General

Malware Config

Signatures

Files

• 41278456deb35fbd66172eb506a8457b

  .zip
• /Client.exe

  .exe windows:5 windows x86 arch:x86

  4f60dfc53b8f96b5a07f2047fa00d9fe

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  closesocket

  kernel32

  GetFileType

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  DeferWindowPos

  gdi32

  GetClipBox

  comdlg32

  GetOpenFileNameA

  winspool.drv

  ClosePrinter

  advapi32

  SetFileSecurityA

  shell32

  ExtractIconA

  comctl32

  ImageList_Destroy

  Exports

  Exports

  1���
  b�^����bv:G.>�ZJ���a���pl�.=U��$ ��M{@����g�������>���Wr�dK��z�<2F'gزW��Q�J�^�d�S�G��o�͢o}<Y/�l^��XE
  �"[r�M=�jR�1��e����v���c�Pl�{=:ԛ��.�����C�,5>>>#sә�i�_��\��[V�YdZF�x��H�а/����[��� c�J��V��1ҏ��)�k��9e�Q0������$����i��� ���ډ��6]Q�b��PFl�h5(.�V������i����& ��mY@��������wȴ<dJ�z�FE�6���\<,����R�s%����{��6J��7�/,;�"�6WFy�5R����T�,�-�k���5�V�:<�Dٞ��ډ��A�R|��V^ظ2 ��f��?�� �mf��-7s��F�Z�rLٌX�q�"dH�3�t���NE�>ڨb*/����7�H�����m>���]�uq�-Y��9�5z @& ʄ`����ˁ�*�S|� �iK�]G�id�����ٷԗ
  64N��m.e�A�wRT!
  ��(��,��%���,�)��tz�E�Q)��6��v|�n�4��15�O���&GȲ/;��耺uɣ�t�D�XޗYNXi��K":��d���:�����9f��5��H/ly\1�=�p^Q"����h���4�<�c���`"\JW�^���"��HN��>/����5wY�Zg�А0�Q����X�l{��71/�J�QV�P��T��`�V/� �1ԏ �_#Ը7[9�B�0G+eaɳe������ֹu��d���R�Ԓ�p����
  %��AW(L"�$-������eW2QZ���cA��⮖;����
  �T!��4*�\\��qƟ�`3���J����J|���|�ik:F�:?�w�ȁ�R�����|=?�d�4��A/����_<ә��;�a�SCfZ~���U���Z�7�LZ����n�ash�f)U��I��ڷ`Vo;�*eՁ�M�[�nW�\a�;�g�����Uѝ��Q۟���=gv��Jd?��.6� :Wr@���ɲ�t���P86R�U\����>J�|x�y�^������&<g��"����L6>����#�"a�W��������a�ؕ7�-�A6�� x��V��HA��0Q�i��D��_B������ �e�@�s�D�S����!��u��ɪ\���$��c��ȉ̻k(��z��+!��T��4��ˮ0�LX��=�p:��.�wfab��|d�Wy���O�-0���؀L���|�d��R���X��!��H���V�V�����t2 �\0�F6�$�Voǧ
  M���5��O�]]<L�=Z�u��|�d=� k�����MN
  ]���@&l��I�m�v5�'3��E�����<:����;WY�r��N��I��-���۞ a�A�)-^��؄=���ҩ��QH�+�����U�C������_&�3�
  u�X�.Qn����8�S�� �ߘj�����?�4��W�z��'��{�`��:�6|������GD�j��H��T������>W�E�[X��wuY�ut� % t1jҏܡ_׳��y +�73^��]yF��[WcTI�EȖ�Z���j縛��5*Zo�ۀˆ~��r�|��y��H����ko�8��2�ke2��H�!�5J�SY#vgU `����{�� _I��)�/X��R��[(lz�hΛ�ZQa��LB�:��[%�� ����'c;� �iSw��N�� ��}�����/�-{}��(�w%�h�vo7���9֝=ci�ڊÞpш5�6�v#k��Fs�s �u�[*��7�r�}R z���G��TZ��߾=p?��y-%�4�F�| ( ?[+�Y�ru��K�]�=�汇��+�4ʱ�O�M5���|��( �<O KD��`�Rr�I�tV �ا���4�E�Wo�^.����_���]҅�cI���������I-Ѣ��߾���V�9lY����3�s�ht7�����c��X�
  U�`�q�y��l�ir۵똫�_|а� N=U�
  �\��D7��hJ笯[���0�Sb>���7{���[")��G�+�l����w`���a3�O�o�hD�<���RǻG�� � �X�]dP1k�����j �M)����C.p����rK(�g��!j�� �r� rj�NJ�M=M���R���%F�8�ƌ��<@=�o�����n-���ze�.x��A�N�@j���#��NeZE��4�y/
  o����Y�M;�sc�����Q�2Y3�x'��l ��\�_��5o˜)lnWWLҟ��v�!K~�Oy��#�����s]7{Iz�67[,�u�`lp�
  $ʩ�ͳ#ي��$׀mZH��y4s�61e9'/�.�|P��gE��;bMM�m5V.�k+�树��
  �5S|�\M�ro��&H�O��� �w�6#�/��0
  �֢� �G��_�y#ҽ;
  a�[�i~�����ZcʌFY� b&7��0��F]�-������G�-`���A�YϏx>)�6��1��29��,��qƎ�5���������]
  o `-P�禼6l��M�MIE�����_`�Q��w�h)�<�r>�K��3�;�`������AfX�;����ՉAY׮� �V�P���3�5a=�j�d�J�m�m��OB^�_}��K�u[�O_�DqB���m��0d$��Ի��� ���@���H+�m�u�wh-8�4����2{<j����C.;(m�����FM���φ.��)�U���4K��* ��_~F��{]�w7�oFz�ij�i�6x(���,9%�O��%�x�hb>�h)���yx��f�����`�������*V�7/����E4A�s�/]�a��_�x��r^E�����F�Q���+y.Uj��d�r;B&x�"�S��C�WZ]�>������[�Y�=N*Э�P
  �Aְj���~��#LͿK����}��U�V%ԿA��S�3r:���������U�iֹ�R����e�@�-(
  �$�싢�M_Ŝ�H����MP���r��ͽ�

  Sections

  .text

  Size: - Virtual size: 517KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 92KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 137KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .cn0

  Size: - Virtual size: 1.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 4KB - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .cn1

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• /getsetup.exe

  .exe windows:4 windows x86 arch:x86

  d22c5653ee228ce97e064fa87a057ad6

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  TerminateThread

  InitializeCriticalSection

  GlobalMemoryStatusEx

  GetVersionExA

  Module32Next

  Module32First

  CreateToolhelp32Snapshot

  TerminateProcess

  OpenProcess

  Process32Next

  Process32First

  OpenEventA

  GetLastError

  CreateEventA

  SetEvent

  ResetEvent

  CopyFileA

  GetCurrentProcessId

  GetSystemDirectoryA

  lstrlenA

  WaitForSingleObject

  GetFileAttributesA

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  GetStringTypeW

  GetStringTypeA

  ReadFile

  SetEndOfFile

  LoadLibraryA

  GetProcAddress

  GetOEMCP

  GetACP

  CreateThread

  SetThreadPriority

  ResumeThread

  GetCommandLineA

  ExitProcess

  InterlockedDecrement

  EnterCriticalSection

  InterlockedIncrement

  LeaveCriticalSection

  WinExec

  DeleteFileA

  GetCurrentDirectoryA

  GetModuleFileNameA

  Sleep

  InterlockedExchange

  ExitThread

  GetCPInfo

  HeapFree

  HeapAlloc

  GetTimeZoneInformation

  GetSystemTime

  GetLocalTime

  RtlUnwind

  HeapReAlloc

  GetModuleHandleA

  GetStartupInfoA

  GetVersion

  GetEnvironmentVariableA

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  DeleteCriticalSection

  SetHandleCount

  GetStdHandle

  GetFileType

  SetFilePointer

  WriteFile

  WideCharToMultiByte

  MultiByteToWideChar

  LCMapStringA

  LCMapStringW

  GetCurrentThreadId

  TlsSetValue

  TlsAlloc

  SetLastError

  TlsGetValue

  GetCurrentProcess

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  SetStdHandle

  FlushFileBuffers

  CreateFileA

  ws2_32

  htonl

  htons

  select

  __WSAFDIsSet

  getsockopt

  gethostbyname

  getsockname

  closesocket

  WSACleanup

  WSAStartup

  inet_addr

  setsockopt

  socket

  connect

  send

  recv

  ntohl

  ntohs

  sendto

  advapi32

  RegOpenKeyA

  RegSetValueExA

  StartServiceCtrlDispatcherA

  RegisterServiceCtrlHandlerA

  SetServiceStatus

  ControlService

  OpenSCManagerA

  OpenServiceA

  CloseServiceHandle

  QueryServiceStatus

  StartServiceA

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  CreateServiceA

  shell32

  ShellExecuteExA

  iphlpapi

  GetIfTable

  GetAdaptersInfo

  Sections

  .text

  Size: 52KB - Virtual size: 49KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 52KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• /getsetup.hb

  .elf linux x86
• /key.dat
• /װ.txt
• /ƶ_C.exe

  .exe windows:4 windows x86 arch:x86

  f56a1a23e63b94543be20d9a5197467a

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetFileType

  GetACP

  TerminateProcess

  HeapSize

  SetUnhandledExceptionFilter

  GetEnvironmentVariableA

  GetVersionExA

  HeapDestroy

  HeapCreate

  VirtualFree

  VirtualAlloc

  IsBadWritePtr

  SetHandleCount

  GetStdHandle

  LCMapStringA

  LCMapStringW

  UnhandledExceptionFilter

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  GetStringTypeA

  GetStringTypeW

  IsBadReadPtr

  IsBadCodePtr

  CompareStringA

  CompareStringW

  SetEnvironmentVariableA

  ExitProcess

  GetCommandLineA

  GetStartupInfoA

  GetProfileStringA

  HeapReAlloc

  HeapFree

  GetLocalTime

  GetSystemTime

  GetTimeZoneInformation

  HeapAlloc

  RtlUnwind

  RaiseException

  GetTickCount

  SetErrorMode

  SizeofResource

  GetFileTime

  GetFileSize

  GetFileAttributesA

  GetThreadLocale

  GetFullPathNameA

  GetVolumeInformationA

  FindFirstFileA

  FindClose

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  SetFilePointer

  WriteFile

  ReadFile

  CreateFileA

  GetCurrentProcess

  DuplicateHandle

  GetOEMCP

  GetCPInfo

  GetProcessVersion

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  GlobalReAlloc

  TlsFree

  GlobalHandle

  TlsAlloc

  LocalAlloc

  GlobalFlags

  GetModuleFileNameA

  lstrcmpA

  GetCurrentThread

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  MulDiv

  SetLastError

  LoadLibraryA

  FreeLibrary

  FindResourceA

  LoadResource

  LockResource

  GetVersion

  lstrcatA

  GetCurrentThreadId

  GlobalGetAtomNameA

  lstrcmpiA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcpyA

  GetModuleHandleA

  GetProcAddress

  FormatMessageA

  LocalFree

  MultiByteToWideChar

  WideCharToMultiByte

  lstrlenA

  lstrcpynA

  WritePrivateProfileStringA

  SetThreadPriority

  ResumeThread

  GetCurrentDirectoryA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  InterlockedIncrement

  InterlockedDecrement

  GlobalLock

  GlobalUnlock

  CreateThread

  GetSystemInfo

  PostQueuedCompletionStatus

  TerminateThread

  WaitForSingleObject

  CloseHandle

  DeleteCriticalSection

  InitializeCriticalSection

  GetLastError

  GlobalAlloc

  CreateIoCompletionPort

  GetQueuedCompletionStatus

  GlobalFree

  EnterCriticalSection

  FreeEnvironmentStringsA

  LeaveCriticalSection

  user32

  LoadBitmapA

  GetMenuState

  SetMenuItemBitmaps

  CheckMenuItem

  EnableMenuItem

  GetNextDlgTabItem

  IsWindowEnabled

  ShowWindow

  MoveWindow

  SetWindowTextA

  IsDialogMessageA

  UpdateWindow

  SendDlgItemMessageA

  MapWindowPoints

  GetSysColor

  PeekMessageA

  DispatchMessageA

  GetFocus

  SetActiveWindow

  IsWindow

  SetFocus

  AdjustWindowRectEx

  ScreenToClient

  GetTopWindow

  MessageBoxA

  IsChild

  GetParent

  GetCapture

  WinHelpA

  GetClassInfoA

  RegisterClassA

  GetMenuItemCount

  GetMenuItemID

  GetMenuCheckMarkDimensions

  GetDlgItem

  GetWindowTextLengthA

  GetWindowTextA

  GetDlgCtrlID

  DestroyWindow

  MessageBeep

  SetWindowsHookExA

  CallNextHookEx

  GetClassLongA

  SetPropA

  UnhookWindowsHookEx

  GetPropA

  CallWindowProcA

  RemovePropA

  DefWindowProcA

  GetMessageTime

  GetMessagePos

  GetLastActivePopup

  GetForegroundWindow

  GetWindow

  GetWindowLongA

  SetWindowPos

  RegisterWindowMessageA

  OffsetRect

  IntersectRect

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  UnregisterClassA

  HideCaret

  ShowCaret

  ExcludeUpdateRgn

  DrawFocusRect

  SystemParametersInfoA

  GetWindowPlacement

  CopyRect

  GetDC

  ReleaseDC

  GetMenu

  ModifyMenuA

  SetTimer

  SetForegroundWindow

  IsIconic

  GetSystemMetrics

  DrawIcon

  KillTimer

  IsWindowVisible

  LoadIconA

  wsprintfA

  PostMessageA

  PostThreadMessageA

  TrackPopupMenu

  EnableWindow

  GetWindowRect

  GetClientRect

  LoadMenuA

  GetSubMenu

  GetCursorPos

  GetKeyState

  SendMessageA

  IsClipboardFormatAvailable

  GetClipboardData

  InvalidateRect

  DefDlgProcA

  IsWindowUnicode

  OpenClipboard

  GetNextDlgGroupItem

  SetRect

  CopyAcceleratorTableA

  CharNextA

  CharUpperA

  GetSysColorBrush

  LoadCursorA

  GetDesktopWindow

  PtInRect

  GetClassNameA

  InflateRect

  LoadStringA

  MapDialogRect

  SetWindowContextHelpId

  GetMessageA

  TranslateMessage

  ValidateRect

  SetCursor

  PostQuitMessage

  wvsprintfA

  EndDialog

  GetActiveWindow

  CreateDialogIndirectParamA

  DestroyMenu

  DrawTextA

  TabbedTextOutA

  SetWindowLongA

  RegisterClipboardFormatA

  EndPaint

  BeginPaint

  GetWindowDC

  CreateWindowExA

  ClientToScreen

  GrayStringA

  gdi32

  IntersectClipRect

  DeleteObject

  ScaleWindowExtEx

  GetViewportExtEx

  GetWindowExtEx

  CreateSolidBrush

  PtVisible

  RectVisible

  TextOutA

  ExtTextOutA

  Escape

  GetMapMode

  DPtoLP

  GetTextColor

  GetBkColor

  LPtoDP

  SetWindowExtEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SetMapMode

  SetBkMode

  GetStockObject

  SelectObject

  RestoreDC

  SaveDC

  DeleteDC

  CreateBitmap

  GetObjectA

  SetBkColor

  SetTextColor

  GetClipBox

  PatBlt

  GetDeviceCaps

  CreateDIBitmap

  GetTextExtentPointA

  BitBlt

  CreateCompatibleDC

  CreateFontA

  comdlg32

  GetFileTitleA

  GetOpenFileNameA

  GetSaveFileNameA

  winspool.drv

  DocumentPropertiesA

  OpenPrinterA

  ClosePrinter

  advapi32

  CryptDestroyHash

  CryptGetHashParam

  CryptHashData

  CryptCreateHash

  CryptAcquireContextA

  RegCloseKey

  CryptReleaseContext

  RegSetValueExA

  RegOpenKeyExA

  RegCreateKeyExA

  shell32

  Shell_NotifyIconA

  comctl32

  ImageList_Destroy

  ord17

  oledlg

  ord8

  ole32

  CoTaskMemFree

  CoTaskMemAlloc

  OleInitialize

  OleUninitialize

  CoFreeUnusedLibraries

  CreateILockBytesOnHGlobal

  CoRegisterMessageFilter

  CoRevokeClassObject

  CLSIDFromString

  CLSIDFromProgID

  StgCreateDocfileOnILockBytes

  StgOpenStorageOnILockBytes

  OleFlushClipboard

  OleIsCurrentClipboard

  CoGetClassObject

  olepro32

  ord253

  oleaut32

  VariantCopy

  VariantClear

  SysAllocStringLen

  SysFreeString

  VariantChangeType

  SysAllocString

  SysAllocStringByteLen

  SysStringLen

  VariantTimeToSystemTime

  ws2_32

  ntohl

  recvfrom

  inet_addr

  WSAStartup

  WSAGetLastError

  gethostname

  gethostbyname

  inet_ntoa

  WSASocketA

  htonl

  htons

  bind

  listen

  WSACleanup

  shutdown

  WSASend

  WSAAccept

  setsockopt

  WSAIoctl

  getpeername

  closesocket

  WSARecv

  Sections

  .text

  Size: 192KB - Virtual size: 188KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 48KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 84KB - Virtual size: 81KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ