General

Malware Config

Signatures

Files

• IBM IT SA.zip

  .zip
• IBM IT SA/AmazonVNC.exe

  .exe windows:6 windows x64 arch:x64

  1d36798a6353ce68d5626d313a04d1c5

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  comctl32

  InitCommonControlsEx

  ImageList_Destroy

  ImageList_Create

  ImageList_ReplaceIcon

  CreateToolbarEx

  kernel32

  LocalAlloc

  FreeResource

  LockResource

  LoadResource

  FindResourceW

  LocalFree

  SizeofResource

  GetModuleHandleW

  GetModuleHandleA

  GetProcAddress

  IsBadReadPtr

  CreateDirectoryW

  ReadFile

  WriteFile

  SetFileTime

  WideCharToMultiByte

  SystemTimeToFileTime

  GetCurrentDirectoryW

  CloseHandle

  LocalFileTimeToFileTime

  WriteConsoleW

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  MultiByteToWideChar

  HeapSize

  SetFilePointerEx

  GetFileSizeEx

  SetStdHandle

  GetProcessHeap

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  FindFirstFileExW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  HeapReAlloc

  GetFileType

  HeapFree

  HeapAlloc

  GetStdHandle

  GetModuleHandleExW

  ExitProcess

  LoadLibraryExW

  CreateFileW

  SetFilePointer

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  FindFirstFileW

  FindNextFileW

  RemoveDirectoryW

  SetErrorMode

  FindClose

  GetLogicalDriveStringsW

  DeleteFileW

  MoveFileW

  GetCurrentProcessId

  GetCurrentThreadId

  FormatMessageW

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  WaitForSingleObject

  Sleep

  CreateThread

  ResumeThread

  FileTimeToLocalFileTime

  GetLocalTime

  FileTimeToSystemTime

  GetDateFormatW

  GetTimeFormatW

  GetCurrentProcess

  GetLastError

  GetModuleFileNameW

  SetEvent

  CreateEventW

  TerminateProcess

  CreateProcessW

  GlobalAlloc

  GlobalUnlock

  GlobalLock

  GlobalFree

  GetCommandLineW

  FreeLibrary

  EncodePointer

  DecodePointer

  SetLastError

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  InitializeSListHead

  RtlUnwindEx

  RtlPcToFileHeader

  RaiseException

  user32

  GetDlgItem

  MessageBoxW

  GetCursorPos

  SetForegroundWindow

  RegisterWindowMessageW

  TrackPopupMenu

  SendMessageW

  SetClipboardViewer

  IsWindowVisible

  MapVirtualKeyW

  DestroyIcon

  GetWindowLongPtrW

  GetSystemMetrics

  CallWindowProcW

  PostMessageW

  GetWindowRect

  SetWindowPos

  MonitorFromWindow

  MessageBeep

  GetWindowTextW

  InvalidateRect

  SetWindowLongW

  SetWindowTextW

  GetWindowLongW

  DialogBoxParamW

  LoadIconW

  IsWindow

  SetClassLongPtrW

  EndDialog

  DestroyWindow

  CreateDialogParamW

  EnableMenuItem

  AppendMenuW

  CheckMenuItem

  DestroyMenu

  SetMenuDefaultItem

  CreatePopupMenu

  GetMenuItemCount

  InsertMenuItemW

  GetMenuItemID

  GetSystemMenu

  CreateWindowExW

  FillRect

  ShowScrollBar

  SetScrollInfo

  EndPaint

  BeginPaint

  GetClientRect

  ScreenToClient

  GetParent

  LoadBitmapW

  ReleaseDC

  GetDC

  ToUnicodeEx

  GetKeyboardLayout

  GetKeyState

  GetAsyncKeyState

  LoadAcceleratorsW

  OpenClipboard

  CloseClipboard

  SetClipboardData

  GetClipboardData

  EmptyClipboard

  GetPriorityClipboardFormat

  IsDialogMessageW

  SystemParametersInfoW

  SetWindowsHookExW

  UnhookWindowsHookEx

  CallNextHookEx

  GetWindowPlacement

  ShowWindow

  GetMonitorInfoW

  GetKeyboardLayoutNameW

  SetWindowPlacement

  SetFocus

  LoadCursorW

  KillTimer

  GetDesktopWindow

  IsIconic

  GetMessageW

  DefWindowProcW

  SetWindowLongPtrW

  UnregisterClassW

  GetActiveWindow

  DispatchMessageW

  SetTimer

  RegisterClassW

  TranslateAcceleratorW

  TranslateMessage

  GetSysColorBrush

  EnableWindow

  comdlg32

  GetSaveFileNameW

  ws2_32

  closesocket

  connect

  ioctlsocket

  getpeername

  getsockname

  listen

  bind

  select

  send

  WSAStartup

  shutdown

  socket

  htonl

  htons

  accept

  __WSAFDIsSet

  recv

  WSACleanup

  ntohl

  ntohs

  gethostbyname

  WSAGetLastError

  setsockopt

  gdi32

  DeleteObject

  SelectObject

  BitBlt

  CreateSolidBrush

  GetObjectW

  DeleteDC

  CreateCompatibleDC

  StretchBlt

  SetStretchBltMode

  CreateDIBSection

  GetCurrentObject

  GetDIBits

  advapi32

  RegEnumKeyW

  RegCloseKey

  RegCreateKeyW

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegSetValueExW

  RegOpenKeyW

  RegQueryValueExW

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteW

  CommandLineToArgvW

  Shell_NotifyIconW

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 679KB - Virtual size: 679KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 225KB - Virtual size: 225KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 31KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  _RDATA

  Size: 512B - Virtual size: 148B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 163KB - Virtual size: 162KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• IBM IT SA/readme.txt