General

Malware Config

Signatures

Files

• 82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550

  .zip
• __MACOSX/._builder.exe
• __MACOSX/._d_esxi.out
• __MACOSX/._d_nas_arm.out
• __MACOSX/._d_nas_x86.out
• __MACOSX/._d_win.bin
• __MACOSX/._e_esxi.out
• __MACOSX/._e_nas_arm.out
• __MACOSX/._e_nas_x86.out
• __MACOSX/._e_win.bin
• __MACOSX/._note.txt
• builder.exe

  .exe windows:6 windows x86 arch:x86

  d3b5af96763bcd3d7a96fdb6495c42f3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileA

  lstrcpyA

  CloseHandle

  lstrcatA

  ExitProcess

  CreateDirectoryA

  WriteConsoleW

  WriteFile

  GetFileSize

  ReadFile

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  GetModuleHandleW

  RtlUnwind

  GetLastError

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  RaiseException

  GetStdHandle

  GetModuleFileNameW

  GetModuleHandleExW

  GetCommandLineA

  GetCommandLineW

  HeapAlloc

  HeapFree

  CompareStringW

  LCMapStringW

  GetFileType

  WaitForSingleObject

  GetExitCodeProcess

  CreateProcessW

  GetFileAttributesExW

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  MultiByteToWideChar

  WideCharToMultiByte

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  SetStdHandle

  GetStringTypeW

  GetProcessHeap

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  GetFileSizeEx

  SetFilePointerEx

  HeapSize

  HeapReAlloc

  CreateFileW

  DecodePointer

  advapi32

  CryptGenRandom

  CryptAcquireContextW

  Sections

  .text

  Size: 86KB - Virtual size: 86KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 26KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• d_esxi.out

  .elf linux x64
• d_nas_arm.out

  .elf linux arm
• d_nas_x86.out

  .elf linux x86
• d_win.bin

  .exe windows:6 windows x86 arch:x86

  8ea7bca7b3cebabb79daebcc58679319

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCommandLineW

  CreateFileW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetDriveTypeW

  GetFileSizeEx

  GetLogicalDrives

  ReadFile

  SetEndOfFile

  SetFilePointerEx

  WriteFile

  CloseHandle

  CreateMutexA

  WaitForMultipleObjects

  ExitProcess

  CreateThread

  ExitThread

  SetProcessShutdownParameters

  GetSystemInfo

  lstrcmpW

  lstrcmpiW

  lstrcpyW

  lstrcatW

  lstrlenW

  OpenMutexA

  MoveFileExW

  HeapAlloc

  HeapFree

  GetProcessHeap

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  ReleaseSemaphore

  WaitForSingleObject

  CreateSemaphoreA

  TerminateProcess

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsProcessorFeaturePresent

  user32

  MessageBoxA

  MessageBoxW

  shell32

  SHEmptyRecycleBinA

  CommandLineToArgvW

  netapi32

  NetShareEnum

  NetApiBufferFree

  mpr

  WNetCloseEnum

  WNetEnumResourceW

  WNetOpenEnumW

  WNetGetConnectionW

  Sections

  .text

  Size: 64KB - Virtual size: 63KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 640B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• e_esxi.out

  .elf linux x64
• e_nas_arm.out

  .elf linux arm
• e_nas_x86.out

  .elf linux x86
• e_win.bin

  .exe windows:6 windows x86 arch:x86

  202fa14f574c71c2f95878e40a79322d

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  OpenProcess

  GetTickCount

  GetModuleHandleA

  GetProcAddress

  LoadLibraryA

  lstrcmpW

  lstrlenW

  SetVolumeMountPointW

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  CreateFileW

  WriteFile

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  lstrlenA

  GetCommandLineW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileSizeEx

  GetCurrentProcess

  ReadFile

  SetFileAttributesW

  SetFilePointerEx

  WaitForSingleObject

  CreateMutexA

  WaitForMultipleObjects

  GetCurrentProcessId

  ExitProcess

  CreateThread

  ExitThread

  SetProcessShutdownParameters

  GetSystemInfo

  lstrcmpiW

  lstrcpyW

  lstrcatW

  OpenMutexA

  MoveFileExW

  WideCharToMultiByte

  HeapAlloc

  HeapFree

  GetProcessHeap

  ReleaseSemaphore

  CreateSemaphoreA

  TerminateProcess

  Sleep

  GetLastError

  CloseHandle

  GetVolumePathNamesForVolumeNameW

  GetDriveTypeW

  FindVolumeClose

  FindNextVolumeW

  GetLogicalDrives

  FindFirstVolumeW

  user32

  wsprintfA

  advapi32

  QueryServiceStatusEx

  OpenSCManagerA

  EnumDependentServicesA

  ControlService

  CloseServiceHandle

  CryptAcquireContextW

  CryptReleaseContext

  CryptGenRandom

  OpenServiceA

  shell32

  SHEmptyRecycleBinA

  CommandLineToArgvW

  ShellExecuteW

  netapi32

  NetShareEnum

  NetApiBufferFree

  rstrtmgr

  RmGetList

  RmStartSession

  RmEndSession

  RmRegisterResources

  mpr

  WNetCloseEnum

  WNetEnumResourceW

  WNetOpenEnumW

  WNetGetConnectionW

  Sections

  .text

  Size: 73KB - Virtual size: 72KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 616B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .CRT

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• note.txt