General

Malware Config

Signatures

Files

• 481f90a1533223b37513642e6d63bb09

  .exe windows:4 windows x86 arch:x86

  3c2a8160e4fdaa88b1e9f98d484953bd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  BeginPaint

  GetWindowDC

  FlashWindow

  GetOpenClipboardWindow

  GetKBCodePage

  CharLowerBuffW

  InsertMenuW

  ModifyMenuW

  InsertMenuA

  DdeDisconnectList

  DefMDIChildProcA

  DrawMenuBar

  SendMessageTimeoutA

  ToUnicodeEx

  CopyAcceleratorTableA

  SetLastErrorEx

  IsDialogMessageA

  GetScrollPos

  IsDlgButtonChecked

  CreateAcceleratorTableA

  SetClipboardData

  EndDeferWindowPos

  ChangeMenuW

  GetWindowTextW

  DefWindowProcW

  EnumDesktopsW

  EnumPropsA

  DdeImpersonateClient

  DlgDirSelectExA

  LoadIconW

  GetMenuCheckMarkDimensions

  WinHelpW

  IsCharAlphaNumericW

  ValidateRgn

  FindWindowExW

  LoadIconA

  SetWindowsHookExW

  SetClassLongW

  GetSystemMenu

  LoadKeyboardLayoutA

  GetIconInfo

  DdeSetUserHandle

  GetWindowLongW

  OemToCharBuffW

  SwapMouseButton

  DrawIconEx

  SetSystemCursor

  SetMenuInfo

  GetKeyboardState

  GetLastActivePopup

  LoadMenuIndirectW

  InSendMessageEx

  EqualRect

  BroadcastSystemMessageA

  GetMenuStringA

  GetTopWindow

  UnionRect

  CascadeChildWindows

  GetKeyState

  SetWindowsHookExA

  RegisterClipboardFormatW

  EnableWindow

  GetClipboardData

  GetTabbedTextExtentW

  MenuItemFromPoint

  MonitorFromWindow

  LoadStringW

  SetUserObjectInformationW

  OemToCharW

  IsCharUpperW

  GetCapture

  GetMonitorInfoW

  GetClipCursor

  GetUserObjectSecurity

  DdeInitializeW

  SetCursorPos

  ChangeClipboardChain

  HideCaret

  CreateDialogParamW

  SetActiveWindow

  SendMessageTimeoutW

  GetDialogBaseUnits

  CopyIcon

  LoadBitmapA

  advapi32

  RevertToSelf

  GetAccessPermissionsForObjectW

  CryptContextAddRef

  CryptGenRandom

  CryptGetUserKey

  UnlockServiceDatabase

  AddAuditAccessAce

  CryptDuplicateKey

  RegQueryMultipleValuesW

  CryptDuplicateHash

  SetEntriesInAclW

  DeregisterEventSource

  QueryServiceLockStatusA

  RegQueryValueExW

  GetSecurityInfoExA

  GetSecurityDescriptorGroup

  QueryServiceConfigW

  ImpersonateNamedPipeClient

  StartServiceW

  SetSecurityInfo

  GetTokenInformation

  InitializeSecurityDescriptor

  GetAuditedPermissionsFromAclA

  ChangeServiceConfigA

  AddAce

  AbortSystemShutdownW

  BuildImpersonateTrusteeW

  RegEnumKeyW

  AccessCheckAndAuditAlarmA

  ReportEventA

  ConvertSecurityDescriptorToAccessW

  OpenServiceW

  CryptDeriveKey

  NotifyChangeEventLog

  FreeSid

  SetSecurityDescriptorOwner

  RegCloseKey

  RegCreateKeyA

  ConvertSecurityDescriptorToAccessNamedA

  GetTrusteeTypeA

  CryptImportKey

  LookupPrivilegeValueW

  GetUserNameW

  GetMultipleTrusteeOperationW

  AdjustTokenPrivileges

  TrusteeAccessToObjectA

  ObjectDeleteAuditAlarmW

  ClearEventLogW

  GetEffectiveRightsFromAclA

  EqualPrefixSid

  GetCurrentHwProfileA

  RegisterEventSourceA

  InitiateSystemShutdownA

  SetServiceStatus

  ObjectCloseAuditAlarmW

  AbortSystemShutdownA

  ReportEventW

  RegisterServiceCtrlHandlerA

  GetPrivateObjectSecurity

  ClearEventLogA

  CryptReleaseContext

  GetAclInformation

  EnumServicesStatusA

  RegConnectRegistryW

  RegUnLoadKeyA

  CryptVerifySignatureA

  GetAuditedPermissionsFromAclW

  GetSidIdentifierAuthority

  InitializeAcl

  ImpersonateSelf

  RegSetValueA

  AccessCheckAndAuditAlarmW

  SetKernelObjectSecurity

  RegDeleteKeyW

  RegDeleteValueW

  OpenProcessToken

  RegEnumKeyExW

  shlwapi

  PathFileExistsA

  PathStripPathW

  PathIsUNCServerW

  SHStrDupA

  PathRemoveArgsA

  SHRegQueryUSValueA

  PathParseIconLocationW

  IntlStrEqWorkerA

  StrStrIA

  SHOpenRegStream2W

  PathCombineW

  StrRChrA

  SHQueryInfoKeyA

  AssocQueryStringByKeyA

  PathSkipRootA

  StrFormatKBSizeW

  PathGetArgsW

  PathIsUNCServerA

  StrDupA

  StrCSpnA

  ColorAdjustLuma

  PathFileExistsW

  UrlIsOpaqueA

  PathGetArgsA

  StrStrW

  PathMakePrettyA

  PathMakeSystemFolderW

  StrCSpnW

  SHCreateStreamOnFileA

  SHRegQueryInfoUSKeyA

  PathIsURLW

  PathIsRelativeW

  StrRStrIW

  StrCmpIW

  StrCSpnIW

  StrFormatByteSizeW

  PathIsDirectoryEmptyA

  StrToIntExW

  PathFindExtensionW

  PathAppendW

  PathMakePrettyW

  wnsprintfW

  PathCombineA

  PathFindNextComponentW

  PathAppendA

  SHDeleteValueW

  PathUndecorateA

  HashData

  PathCanonicalizeA

  SHQueryValueExA

  PathCommonPrefixA

  PathIsFileSpecA

  UrlIsNoHistoryW

  PathCommonPrefixW

  UrlGetLocationA

  StrIsIntlEqualW

  UrlCreateFromPathW

  PathSetDlgItemPathW

  PathIsFileSpecW

  StrStrIW

  StrRetToStrW

  SHSkipJunction

  SHIsLowMemoryMachine

  PathRemoveExtensionW

  PathCompactPathExA

  SHSetValueA

  PathAddExtensionW

  PathFindOnPathW

  StrCatW

  PathCompactPathExW

  SHEnumValueW

  UrlGetLocationW

  ole32

  CoGetCallContext

  CoGetInstanceFromIStorage

  OleCreateLinkFromData

  CoRegisterMallocSpy

  CoRevokeMallocSpy

  CoRegisterClassObject

  IsEqualGUID

  SetConvertStg

  ReadClassStg

  CoInitializeEx

  OleCreateEx

  CoAddRefServerProcess

  OleSetMenuDescriptor

  CoFreeUnusedLibraries

  CreateDataAdviseHolder

  GetConvertStg

  BindMoniker

  CreateClassMoniker

  OleConvertIStorageToOLESTREAMEx

  CoQueryProxyBlanket

  OleCreateLinkFromDataEx

  CreateILockBytesOnHGlobal

  CoUninitialize

  OleRegGetMiscStatus

  GetHGlobalFromILockBytes

  OleCreateFromFile

  OleDuplicateData

  OleIsRunning

  OleCreateLinkEx

  PropVariantClear

  StgCreateStorageEx

  OleCreateEmbeddingHelper

  OleConvertOLESTREAMToIStorage

  CoSwitchCallContext

  OleCreateLinkToFileEx

  OleMetafilePictFromIconAndLabel

  PropVariantCopy

  CreateStreamOnHGlobal

  EnableHookObject

  OleSetContainedObject

  CoGetClassObject

  OleTranslateAccelerator

  CreateGenericComposite

  WriteFmtUserTypeStg

  CoFileTimeToDosDateTime

  CoMarshalInterThreadInterfaceInStream

  CoRevertToSelf

  UpdateDCOMSettings

  CreateObjrefMoniker

  OleCreateFromDataEx

  RevokeDragDrop

  CoFileTimeNow

  CoUnmarshalHresult

  OleNoteObjectVisible

  WriteStringStream

  ReadFmtUserTypeStg

  OleConvertIStorageToOLESTREAM

  GetHookInterface

  CoInitialize

  StgOpenStorageEx

  ReadOleStg

  ReleaseStgMedium

  UtConvertDvtd32toDvtd16

  CoQueryClientBlanket

  OleCreate

  OleQueryCreateFromData

  kernel32

  TlsSetValue

  GetConsoleCP

  PulseEvent

  WinExec

  VirtualProtect

  ResetWriteWatch

  FindNextFileW

  CancelIo

  EnumDateFormatsA

  VirtualAlloc

  GetCurrentThread

  WaitNamedPipeA

  HeapLock

  EnumCalendarInfoW

  SetLocalTime

  GetTimeFormatA

  lstrcmp

  lstrcmpW

  SetCalendarInfoW

  SetLocaleInfoA

  Heap32First

  CreateWaitableTimerA

  WritePrivateProfileStructW

  ReadFile

  TlsGetValue

  lstrcat

  SetSystemPowerState

  GetCPInfo

  GetTimeZoneInformation

  WriteProfileStringW

  SetVolumeLabelA

  BackupSeek

  ReadFileEx

  VerLanguageNameA

  FillConsoleOutputCharacterW

  GetVersionExW

  GetProfileIntA

  GetCalendarInfoW

  GetPrivateProfileStringA

  GetFileType

  GetProcessShutdownParameters

  LocalLock

  SwitchToFiber

  WaitForSingleObject

  GetDiskFreeSpaceW

  GetExitCodeThread

  ReadConsoleOutputA

  GetProcessPriorityBoost

  OpenMutexW

  Thread32Next

  GetDiskFreeSpaceExA

  IsDBCSLeadByteEx

  EnumTimeFormatsW

  IsBadCodePtr

  CreateToolhelp32Snapshot

  lstrcpyn

  GetShortPathNameA

  SetVolumeLabelW

  VirtualFree

  ResumeThread

  GlobalFlags

  GetPrivateProfileIntW

  WriteProfileSectionA

  GetCurrentProcessId

  WriteConsoleOutputAttribute

  LocalCompact

  EnumResourceLanguagesA

  GetCPInfoExA

  EnumDateFormatsW

  VerLanguageNameW

  SetMessageWaitingIndicator

  EnumResourceTypesA

  LockFile

  FindAtomA

  GetShortPathNameW

  TransmitCommChar

  FoldStringW

  FormatMessageA

  FindResourceExW

  CreateMailslotW

  Sections

  .text

  Size: 63KB - Virtual size: 63KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE