General

Malware Config

Signatures

Files

• 2df0757fe9ed335f84bf461511bc8a5011918bccc12c1abf7dcd3fae8c70f1ef

  .exe windows:6 windows x86 arch:x86

  6ec3cbfff81ce9640c4ea33136be589a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  atkex

  ord3

  ord2

  winmm

  timeGetTime

  kernel32

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  GetStdHandle

  GetConsoleMode

  WriteConsoleA

  GetConsoleScreenBufferInfo

  SetConsoleTextAttribute

  WriteConsoleW

  GetFileAttributesA

  GetCurrentProcessId

  GetCurrentThreadId

  GetDynamicTimeZoneInformation

  DecodePointer

  RaiseException

  InitializeCriticalSectionEx

  GetModuleHandleW

  LoadLibraryExW

  LoadResource

  SizeofResource

  FindResourceW

  lstrcmpiW

  DeleteFileA

  SetFileAttributesA

  SetEvent

  ReleaseMutex

  WaitForSingleObject

  CreateMutexW

  CreateEventW

  OpenEventW

  LoadLibraryA

  SetDllDirectoryW

  GetCommandLineW

  DeleteFileW

  CreateThread

  lstrcpyW

  GetCurrentProcess

  GetCurrentThread

  GetSystemInfo

  GetNativeSystemInfo

  SetThreadAffinityMask

  SetThreadPriority

  GetExitCodeThread

  SuspendThread

  ResumeThread

  GetFileAttributesW

  GetFileAttributesExW

  LocalFree

  CreateDirectoryW

  ResetEvent

  K32EnumDeviceDrivers

  K32GetDeviceDriverBaseNameW

  ReadConsoleW

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  HeapReAlloc

  HeapSize

  GetTimeZoneInformation

  EnumSystemLocalesW

  GetLastError

  CloseHandle

  WriteFile

  ReadFile

  FlushFileBuffers

  CreateFileW

  CreateFileA

  WritePrivateProfileStringW

  WritePrivateProfileStringA

  GetPrivateProfileStringW

  GetPrivateProfileStringA

  GetPrivateProfileIntW

  GetModuleFileNameA

  GetModuleHandleA

  OutputDebugStringW

  OutputDebugStringA

  WideCharToMultiByte

  MultiByteToWideChar

  GetModuleFileNameW

  FreeLibrary

  GetTickCount

  LoadLibraryW

  GetProcAddress

  Sleep

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetFileSizeEx

  GetConsoleCP

  HeapAlloc

  HeapFree

  ExitProcess

  MoveFileExW

  RemoveDirectoryW

  SetEnvironmentVariableW

  GetModuleHandleExW

  ExitThread

  GetFileType

  SetStdHandle

  RtlUnwind

  UnregisterWaitEx

  QueryDepthSList

  InterlockedFlushSList

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  ReleaseSemaphore

  VirtualFree

  VirtualProtect

  VirtualAlloc

  GetVersionExW

  FreeLibraryAndExitThread

  GetThreadTimes

  UnregisterWait

  RegisterWaitForSingleObject

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  GetLogicalProcessorInformation

  DuplicateHandle

  WaitForSingleObjectEx

  SwitchToThread

  QueryPerformanceCounter

  TryEnterCriticalSection

  FormatMessageW

  FindClose

  FindFirstFileExW

  FindNextFileW

  SetEndOfFile

  SetFilePointerEx

  SetLastError

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  EncodePointer

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  InitializeSListHead

  CreateTimerQueue

  SignalObjectAndWait

  GetThreadPriority

  user32

  GetMessageW

  TranslateMessage

  wsprintfW

  PostThreadMessageW

  CharUpperW

  MessageBoxW

  LoadStringW

  CharNextW

  DispatchMessageW

  MessageBoxA

  advapi32

  GetNamedSecurityInfoW

  RegCreateKeyExW

  RegDeleteKeyW

  QueryServiceStatus

  RegOpenKeyExA

  RegNotifyChangeKeyValue

  BuildTrusteeWithSidW

  SetNamedSecurityInfoW

  RegDeleteValueW

  GetAce

  FreeSid

  EqualSid

  DeleteAce

  AllocateAndInitializeSid

  StartServiceW

  StartServiceCtrlDispatcherW

  SetServiceStatus

  RegisterServiceCtrlHandlerW

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CreateServiceW

  ControlService

  CloseServiceHandle

  ChangeServiceConfig2W

  ChangeServiceConfigW

  RegQueryValueExW

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegSetValueExW

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegEnumKeyExW

  RegCloseKey

  shell32

  SHGetFolderPathAndSubDirW

  ole32

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CoUninitialize

  CoInitializeEx

  CoRegisterClassObject

  CoAddRefServerProcess

  CoReleaseServerProcess

  CoInitializeSecurity

  StringFromGUID2

  CoResumeClassObjects

  CoRevokeClassObject

  oleaut32

  SysAllocString

  SysFreeString

  SysStringByteLen

  SysAllocStringByteLen

  SysAllocStringLen

  UnRegisterTypeLi

  RegisterTypeLi

  LoadRegTypeLi

  LoadTypeLi

  VarUI4FromStr

  VariantCopy

  VariantClear

  VariantInit

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayCreate

  SysStringLen

  shlwapi

  PathIsDirectoryW

  PathFileExistsW

  ord217

  Sections

  .text

  Size: 572KB - Virtual size: 572KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 142KB - Virtual size: 141KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 23KB - Virtual size: 93KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 101KB - Virtual size: 101KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 600KB - Virtual size: 604KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE