Astration_loaded[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Astration_loaded.zip
Size

2.0MB
MD5

3528d81bb5ff092d0a2b372e8b1ed3e5
SHA1

e2d7379712a670b6f412818318abdded9e8d63c0
SHA256

0c432483961ddff8b5038f0d32a0f924b08291965c8dbb3b0fc3a7d85b0e7776
SHA512

ff65f408b356d94e2f7895a968c761ce0dd56b7685e7911706e91db2884b2d8d1aee7859e84171b13b4fa9b7ea8af4ede4b7e0f5bc1a595c57b9cac65d898fb6
SSDEEP

49152:EaZpsYOIKsL1XsqfUibS1zR1Rrs96T8zQ:EaXM2L6qf9bMrsomQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/astration.exe
unpack001/astrationn.exe

Files

Astration_loaded.zip
.zip

Password: infected
astration.exe
.exe windows:5 windows x86 arch:x86

Password: infected

4d139fabc478a3aaef3357e80c776c11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegDeleteValueA
RegDeleteValueW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
FreeSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
ConvertSidToStringSidW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateLayeredWindow
UpdateWindow
UnregisterClassA
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
GetWindowRgnBox

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
lstrcmpA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetVolumeLabelW
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetUserDefaultLangID
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetSystemDefaultLCID
GetStdHandle
GetShortPathNameW
GetProcessTimes
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Beep
RtlUnwind
GetLongPathNameW
Sleep
ProcessIdToSessionId
GetUserDefaultUILanguage
VerSetConditionMask
VerifyVersionInfoW
GetLongPathNameW

msimg32

TransparentBlt
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
OffsetViewportOrgEx
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

mpr

WNetGetConnectionW

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
listen
ioctlsocket
inet_addr
htons
getsockname
connect
closesocket
bind
accept

shell32

ShellExecuteExA
ShellExecuteA
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
ImageList_GetIconSize

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

madTraceProcess

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 292KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 592B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
astrationn.exe
.exe windows:5 windows x64 arch:x64

Password: infected

de361320741c3eefff5c87665ab4f6f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

SetForegroundWindow
MessageBoxA
ExitWindowsEx
EnumWindows
IsIconic
ShowWindow
MessageBoxW
GetLastActivePopup
IsWindowVisible
GetWindowThreadProcessId
MonitorFromPoint

advapi32

AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
GetHGlobalFromStream
CoUninitialize

kernel32

GetStringTypeW
GetStringTypeA
HeapReAlloc
QueryPerformanceCounter
GetTimeZoneInformation
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
SetStdHandle
CompareStringA
CompareStringW
GetLocaleInfoW
SetEndOfFile
GetLocaleInfoA
SetCurrentDirectoryA
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetLastError
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetProcAddress
LoadLibraryA
GetUserDefaultLCID
CloseHandle
CreateFileA
CreateDirectoryA
FlushFileBuffers
WriteConsoleW
GetFileType
GetStdHandle
GetLongPathNameW
ExitProcess
RemoveDirectoryA
MultiByteToWideChar
AreFileApisANSI
FindClose
FindFirstFileA
FindFirstFileW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
SetHandleInformation
CreatePipe
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GetCurrentProcessId
GetLongPathNameA
FoldStringW
GetWindowsDirectoryA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetTempPathW
GetTempPathA
GetTempFileNameA
GetFullPathNameW
GetFullPathNameA
FindNextFileA
DeleteFileA
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetExitCodeThread
WaitForSingleObject
CreateThread
GetConsoleOutputCP
SetEnvironmentVariableA
GetProcessHeap
GetCurrentDirectoryA
GetVersionExA
CreateProcessA
SearchPathA
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
GetMailslotInfo
CreateMailslotA
GetCommandLineW
CreateSemaphoreA
LocalFree
GetCurrentProcess
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalUnlock
GlobalSize
GlobalLock
GetTickCount
AllocConsole
GetModuleHandleA
LoadLibraryExA
SetEnvironmentVariableW
SetCurrentDirectoryW
WideCharToMultiByte
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CreateDirectoryW
RemoveDirectoryW
HeapAlloc
HeapFree
DebugBreak
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
GetModuleHandleW
GetConsoleCP
GetConsoleMode
SetHandleCount

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4d139fabc478a3aaef3357e80c776c11

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

mpr

wsock32

shell32

ole32

comctl32

comdlg32

winspool.drv

wtsapi32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.itext Size: 20KB - Virtual size: 19KB

.data Size: 133KB - Virtual size: 133KB

.bss Size: - Virtual size: 292KB

.idata Size: 20KB - Virtual size: 19KB

.edata Size: 512B - Virtual size: 75B

.tls Size: - Virtual size: 592B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 152KB - Virtual size: 151KB

.rsrc Size: 706KB - Virtual size: 706KB

Password: infected

de361320741c3eefff5c87665ab4f6f4

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

kernel32

Sections

.text Size: 243KB - Virtual size: 243KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 10KB - Virtual size: 71KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.itext
Size: 20KB - Virtual size: 19KB

.data
Size: 133KB - Virtual size: 133KB

.bss
Size: - Virtual size: 292KB

.idata
Size: 20KB - Virtual size: 19KB

.edata
Size: 512B - Virtual size: 75B

.tls
Size: - Virtual size: 592B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 706KB - Virtual size: 706KB

.text
Size: 243KB - Virtual size: 243KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 10KB - Virtual size: 71KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 2KB - Virtual size: 2KB