General

Malware Config

Signatures

Files

• 74eb136b0b32c45c7bcd7f1d150bdc47

  .exe windows:4 windows x86 arch:x86

  6c4a5fa353f0df1949c4456e6374096e

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetStartupInfoA

  OpenProcess

  LoadLibraryA

  WideCharToMultiByte

  lstrcpyA

  InterlockedExchange

  lstrlenA

  GetPrivateProfileSectionNamesA

  lstrcatA

  DeleteFileA

  CreateDirectoryA

  RaiseException

  FreeLibrary

  GetModuleHandleA

  SetFilePointer

  GetVolumeInformationA

  FindClose

  LocalAlloc

  GetVersion

  DeviceIoControl

  MultiByteToWideChar

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  CloseHandle

  GetLastError

  WaitForSingleObject

  GlobalUnlock

  WriteFile

  GetModuleFileNameA

  GetProcAddress

  SetFileAttributesA

  GlobalAlloc

  GetFileAttributesA

  GlobalLock

  user32

  EnumWindows

  IsWindowVisible

  LoadIconA

  RegisterClassExA

  DefWindowProcA

  GetCursorPos

  GetCursorInfo

  GetDesktopWindow

  GetDC

  GetSystemMetrics

  GetClipboardData

  OpenClipboard

  CloseClipboard

  mouse_event

  WindowFromPoint

  MapVirtualKeyA

  SystemParametersInfoA

  LoadCursorA

  GetKeyState

  GetAsyncKeyState

  GetForegroundWindow

  GetWindowTextA

  ExitWindowsEx

  wsprintfA

  CharNextA

  EndDialog

  CreateDialogParamA

  PostMessageA

  ShowWindow

  SetWindowPos

  GetDlgItemTextA

  SetDlgItemTextA

  GetDlgItem

  SendMessageA

  CloseWindow

  CreateWindowExA

  GetMessageA

  OpenInputDesktop

  DispatchMessageA

  gdi32

  CreateDIBSection

  DeleteDC

  GetDIBits

  CreateCompatibleBitmap

  DeleteObject

  advapi32

  RegCreateKeyExA

  LsaClose

  RegOpenKeyA

  LsaOpenPolicy

  RegSetValueExA

  RegDeleteKeyA

  RegEnumValueA

  OpenProcessToken

  LookupPrivilegeValueA

  AdjustTokenPrivileges

  OpenEventLogA

  ClearEventLogA

  CloseEventLog

  RegQueryValueA

  RegOpenKeyExA

  RegCloseKey

  LsaFreeMemory

  IsValidSid

  oleaut32

  SysFreeString

  msvcrt

  strncpy

  strncmp

  atoi

  exit

  _errno

  wcscpy

  strncat

  sprintf

  vsprintf

  calloc

  __dllonexit

  _onexit

  _exit

  _XcptFilter

  _acmdln

  __getmainargs

  _initterm

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  __set_app_type

  _controlfp

  _strnicmp

  _strnset

  _strcmpi

  ??0exception@@QAE@ABV0@@Z

  strlen

  _CxxThrowException

  ??1exception@@UAE@XZ

  ??0exception@@QAE@ABQBD@Z

  memcpy

  _beginthreadex

  fopen

  fwrite

  ??2@YAPAXI@Z

  ??3@YAXPAX@Z

  __CxxFrameHandler

  memmove

  ceil

  _ftol

  strstr

  _purecall

  strchr

  malloc

  free

  _except_handler3

  strrchr

  fclose

  ??1type_info@@UAE@XZ

  winmm

  waveOutGetNumDevs

  waveOutOpen

  waveOutPrepareHeader

  waveInGetNumDevs

  waveInOpen

  waveInPrepareHeader

  waveInAddBuffer

  waveInStart

  waveOutWrite

  waveInStop

  waveInUnprepareHeader

  waveInClose

  waveOutReset

  waveOutUnprepareHeader

  waveOutClose

  waveInReset

  ws2_32

  getpeername

  accept

  listen

  sendto

  recvfrom

  __WSAFDIsSet

  gethostname

  bind

  getsockname

  inet_addr

  WSAStartup

  WSAIoctl

  inet_ntoa

  send

  select

  closesocket

  recv

  ntohs

  socket

  gethostbyname

  htons

  connect

  setsockopt

  WSACleanup

  netapi32

  NetUserAdd

  NetLocalGroupAddMembers

  wtsapi32

  WTSFreeMemory

  Sections

  .rodata

  Size: 12KB - Virtual size: 10KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 428KB - Virtual size: 889KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ