20112023_2135_AlmiqueArtilleryman_pkb[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

20112023_2135_AlmiqueArtilleryman_pkb.zip
Size

967KB
MD5

251bf02deeeeec07dc8554dae810bbe0
SHA1

c8dc9a7866600f1df7c1c9dba85d656709ca924d
SHA256

8706238594e89688a27279cc2148a0da409da6108aea7f193a7355a318c063a2
SHA512

a1249440fdd036e26d72867a76abcac3d12a1ab9d96759cd1f01efc7d00b485c35a92fdb3becb41faae560f5d92fc9edca1dfe0e3de1bcf20a35de882f988c55
SSDEEP

24576:zU/8/RRSnYRTO2R4iXksPXD+6AjZ+J2CN5HGHoMi:zUE/in6O84i0WujZa5Mi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/AlmiqueArtilleryman_pkb.dll

Files

20112023_2135_AlmiqueArtilleryman_pkb.zip
.zip

Password: infected
AlmiqueArtilleryman_pkb.dll
.dll windows:4 windows x86 arch:x86

Password: infected

be2a53a57be90b97c83c373f6187ce99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW

kernel32

CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
_wfopen_s
calloc
fclose
fgetwc
fgetws
fputc
fputs
free
fwrite
iswctype
localeconv
malloc
memcmp
memcpy
qsort
realloc
setlocale
sprintf
strchr
strcmp
strlen
strncmp
_unlock
abort
atoi
towlower
ungetwc
vfprintf
wcschr
wcscpy
wcscspn
wcslen
wcsrchr
wcsstr
wcstol
wcstoul
_write

Exports

Exports

RLL_POWERSCHEMES_GUID
RPIAudioFunc
RPIFunc
RUID_ACDC_POWER_SOURCE
RUID_ACTIVE_POWERSCHEME
RUID_ADAPTIVE_POWER_BEHAVIOR_SUBGROUP
RUID_ALLOW_AWAYMODE
RUID_ALLOW_DISPLAY_REQUIRED
RUID_ALLOW_RTC_WAKE
RUID_ALLOW_STANDBY_STATES
RUID_ALLOW_SYSTEM_REQUIRED
RUID_APPLAUNCH_BUTTON
RUID_BACKGROUND_TASK_NOTIFICATION
RUID_BATTERY_DISCHARGE_ACTION_0
RUID_BATTERY_DISCHARGE_ACTION_1
RUID_BATTERY_DISCHARGE_ACTION_2
RUID_BATTERY_DISCHARGE_ACTION_3
RUID_BATTERY_DISCHARGE_FLAGS_0
RUID_BATTERY_DISCHARGE_FLAGS_1
RUID_BATTERY_DISCHARGE_FLAGS_2
RUID_BATTERY_DISCHARGE_FLAGS_3
RUID_BATTERY_DISCHARGE_LEVEL_0
RUID_BATTERY_DISCHARGE_LEVEL_1
RUID_BATTERY_DISCHARGE_LEVEL_2
RUID_BATTERY_DISCHARGE_LEVEL_3
RUID_BATTERY_PERCENTAGE_REMAINING
RUID_BATTERY_SUBGROUP
RUID_CONSOLE_DISPLAY_STATE
RUID_CRITICAL_POWER_TRANSITION
RUID_DEVICE_IDLE_POLICY
RUID_DEVICE_POWER_POLICY_VIDEO_BRIGHTNESS
RUID_DEVICE_POWER_POLICY_VIDEO_DIM_BRIGHTNESS
RUID_DEVINTERFACE_CDCHANGER
RUID_DEVINTERFACE_CDROM
RUID_DEVINTERFACE_COMPORT
RUID_DEVINTERFACE_DISK
RUID_DEVINTERFACE_FLOPPY
RUID_DEVINTERFACE_MEDIUMCHANGER
RUID_DEVINTERFACE_PARTITION
RUID_DEVINTERFACE_SERENUM_BUS_ENUMERATOR
RUID_DEVINTERFACE_STORAGEPORT
RUID_DEVINTERFACE_TAPE
RUID_DEVINTERFACE_VOLUME
RUID_DEVINTERFACE_WRITEONCEDISK
RUID_DISK_ADAPTIVE_POWERDOWN
RUID_DISK_BURST_IGNORE_THRESHOLD
RUID_DISK_COALESCING_POWERDOWN_TIMEOUT
RUID_DISK_IDLE_TIMEOUT
RUID_DISK_POWERDOWN_TIMEOUT
RUID_DISK_SUBGROUP
RUID_ENABLE_SWITCH_FORCED_SHUTDOWN
RUID_EXECUTION_REQUIRED_REQUEST_TIMEOUT
RUID_GLOBAL_USER_PRESENCE
RUID_HIBERNATE_FASTS4_POLICY
RUID_HIBERNATE_TIMEOUT
RUID_IDLE_BACKGROUND_TASK
RUID_IDLE_RESILIENCY_PERIOD
RUID_IDLE_RESILIENCY_SUBGROUP
RUID_LIDCLOSE_ACTION
RUID_LIDOPEN_POWERSTATE
RUID_LIDSWITCH_STATE_CHANGE
RUID_LOCK_CONSOLE_ON_WAKE
RUID_MAX_POWER_SAVINGS
RUID_MIN_POWER_SAVINGS
RUID_MONITOR_POWER_ON
RUID_NON_ADAPTIVE_INPUT_TIMEOUT
RUID_PCIEXPRESS_ASPM_POLICY
RUID_PCIEXPRESS_SETTINGS_SUBGROUP
RUID_POWERBUTTON_ACTION
RUID_POWERSCHEME_PERSONALITY
RUID_PROCESSOR_ALLOW_THROTTLING
RUID_PROCESSOR_CORE_PARKING_AFFINITY_HISTORY_DECREASE_FACTOR
RUID_PROCESSOR_CORE_PARKING_AFFINITY_HISTORY_THRESHOLD
RUID_PROCESSOR_CORE_PARKING_AFFINITY_WEIGHTING
RUID_PROCESSOR_CORE_PARKING_DECREASE_POLICY
RUID_PROCESSOR_CORE_PARKING_DECREASE_THRESHOLD
RUID_PROCESSOR_CORE_PARKING_DECREASE_TIME
RUID_PROCESSOR_CORE_PARKING_INCREASE_POLICY
RUID_PROCESSOR_CORE_PARKING_INCREASE_THRESHOLD
RUID_PROCESSOR_CORE_PARKING_INCREASE_TIME
RUID_PROCESSOR_CORE_PARKING_MAX_CORES
RUID_PROCESSOR_CORE_PARKING_MIN_CORES
RUID_PROCESSOR_CORE_PARKING_OVER_UTILIZATION_HISTORY_DECREASE_FACTOR
RUID_PROCESSOR_CORE_PARKING_OVER_UTILIZATION_HISTORY_THRESHOLD
RUID_PROCESSOR_CORE_PARKING_OVER_UTILIZATION_THRESHOLD
RUID_PROCESSOR_CORE_PARKING_OVER_UTILIZATION_WEIGHTING
RUID_PROCESSOR_DISTRIBUTE_UTILITY
RUID_PROCESSOR_IDLESTATE_POLICY
RUID_PROCESSOR_IDLE_ALLOW_SCALING
RUID_PROCESSOR_IDLE_DEMOTE_THRESHOLD
RUID_PROCESSOR_IDLE_DISABLE
RUID_PROCESSOR_IDLE_PROMOTE_THRESHOLD
RUID_PROCESSOR_IDLE_STATE_MAXIMUM
RUID_PROCESSOR_IDLE_TIME_CHECK
RUID_PROCESSOR_PARKING_CONCURRENCY_THRESHOLD
RUID_PROCESSOR_PARKING_CORE_OVERRIDE
RUID_PROCESSOR_PARKING_HEADROOM_THRESHOLD
RUID_PROCESSOR_PARKING_PERF_STATE
RUID_PROCESSOR_PERFSTATE_POLICY
RUID_PROCESSOR_PERF_BOOST_MODE
RUID_PROCESSOR_PERF_BOOST_POLICY
RUID_PROCESSOR_PERF_DECREASE_POLICY
RUID_PROCESSOR_PERF_DECREASE_THRESHOLD
RUID_PROCESSOR_PERF_DECREASE_TIME
RUID_PROCESSOR_PERF_HISTORY
RUID_PROCESSOR_PERF_INCREASE_POLICY
RUID_PROCESSOR_PERF_INCREASE_THRESHOLD
RUID_PROCESSOR_PERF_INCREASE_TIME
RUID_PROCESSOR_PERF_LATENCY_HINT
RUID_PROCESSOR_PERF_TIME_CHECK
RUID_PROCESSOR_SETTINGS_SUBGROUP
RUID_PROCESSOR_THROTTLE_MAXIMUM
RUID_PROCESSOR_THROTTLE_MINIMUM
RUID_PROCESSOR_THROTTLE_POLICY
RUID_SESSION_DISPLAY_STATUS
RUID_SESSION_USER_PRESENCE
RUID_SLEEPBUTTON_ACTION
RUID_SLEEP_IDLE_THRESHOLD
RUID_SLEEP_SUBGROUP
RUID_STANDBY_TIMEOUT
RUID_SYSTEM_AWAYMODE
RUID_SYSTEM_BUTTON_SUBGROUP
RUID_SYSTEM_COOLING_POLICY
RUID_TYPICAL_POWER_SAVINGS
RUID_UNATTEND_SLEEP_TIMEOUT
RUID_USERINTERFACEBUTTON_ACTION
RUID_VIDEO_ADAPTIVE_DISPLAY_BRIGHTNESS
RUID_VIDEO_ADAPTIVE_PERCENT_INCREASE
RUID_VIDEO_ADAPTIVE_POWERDOWN
RUID_VIDEO_ANNOYANCE_TIMEOUT
RUID_VIDEO_CONSOLE_LOCK_TIMEOUT
RUID_VIDEO_CURRENT_MONITOR_BRIGHTNESS
RUID_VIDEO_DIM_TIMEOUT
RUID_VIDEO_POWERDOWN_TIMEOUT
RUID_VIDEO_SUBGROUP
RID_AsyncIAdviseSink
RID_AsyncIAdviseSink2
RID_AsyncIMultiQI
RID_AsyncIUnknown
RID_IAddrExclusionControl
RID_IAddrTrackingControl
RID_IAdviseSink
RID_IAdviseSink2
RID_IAdviseSinkEx
RID_IAgileObject
RID_IApartmentShutdown
RID_IAsyncManager
RID_IAsyncRpcChannelBuffer
RID_IAuthenticate
RID_IAuthenticateEx
RID_IBindCallbackRedirect
RID_IBindCtx
RID_IBindHost
RID_IBindProtocol
RID_IBindStatusCallback
RID_IBindStatusCallbackEx
RID_IBinding
RID_IBlockingLock
RID_ICallFactory
RID_ICancelMethodCalls
RID_ICatalogFileInfo
RID_IChannelHook
RID_IClassActivator
RID_IClassFactory
RID_IClassFactory2
RID_IClientSecurity
RID_ICodeInstall
RID_IComThreadingInfo
RID_IConnectionPoint
RID_IConnectionPointContainer
RID_IContinue
RID_ICreateErrorInfo
RID_ICreateTypeInfo
RID_ICreateTypeInfo2
RID_ICreateTypeLib
RID_ICreateTypeLib2
RID_IDXGIAdapter
RID_IDXGIAdapter1
RID_IDXGIDevice
RID_IDXGIDevice1
RID_IDXGIDeviceSubObject
RID_IDXGIFactory
RID_IDXGIFactory1
RID_IDXGIKeyedMutex
RID_IDXGIObject
RID_IDXGIOutput
RID_IDXGIResource
RID_IDXGISurface
RID_IDXGISwapChain
RID_IDataAdviseHolder
RID_IDataFilter
RID_IDataObject
RID_IDirect3D9
RID_IDirect3D9Ex
RID_IDirect3DBaseTexture9
RID_IDirect3DCubeTexture9
RID_IDirect3DDevice9
RID_IDirect3DDevice9Ex
RID_IDirect3DIndexBuffer9
RID_IDirect3DPixelShader9
RID_IDirect3DQuery9
RID_IDirect3DResource9
RID_IDirect3DStateBlock9
RID_IDirect3DSurface9
RID_IDirect3DSwapChain9
RID_IDirect3DSwapChain9Ex
RID_IDirect3DTexture9
RID_IDirect3DVertexBuffer9
RID_IDirect3DVertexDeclaration9
RID_IDirect3DVertexShader9
RID_IDirect3DVolume9
RID_IDirect3DVolumeTexture9
RID_IDirectWriterLock
RID_IDispatch
RID_IDropSource
RID_IDropSourceNotify
RID_IDropTarget
RID_IDummyHICONIncluder
RID_IEncodingFilterFactory
RID_IEnumConnectionPoints
RID_IEnumConnections
RID_IEnumFORMATETC
RID_IEnumMoniker
RID_IEnumOLEVERB
RID_IEnumOleUndoUnits
RID_IEnumSTATDATA
RID_IEnumSTATPROPSETSTG
RID_IEnumSTATPROPSTG
RID_IEnumSTATSTG
RID_IEnumString
RID_IEnumUnknown
RID_IEnumVARIANT
RID_IErrorInfo
RID_IErrorLog
RID_IExternalConnection
RID_IFastRundown
RID_IFillLockBytes
RID_IFont
RID_IFontDisp
RID_IFontEventsDisp
RID_IForegroundTransfer
RID_IGetBindHandle
RID_IGlobalInterfaceTable
RID_IGlobalOptions
RID_IHttpNegotiate
RID_IHttpNegotiate2
RID_IHttpNegotiate3
RID_IHttpSecurity
RID_IInitializeSpy
RID_IInternalUnknown
RID_IInternet
RID_IInternetBindInfo
RID_IInternetBindInfoEx
RID_IInternetHostSecurityManager
RID_IInternetPriority
RID_IInternetProtocol
RID_IInternetProtocolInfo
RID_IInternetProtocolRoot
RID_IInternetProtocolSink
RID_IInternetProtocolSinkStackable
RID_IInternetSecurityManager
RID_IInternetSecurityMgrSite
RID_IInternetSession
RID_IInternetThreadSwitch
RID_IInternetZoneManager
RID_ILayoutStorage
RID_ILockBytes
RID_IMalloc
RID_IMallocSpy
RID_IMarshal
RID_IMarshal2
RID_IMarshalingStream
RID_IMessageFilter
RID_IMoniker
RID_IMonikerProp
RID_IMultiQI
RID_INoMarshal
RID_IObjectWithSite
RID_IOleAdviseHolder
RID_IOleCache
RID_IOleCache2
RID_IOleCacheControl
RID_IOleClientSite
RID_IOleContainer
RID_IOleControl
RID_IOleControlSite
RID_IOleInPlaceActiveObject
RID_IOleInPlaceFrame
RID_IOleInPlaceObject
RID_IOleInPlaceObjectWindowless
RID_IOleInPlaceSite
RID_IOleInPlaceSiteEx
RID_IOleInPlaceSiteWindowless
RID_IOleInPlaceUIWindow
RID_IOleItemContainer
RID_IOleLink
RID_IOleObject
RID_IOleParentUndoUnit
RID_IOleUndoManager
RID_IOleUndoUnit
RID_IOleWindow
RID_IOplockStorage
RID_IPSFactoryBuffer
RID_IParseDisplayName
RID_IPerPropertyBrowsing
RID_IPersist
RID_IPersistFile
RID_IPersistMemory
RID_IPersistMoniker
RID_IPersistPropertyBag
RID_IPersistPropertyBag2
RID_IPersistStorage
RID_IPersistStream
RID_IPersistStreamInit
RID_IPicture
RID_IPicture2
RID_IPictureDisp
RID_IPipeByte
RID_IPipeDouble
RID_IPipeLong
RID_IPointerInactive
RID_IPrintDialogCallback
RID_IPrintDialogServices
RID_IProcessInitControl
RID_IProcessLock
RID_IProgressNotify
RID_IPropertyBag
RID_IPropertyBag2
RID_IPropertyNotifySink
RID_IPropertyPage
RID_IPropertyPage2
RID_IPropertyPageSite
RID_IPropertySetStorage
RID_IPropertyStorage
RID_IProvideClassInfo
RID_IProvideClassInfo2
RID_IProvideMultipleClassInfo
RID_IQuickActivate
RID_IROTData
RID_IRecordInfo
RID_IReleaseMarshalBuffers
RID_IRootStorage
RID_IRpcChannelBuffer
RID_IRpcChannelBuffer2
RID_IRpcChannelBuffer3
RID_IRpcHelper
RID_IRpcOptions
RID_IRpcProxyBuffer
RID_IRpcStubBuffer
RID_IRpcSyntaxNegotiate
RID_IRunnableObject
RID_IRunningObjectTable
RID_ISequentialStream
RID_IServerSecurity
RID_ISimpleFrameSite
RID_ISoftDistExt
RID_ISpecifyPropertyPages
RID_IStdMarshalInfo
RID_IStorage
RID_IStream
RID_ISupportErrorInfo
RID_ISurrogate
RID_ISurrogateService
RID_ISynchronize
RID_ISynchronizeContainer
RID_ISynchronizeEvent
RID_ISynchronizeHandle
RID_ISynchronizeMutex
RID_IThumbnailExtractor
RID_ITimeAndNoticeControl
RID_ITypeChangeEvents
RID_ITypeComp
RID_ITypeFactory
RID_ITypeInfo
RID_ITypeInfo2
RID_ITypeLib
RID_ITypeLib2
RID_ITypeMarshal
RID_IUrlMon
RID_IViewObject
RID_IViewObject2
RID_IViewObjectEx
RID_IWaitMultiple
RID_IWinInetFileStream
RID_IWinInetHttpInfo
RID_IWinInetHttpTimeouts
RID_IWinInetInfo
RID_IWindowForBindingUI
RID_IWrappedProtocol
RFXAudioCORE_SyncOperation
RFXAudioDECODE_Close
RFXAudioDECODE_DecodeFrameAsync
RFXAudioDECODE_DecodeHeader
RFXAudioDECODE_GetAudioParam
RFXAudioDECODE_Init
RFXAudioDECODE_Query
RFXAudioDECODE_QueryIOSize
RFXAudioDECODE_Reset
RFXAudioENCODE_Close
RFXAudioENCODE_EncodeFrameAsync
RFXAudioENCODE_GetAudioParam
RFXAudioENCODE_Init
RFXAudioENCODE_Query
RFXAudioENCODE_QueryIOSize
RFXAudioENCODE_Reset
RFXAudioUSER_Load
RFXAudioUSER_ProcessFrameAsync
RFXAudioUSER_Register
RFXAudioUSER_UnLoad
RFXAudioUSER_Unregister
RFXCloneSession
RFXClose
RFXDisjoinSession
RFXDoWork
RFXGetPriority
RFXInit
RFXInitEx
RFXJoinSession
RFXQueryIMPL
RFXQueryVersion
RFXSetPriority
RFXVideoCORE_GetHandle
RFXVideoCORE_QueryPlatform
RFXVideoCORE_SetBufferAllocator
RFXVideoCORE_SetFrameAllocator
RFXVideoCORE_SetHandle
RFXVideoCORE_SyncOperation
RFXVideoDECODE_Close
RFXVideoDECODE_DecodeFrameAsync
RFXVideoDECODE_DecodeHeader
RFXVideoDECODE_GetDecodeStat
RFXVideoDECODE_GetPayload
RFXVideoDECODE_GetVideoParam
RFXVideoDECODE_Init
RFXVideoDECODE_Query
RFXVideoDECODE_QueryIOSurf
RFXVideoDECODE_Reset
RFXVideoDECODE_SetSkipMode
RFXVideoENCODE_Close
RFXVideoENCODE_EncodeFrameAsync
RFXVideoENCODE_GetEncodeStat
RFXVideoENCODE_GetVideoParam
RFXVideoENCODE_Init
RFXVideoENCODE_Query
RFXVideoENCODE_QueryIOSurf
RFXVideoENCODE_Reset
RFXVideoENC_Close
RFXVideoENC_GetVideoParam
RFXVideoENC_Init
RFXVideoENC_ProcessFrameAsync
RFXVideoENC_Query
RFXVideoENC_QueryIOSurf
RFXVideoENC_Reset
RFXVideoPAK_Close
RFXVideoPAK_GetVideoParam
RFXVideoPAK_Init
RFXVideoPAK_ProcessFrameAsync
RFXVideoPAK_Query
RFXVideoPAK_QueryIOSurf
RFXVideoPAK_Reset
RFXVideoUSER_GetPlugin
RFXVideoUSER_Load
RFXVideoUSER_LoadByPath
RFXVideoUSER_ProcessFrameAsync
RFXVideoUSER_Register
RFXVideoUSER_UnLoad
RFXVideoUSER_Unregister
RFXVideoVPP_Close
RFXVideoVPP_GetVPPStat
RFXVideoVPP_GetVideoParam
RFXVideoVPP_Init
RFXVideoVPP_Query
RFXVideoVPP_QueryIOSurf
RFXVideoVPP_Reset
RFXVideoVPP_RunFrameVPPAsync
RFXVideoVPP_RunFrameVPPAsyncEx
RO_SUBGROUP_GUID
RPM_IDLESTATES_DATA_GUID
RPM_IDLESTATE_CHANGE_GUID
RPM_IDLE_ACCOUNTING_EX_GUID
RPM_IDLE_ACCOUNTING_GUID
RPM_PERFMON_PERFSTATE_GUID
RPM_PERFSTATES_DATA_GUID
RPM_PERFSTATE_CHANGE_GUID
RPM_PERFSTATE_DOMAIN_CHANGE_GUID
RPM_THERMALCONSTRAINT_GUID
RPM_THERMAL_POLICY_CHANGE_GUID
RZ10HandleSortPKvS0_
RZN15MFX_DISP_HANDLE15LoadSelectedDLLEPKw12eMfxImplTypeiiR12mfxInitParam
RZN15MFX_DISP_HANDLE17UnLoadSelectedDLLEv
RZN15MFX_DISP_HANDLE5CloseEv
RZN15MFX_DISP_HANDLEC1E10mfxVersion
RZN15MFX_DISP_HANDLEC2E10mfxVersion
RZN15MFX_DISP_HANDLED1Ev
RZN15MFX_DISP_HANDLED2Ev
RZN3MFX10D3D9Device4InitEj
RZN3MFX10D3D9Device5CloseEv
RZN3MFX10D3D9DeviceC1Ev
RZN3MFX10D3D9DeviceC2Ev
RZN3MFX10D3D9DeviceD0Ev

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 784KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launcher.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

be2a53a57be90b97c83c373f6187ce99

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 512B - Virtual size: 148B

.rdata Size: 23KB - Virtual size: 23KB

.bss Size: - Virtual size: 3KB

.edata Size: 24KB - Virtual size: 23KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 5KB - Virtual size: 5KB

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 266KB - Virtual size: 266KB

/31 Size: 29KB - Virtual size: 28KB

/45 Size: 31KB - Virtual size: 30KB

/57 Size: 14KB - Virtual size: 14KB

/70 Size: 7KB - Virtual size: 7KB

/81 Size: 784KB - Virtual size: 780KB

/92 Size: 7KB - Virtual size: 7KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 512B - Virtual size: 148B

.rdata
Size: 23KB - Virtual size: 23KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 24KB - Virtual size: 23KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 5KB - Virtual size: 5KB

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 266KB - Virtual size: 266KB

/31
Size: 29KB - Virtual size: 28KB

/45
Size: 31KB - Virtual size: 30KB

/57
Size: 14KB - Virtual size: 14KB

/70
Size: 7KB - Virtual size: 7KB

/81
Size: 784KB - Virtual size: 780KB

/92
Size: 7KB - Virtual size: 7KB