General

Malware Config

Signatures

Files

• a3e56bd926b686267d164d3ded675759

  .exe windows:4 windows x86 arch:x86

  a7d782c571616d3c9a8deb5984c8e97e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\User\Release\max.pdb

  Imports

  kernel32

  SetFilePointer

  GetLocaleInfoA

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  LCMapStringA

  GetConsoleTitleA

  GetConsoleCP

  InitializeCriticalSection

  GetConsoleMode

  FlushFileBuffers

  GetCurrentProcessId

  ReadFile

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  CloseHandle

  CreateFileA

  GetTickCount

  WaitForSingleObject

  OpenFileMappingA

  lstrcpyA

  CreateEventA

  MultiByteToWideChar

  SetConsoleTitleA

  VirtualAlloc

  MapViewOfFile

  ExitThread

  GetModuleHandleA

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  QueryPerformanceCounter

  LoadLibraryW

  WideCharToMultiByte

  OutputDebugStringW

  GetFileType

  GetLastError

  RtlUnwind

  WriteConsoleW

  OutputDebugStringA

  WriteFile

  InterlockedDecrement

  GlobalMemoryStatusEx

  Sleep

  LoadLibraryA

  CreateThread

  GetStdHandle

  DebugBreak

  RaiseException

  SetLastError

  TlsFree

  GetCurrentThreadId

  TlsSetValue

  TlsAlloc

  TlsGetValue

  IsValidCodePage

  HeapValidate

  IsBadReadPtr

  GetSystemTimeAsFileTime

  GetModuleFileNameW

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetCommandLineA

  HeapFree

  GetVersionExA

  HeapAlloc

  GetProcessHeap

  GetStartupInfoA

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleFileNameA

  HeapReAlloc

  HeapDestroy

  HeapCreate

  VirtualFree

  InterlockedIncrement

  GetProcAddress

  ExitProcess

  GetACP

  GetOEMCP

  GetCPInfo

  user32

  SetFocus

  GetCursorPos

  CreateWindowExA

  LoadBitmapA

  SetWindowLongA

  DefWindowProcA

  BeginPaint

  GetWindowTextLengthA

  DrawFocusRect

  OffsetRect

  GetWindowTextA

  SetCursor

  LoadMenuA

  SendMessageA

  LoadCursorA

  GetFocus

  FindWindowA

  GetDlgItem

  IsWindowEnabled

  EndPaint

  GetDC

  FillRect

  PtInRect

  DestroyWindow

  ReleaseDC

  SetWindowTextA

  DrawIcon

  wsprintfA

  gdi32

  CreateBitmap

  DeleteObject

  SetStretchBltMode

  SetBrushOrgEx

  EnumFontsA

  TextOutA

  CreateSolidBrush

  CreatePatternBrush

  GetObjectA

  SetBkMode

  PatBlt

  CombineRgn

  SelectObject

  StartPage

  advapi32

  AddAce

  RegQueryValueExA

  AddAccessDeniedObjectAce

  shell32

  ShellExecuteA

  ole32

  ReadFmtUserTypeStg

  CoInitialize

  CoCreateInstance

  opengl32

  glLoadIdentity

  glMatrixMode

  glViewport

  glOrtho

  glu32

  gluLookAt

  psapi

  GetWsChanges

  InitializeProcessForWsWatch

  avicap32

  capCreateCaptureWindowA

  avifil32

  AVIFileRelease

  AVIStreamGetFrameClose

  msacm32

  acmDriverClose

  shlwapi

  StrToIntExA

  PathUnquoteSpacesA

  gdiplus

  GdiplusStartup

  uxtheme

  IsThemeActive

  ntdsapi

  DsWriteAccountSpnA

  Sections

  .text

  Size: 184KB - Virtual size: 181KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 53KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 352KB - Virtual size: 349KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ