General

Malware Config

Signatures

Files

• 4e6bccd94552190533e28058092b989e

  .exe windows:6 windows x86 arch:x86

  b29ae267f5b16be88167085dab75c353

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ntdll

  NtQueryDefaultLocale

  RtlCaptureContext

  RtlUnwind

  kernel32

  SetLastError

  GetModuleFileNameW

  GetLastError

  GetProcessHeap

  HeapFree

  CreateFileW

  Sleep

  AddVectoredExceptionHandler

  SetThreadStackGuarantee

  HeapAlloc

  HeapReAlloc

  GetVolumePathNameW

  GetDiskFreeSpaceW

  GetModuleHandleA

  GetProcAddress

  TlsGetValue

  TlsSetValue

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  AcquireSRWLockShared

  ReleaseSRWLockShared

  GetEnvironmentVariableW

  CloseHandle

  GetConsoleMode

  WriteFile

  WriteConsoleW

  GetCurrentDirectoryW

  GetCurrentThread

  ReleaseMutex

  WaitForSingleObjectEx

  LoadLibraryA

  CreateMutexA

  TlsAlloc

  GetModuleHandleW

  FormatMessageW

  InitializeCriticalSection

  TryEnterCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetHandleInformation

  ExitProcess

  QueryPerformanceCounter

  QueryPerformanceFrequency

  GetSystemTimeAsFileTime

  CreateThread

  GetCurrentProcess

  VirtualAlloc

  GetSystemInfo

  GetVolumeInformationA

  GetStdHandle

  DecodePointer

  SetFilePointerEx

  LCMapStringW

  CompareStringW

  HeapSize

  GetStringTypeW

  GetFileType

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  WideCharToMultiByte

  MultiByteToWideChar

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  GetCommandLineW

  GetConsoleCP

  FlushFileBuffers

  GetCurrentProcessId

  GetCurrentThreadId

  InitializeSListHead

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  TerminateProcess

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsFree

  FreeLibrary

  LoadLibraryExW

  RaiseException

  GetModuleHandleExW

  GetCommandLineA

  advapi32

  RegQueryValueExW

  RegOpenKeyExW

  GetUserNameW

  GetTokenInformation

  OpenProcessToken

  GetCurrentHwProfileW

  SystemFunction036

  bcrypt

  BCryptGenRandom

  netapi32

  NetWkstaGetInfo

  user32

  GetSystemMetrics

  ws2_32

  getsockname

  accept

  ioctlsocket

  WSASend

  send

  WSARecv

  recv

  listen

  WSASocketW

  freeaddrinfo

  getaddrinfo

  WSACleanup

  WSAStartup

  WSAGetLastError

  bind

  closesocket

  getpeername

  select

  connect

  setsockopt

  getsockopt

  gethostname

  Sections

  .text

  Size: 602KB - Virtual size: 602KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 580KB - Virtual size: 579KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ