General

Malware Config

Signatures

Files

• 50516ba042ed1aaae22e56c6507c2bfb

  .exe windows:5 windows x86 arch:x86

  04671cdeaa0d966282030b0f15f4d956

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msi

  ord173

  kernel32

  FindNextFileW

  RemoveDirectoryW

  GetLastError

  CreateDirectoryW

  GetFileSize

  ReadFile

  ExpandEnvironmentStringsW

  WriteFile

  GetEnvironmentVariableW

  MultiByteToWideChar

  WideCharToMultiByte

  MulDiv

  GetModuleHandleW

  GetCurrentProcess

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  GetCurrentProcessId

  GetCurrentThreadId

  OutputDebugStringW

  GetLocalTime

  GetModuleFileNameW

  FlushFileBuffers

  lstrcmpiW

  LoadLibraryExW

  InitializeCriticalSectionAndSpinCount

  InterlockedDecrement

  InterlockedIncrement

  SetThreadLocale

  GetSystemDefaultLCID

  DecodePointer

  lstrlenW

  GetPrivateProfileStringW

  GetPrivateProfileSectionNamesW

  WritePrivateProfileStringW

  GetExitCodeThread

  CreateThread

  WaitForSingleObject

  OpenProcess

  GetExitCodeProcess

  Sleep

  CreateProcessW

  GetCommandLineW

  CreateEventW

  SetEvent

  GlobalMemoryStatus

  DeleteFileW

  SetCurrentDirectoryW

  GetTimeFormatW

  GetDateFormatW

  GetUserDefaultLangID

  GetVersionExW

  CompareStringW

  IsValidCodePage

  FindNextFileA

  FindFirstFileExA

  LCMapStringW

  GetStringTypeW

  GetFileType

  GetACP

  GetStdHandle

  GetModuleFileNameA

  GetModuleHandleExW

  ExitProcess

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  RtlUnwind

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  GetStartupInfoW

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  WaitForSingleObjectEx

  ResetEvent

  VirtualFree

  VirtualAlloc

  GetOEMCP

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  IsDebuggerPresent

  LoadLibraryExA

  VirtualQuery

  VirtualProtect

  GetSystemInfo

  GetCPInfo

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetLastError

  GetFullPathNameW

  FindFirstFileW

  FindClose

  RaiseException

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  CloseHandle

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  CreateFileW

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  SetEnvironmentVariableW

  WriteConsoleW

  user32

  GetDlgCtrlID

  GetCursorPos

  ScreenToClient

  PtInRect

  SetRectEmpty

  ReleaseCapture

  GetCapture

  SetCapture

  SetFocus

  TrackMouseEvent

  SetCursor

  DrawFocusRect

  GetFocus

  SystemParametersInfoW

  GetWindowTextLengthW

  GetWindowTextW

  DrawTextW

  OffsetRect

  GetSysColor

  IsWindowEnabled

  FillRect

  MessageBoxW

  GetClassNameW

  EnableWindow

  DialogBoxParamW

  DispatchMessageW

  TranslateMessage

  UpdateWindow

  PeekMessageW

  GetActiveWindow

  GetMessageW

  RegisterWindowMessageW

  PostThreadMessageW

  EndPaint

  LoadCursorW

  GetClassInfoExW

  RegisterClassExW

  CallWindowProcW

  GetSystemMetrics

  InvalidateRect

  RedrawWindow

  IsWindowVisible

  ShowWindow

  EndDialog

  CreateWindowExW

  IsWindow

  SendMessageW

  SetWindowLongW

  GetWindow

  GetWindowLongW

  MonitorFromWindow

  GetMonitorInfoW

  GetWindowRect

  GetParent

  MapWindowPoints

  SetWindowPos

  SetWindowTextW

  GetDlgItem

  UnregisterClassW

  DestroyWindow

  DefWindowProcW

  CharNextW

  ReleaseDC

  GetClientRect

  GetDC

  LoadStringW

  BeginPaint

  gdi32

  CreateCompatibleBitmap

  DeleteDC

  CreateCompatibleDC

  SelectObject

  BitBlt

  GetObjectW

  CreateFontIndirectW

  GetStockObject

  SetTextColor

  SetBkMode

  DeleteObject

  advapi32

  RegCloseKey

  CryptDecrypt

  CryptGetHashParam

  CryptReleaseContext

  CryptCreateHash

  CryptDeriveKey

  CryptDestroyKey

  CryptHashData

  CryptDestroyHash

  CryptAcquireContextW

  RegCreateKeyExW

  RegOpenKeyExW

  RegDeleteValueW

  RegQueryValueExW

  RegSetValueExW

  RegQueryInfoKeyW

  RegDeleteKeyW

  RegEnumKeyExW

  shell32

  ShellExecuteW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  ole32

  CoTaskMemAlloc

  CoCreateInstance

  CoTaskMemRealloc

  CoTaskMemFree

  oleaut32

  VarUI4FromStr

  Sections

  .text

  Size: 224KB - Virtual size: 223KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 59KB - Virtual size: 58KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 486KB - Virtual size: 485KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE