General

Malware Config

Signatures

Files

• Downloads.zip

  .zip
• Google.exe

  .exe windows:6 windows x64

  00ec79d38140327a3c9e9df18f0ee262

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  InitializeCriticalSectionEx

  GetVersion

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  ExitProcess

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetWindowThreadProcessId

  CharUpperBuffW

  advapi32

  OpenProcessToken

  msvcp140

  ??1_Lockit@std@@QEAA@XZ

  winhttp

  WinHttpOpen

  ntdll

  RtlVirtualUnwind

  normaliz

  IdnToAscii

  wldap32

  ord41

  crypt32

  CertAddCertificateContextToStore

  ws2_32

  getpeername

  rpcrt4

  RpcStringFreeA

  psapi

  GetModuleInformation

  userenv

  UnloadUserProfile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  api-ms-win-crt-runtime-l1-1-0

  exit

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-math-l1-1-0

  _dclass

  api-ms-win-crt-string-l1-1-0

  strncmp

  api-ms-win-crt-convert-l1-1-0

  atoi

  api-ms-win-crt-filesystem-l1-1-0

  _fstat64

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-time-l1-1-0

  _time64

  shell32

  ShellExecuteA

  Exports

  Exports

  �~��PL�|��4�t�V�|���� �����ϔ�0��o�e�5P��?�~'Teu�S2������S���,�=D�6��" ���5�y<}1���WC੯��d��/%b���K�4ۢ�<d�H��� �3�Չ�u�:Cp���H8�]��WPV�F�2���C��a����f谞<Ӏ!|F��h���2\�V�pf�<�G8VW��&"��BR:ߤD;����O'��m_ϡ�st�:�^*�@�}�QlXuc%�� �jO?�-p<��)����#���qЀ��|��=著���?k�XY�`�7�T�������&P�O۾:�v��9s��@�+��1�������?"��1����Xj�7/wM���y�ւP��C�vq����`)����"���5XBLC$�_��4�-�ǹ��*#�5ɉIp�"� �4��x����gU�ҍ��5:����IF�֟�C�ٍ۟��DP&�򵑷fL�/�*��٨-(@������
  5���C�_�D݄A�A�O J@�)!�?�G�A)�H���念s������I8��:��O��%\���ժ��Ee�܎���t%-9�����d�W1Vǻ|��~��T�[P"�;R �L@,h�[�r �rISxC�!cu�-�
  ��_iȈ�oZ�-&y��j��y�G�Ü��������ݫ��g� |p@>lְ0�O�P�Ѵ����{s��^�I����kk=bGj�AfތP$t]�Ok�"4�>sp�\��pG�ɏ��Oe� b�@;�L3�~�,�������T�j���`���G�i��햝7����(� v��*GE�Qɲ�ʟ�y�0��R��Q�3��e_L����Dz�O�e͗@����&�%2��9P5QE*" X���r�AA.b��#��=�ڵ����垳y����/�w�i��섽)<%�1ZV��N�?~%�>���>�>�������P����X/�P�5��5�T�CS�*ь@������ɈG� �l~�m pv�E�Y�!؇[���F�D�|�S[WɧxX�^P�� �O�S�$�=� cކ@ҥ^��)ÝI9�6�#X��Vb�R�n)Q#..�TB�$�8<(K����\�g�[0su��R: jw'��&�ĄD�&���dѴ�����
  ^�\��*|D�+�W�����l� �mʒ�9�y��u����V��+��R厡[�U�Z���QO��\��X��
  F����I�A5=��=Yﺂw���� ����7 �����Q�3U�occ����>��8V*nE��~�4�0*��o��/�&`��e�I ���'/&�������������z��q�C�~�A�J� �ۿ���J�wu�-1b"xJQ ңzȘ��j_��m1Y�B�cd�,�EP���G�Ĺ�2�Ù����q'
  ��m*4hOݱ'x�4�?f���*l
  R��&�cu��1�@L�+ b/�-І<+*�R1g��x,�{V�0���\WQ�V���jr` *d5�X�b�bƃʄMs�:8�409��GY��B�� �*����IaP7�Nd씼tR��oL�TpS�%!3�j R�d�giTB(;ΐc��_A�brV�<���խE������$�\5�b�7��g_�Mū5��4����%���r��� ᝡ��Y��p=
  ����y�����4ڐ��$Lv$�L?W��h�"<
  �)a[U���e����q[V2"<��w��ξh�7�z��@Ծ������RУ��6�ɸ�_U^�HwcQIc ��5�����M��X��ֹkp�ݥH�I�����W�?�B]P�����|����|,TS[����p)��d0Q~),���@��?΁;泚�Tȱ�<r��>���t��6f��g�t�Ue�ګ�
  ���h�P/zu���!cr���0�.�F�N<4J+�;���4�_�x�nMW8����T<���Ȱ���fO��D�B��=���Oڍ��Q���VnS�GTQ�j����_��G{�f�:��,h�]ir�nܟ�=S��j^8���X��ZQE}|&�e9h�֨g�8
  ��Y)f*$���o�;נ�8���4Y&��ۢ�n��q� ���ԝ���o5�|a�Z�*�|8������l$�g������<��!���%;�/S���T�g|y2�=����.��~��UL��{?�8Տt�(/�+��mk���Ԕ�����K{\����\�hF��|�� �HK$���ӹ��ΌrL�r0{�[QI/GP�btt����^B�o泚|�qK��~�޼��f9�����a$�m�ed�Bkl�L� E}Y)�iQ�l�y���g����G�ի�fQ!��VS8t�k8��!�}�B=>����Q�v�ԡ�.�4l�x�˿�~.6׃h���D_��N��N��}B/k��k=�9@������rK�M}�<�J�K�^>�D@�2�9Yġ�
  �P�ɝ7�ƚI S�Î��+�cV����"�!�;�y�_�N� �����ɭ���Mý5U|��#�AX���=�a��@��nR��ͫ��jV���}�x�z����Z�Ɏ
  >���.Ƥ��6��_��]��������aE������5�y�rA��l82��9 ��nW8��=��N�X�������
  �*$�0�]�l����#�Ä�\Ѥ��C<���?S�� �T��H���=���V7IP�
  T��e����V�p��:ؖ�8ͼ2�y�����g���26x*�!����2K�A�����_ �v�����k:nw������2A��G�OeoƟq5�Z��������5���d���� ,�������rnL��f�IpD�+��˛�����y�*�* N�J��K���V6b������ ���)[Bȕ�b�2m�����J�Lu������bC�N�g�ܷoﱿ�]F�L��2���C���r�k� ���LJk�#�a^_k��Y�{2o�,*��2�A��J/H��\���:B�����A��̃�<�
  X��<f��7�E)ns*���U�����ov�*N���6�_��u��z���J�Y�vn�a��,|9_h���%���|�F�� �T�{m�>Q�-�`h�����

  Sections

  .text

  Size: - Virtual size: 512KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 121KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 4.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .g0<

  Size: - Virtual size: 16.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .x9_

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rjE

  Size: 22.8MB - Virtual size: 22.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 220B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• gta-sa-famous-landmarks.zip

  .zip