General

Malware Config

Signatures

Files

• a25896d1cb9f9bc9297c670401b66d07

  .exe windows:6 windows x86 arch:x86

  d651c207a017d96cc7806b5aa2f5d037

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentDirectoryA

  GetTempPathA

  CloseHandle

  Sleep

  VirtualProtect

  WriteConsoleW

  SetFilePointerEx

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  CreateFileW

  GetStringTypeW

  EncodePointer

  DecodePointer

  GetLastError

  HeapFree

  HeapAlloc

  RaiseException

  RtlUnwind

  GetCommandLineA

  IsProcessorFeaturePresent

  ExitProcess

  GetModuleHandleExW

  GetProcAddress

  MultiByteToWideChar

  WideCharToMultiByte

  HeapSize

  GetProcessHeap

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  IsDebuggerPresent

  SetLastError

  GetCurrentThreadId

  GetFileType

  DeleteCriticalSection

  GetStartupInfoW

  GetModuleFileNameA

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  InitializeCriticalSectionAndSpinCount

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  LCMapStringW

  EnterCriticalSection

  LeaveCriticalSection

  LoadLibraryExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  HeapReAlloc

  OutputDebugStringW

  aclui

  ord2

  ord1

  cabinet

  ord14

  ord10

  clusapi

  ClusterRegQueryValue

  ClusterRegDeleteValue

  ClusterRegEnumValue

  ClusterRegQueryInfoKey

  ClusterRegGetKeySecurity

  ClusterResourceEnum

  ClusterRegSetValue

  ClusterRegEnumKey

  CloseCluster

  BackupClusterDatabase

  CloseClusterNotifyPort

  ClusterOpenEnum

  CloseClusterNode

  ClusterNodeOpenEnum

  ClusterNodeGetEnumCount

  ClusterNodeCloseEnum

  ClusterNodeEnum

  CloseClusterGroup

  ClusterGroupOpenEnum

  ClusterGroupGetEnumCount

  ClusterGroupEnum

  ChangeClusterResourceGroup

  AddClusterResourceNode

  AddClusterResourceDependency

  CanResourceBeDependent

  ClusterResourceControl

  ClusterResourceTypeControl

  ClusterNodeControl

  ClusterResourceOpenEnum

  ClusterResourceGetEnumCount

  ClusterRegCloseKey

  ClusterResourceCloseEnum

  ClusterResourceTypeOpenEnum

  ClusterResourceTypeGetEnumCount

  ClusterResourceTypeEnum

  ClusterResourceTypeCloseEnum

  CloseClusterNetwork

  ClusterNetworkOpenEnum

  ClusterNetworkGetEnumCount

  ClusterNetworkEnum

  ClusterNetworkCloseEnum

  ClusterNetworkControl

  CloseClusterNetInterface

  ClusterNetInterfaceControl

  ClusterRegCreateKey

  ClusterRegOpenKey

  ClusterRegDeleteKey

  ClusterRegSetKeySecurity

  cryptui

  CryptUIDlgViewContext

  CryptUIDlgSelectCertificateFromStore

  CryptUIWizDigitalSign

  CryptUIWizFreeDigitalSignContext

  CryptUIDlgViewCertificateA

  CryptUIWizExport

  CryptUIWizImport

  dhcpcsvc

  DhcpDeRegisterParamChange

  DhcpRegisterParamChange

  DhcpUndoRequestParams

  DhcpRequestParams

  DhcpCApiCleanup

  DhcpCApiInitialize

  DhcpRemoveDNSRegistrations

  Sections

  .text

  Size: 74KB - Virtual size: 73KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 982KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 160KB - Virtual size: 159KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ