��Ւ�|��WKz�a@�%�ĉ�p�6�|�#��W��H.��U��$a��8x��Sڊc��|h�/\��R�E$�D�,�T��pA`��Y��=˜]>��t��i2�m��)�܀k:ܲ/��ͫ6�� D<��%n��V�Q?�+ADg��6��N�jo�@B�H��6)�tِ&��6-��L��i��Ds��m��m��\=� 6SF�E֎�L�F*t3�d'��!��@?qN��>�f�Ք�ua��x��V}ÍK�g��D��|��#/(�Q0\�pFU/�m��q��+�]Ӫ��?��o��h��df�m^��Y`�9��!��#�"�\=��p٠Y�� k��U��'��<��}*�k�rxSR�k`0�S��uz�H*�(rq�);}D" ��2U�l/��c��ub¥��agDDE�.��r=�f�N}�^��3V�!��X��X 1��'P�?]ԄH��P�f��lW��1��q�T��4�I#�2P��a�eC�o˞,��X��d��4[�i@�vm�ܞ@ei$�v#�j�e*`�>�IO*�9��vY�<��V�&R�"� ��<�өj:�Wf�mf65�aݕ�e��pĂ\�՚*"��{PQ��q�Aw�C�K�3]��)+'�o<��s��ֺ��t��y��F0d��܇��!�8j��C�,v��>�M��2��8��9�s�5��+�g;�L>�7��5��b$>��p��X�0�fV|��c8KV1w�ln��fӑD�wt�@+��J�BCǔ�1�T��m3��,9�viF��S��B!� \V#{�0�a⫧��h��i��>$�;��mɒ��ڹ�G'��1��DA��_,��+�:��'�

Sections

.text
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.5MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zaezlb0
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zaezlb1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed743a8b531960cbe3d024edb45b979

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

gdi32

comctl32

gdiplus

atl

crypt32

msimg32

oledlg

winspool.drv

wtsapi32

Exports

Exports

Sections

.text Size: 664KB - Virtual size: 660KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6.5MB - Virtual size: 6.6MB

zaezlb0 Size: 3.6MB - Virtual size: 3.6MB

zaezlb1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 664KB - Virtual size: 660KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6.5MB - Virtual size: 6.6MB

zaezlb0
Size: 3.6MB - Virtual size: 3.6MB

zaezlb1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 4KB - Virtual size: 664B