General

Malware Config

Signatures

Files

• 1f9cf120796b3e008b0230d98d8fe7e2.bin

  .zip

  Password: infected

• f4488ed8da62e7e849070788bcf45eb70f4a2461333918b9b9087f8bbe8d2a22.exe

  .exe windows:5 windows x86 arch:x86

  Password: infected

  22f9f2606c25ef8bf6061b93336e819f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleExA

  HeapAlloc

  MoveFileExW

  OpenJobObjectA

  InterlockedDecrement

  SetDefaultCommConfigW

  CreateDirectoryW

  FreeEnvironmentStringsA

  GetTickCount

  CreateNamedPipeW

  GetConsoleAliasesLengthA

  TzSpecificLocalTimeToSystemTime

  GetSystemTimes

  LoadLibraryW

  GetLocaleInfoW

  GetAtomNameW

  CompareStringW

  FlushFileBuffers

  GetConsoleAliasesW

  GetStartupInfoA

  SetLastError

  GetProcAddress

  ResetEvent

  OpenWaitableTimerA

  LoadLibraryA

  GetProcessWorkingSetSize

  LocalAlloc

  DnsHostnameToComputerNameA

  SetCurrentDirectoryW

  EnumDateFormatsA

  FreeEnvironmentStringsW

  GetCurrentDirectoryA

  EndUpdateResourceA

  FileTimeToLocalFileTime

  GetVolumeInformationW

  EnumSystemLocalesA

  GetLocaleInfoA

  EncodePointer

  DecodePointer

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleHandleW

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  HeapCreate

  HeapDestroy

  Sleep

  HeapSize

  GetModuleFileNameA

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  GetCurrentThreadId

  GetLastError

  GetCurrentThread

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  FatalAppExitA

  EnterCriticalSection

  SetConsoleCtrlHandler

  FreeLibrary

  InterlockedExchange

  HeapReAlloc

  RtlUnwind

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapFree

  LCMapStringW

  MultiByteToWideChar

  GetStringTypeW

  IsProcessorFeaturePresent

  RaiseException

  GetUserDefaultLCID

  IsValidLocale

  user32

  GetClassLongW

  Sections

  .text

  Size: 137KB - Virtual size: 137KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .xasab

  Size: 512B - Virtual size: 124B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .xopo

  Size: 1024B - Virtual size: 1024B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ