General

Malware Config

Signatures

Files

• af2cac864d51827a760560a2d1df8fe8

  .exe windows:5 windows x86 arch:x86

  e9950ff9278b3c40727057ec247800dd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  wsprintfW

  shlwapi

  StrCmpNIW

  StrStrIW

  StrChrW

  StrCmpIW

  SHRegSetUSValueW

  StrStrIA

  oleaut32

  SysAllocString

  SysFreeString

  netapi32

  NetGetJoinInformation

  NetApiBufferFree

  NetShareEnum

  NetGetDCName

  shell32

  CommandLineToArgvW

  ord680

  msvcrt

  fgetws

  feof

  _vsnwprintf

  _getch

  _wfopen

  fclose

  memcpy

  memset

  activeds

  ord9

  kernel32

  InitializeCriticalSection

  AllocConsole

  WriteConsoleW

  DeleteCriticalSection

  SetConsoleCursorPosition

  lstrlenW

  lstrcatW

  HeapAlloc

  GetProcessHeap

  lstrcpyW

  GetVolumeInformationW

  FindFirstFileW

  HeapFree

  FindNextFileW

  FindClose

  GetLastError

  WriteFile

  CreateFileW

  CloseHandle

  SetLastError

  HeapReAlloc

  GetCurrentProcessId

  WideCharToMultiByte

  Sleep

  GetTickCount

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetCurrentProcess

  ReleaseSemaphore

  WaitForSingleObject

  GetTickCount64

  SetEvent

  CreateThread

  CreateSemaphoreA

  CreateEventA

  DeviceIoControl

  SetFileAttributesW

  lstrcmpiW

  TerminateThread

  ResetEvent

  ReadFile

  GetFileSizeEx

  TlsSetValue

  SetEndOfFile

  SetFileInformationByHandle

  SetFilePointerEx

  LeaveCriticalSection

  GetDriveTypeW

  GetCommandLineW

  ExitProcess

  SetErrorMode

  lstrlenA

  TlsAlloc

  GetComputerNameA

  TerminateProcess

  OpenProcess

  lstrcmpiA

  GetModuleFileNameW

  GetTempPathW

  CreateProcessW

  GetSystemInfo

  GetComputerNameW

  GlobalMemoryStatus

  DeleteFileW

  CopyFileW

  GetConsoleScreenBufferInfo

  EnterCriticalSection

  GetStdHandle

  TlsGetValue

  advapi32

  CryptAcquireContextW

  OpenServiceA

  CryptImportKey

  CryptReleaseContext

  StartServiceW

  CryptEncrypt

  CryptDestroyKey

  GetUserNameW

  LookupAccountSidW

  GetTokenInformation

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  EnumServicesStatusA

  CreateServiceW

  CloseServiceHandle

  OpenSCManagerW

  OpenSCManagerA

  ControlService

  DeleteService

  QueryServiceStatusEx

  ole32

  CoInitializeEx

  CoInitializeSecurity

  CoCreateInstance

  CoSetProxyBlanket

  ntdll

  RtlGetNativeSystemInformation

  ZwQuerySystemInformation

  RtlGetVersion

  mpr

  WNetAddConnection2W

  WNetEnumResourceW

  WNetCloseEnum

  WNetOpenEnumW

  WNetCancelConnection2W

  Sections

  .text

  Size: 19KB - Virtual size: 18KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  bss

  Size: - Virtual size: 104B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ