5aa5c904c3d6762938eae4003fa72f097528715d571b0901b20b6237d4f5c52d

Sharing

Copy URL Twitter E-mail

General

Target

5aa5c904c3d6762938eae4003fa72f097528715d571b0901b20b6237d4f5c52d
Size

11.0MB
MD5

fa2d543e2b78d0d7f09dc8a5389c6368
SHA1

3bfd16409d38fc575262388b66c1451de818c079
SHA256

5aa5c904c3d6762938eae4003fa72f097528715d571b0901b20b6237d4f5c52d
SHA512

068073189902d36f11e9b6c0602dad3164859afa2aa839aa744c300d48477933b11112340c40842b11952e493a90b4d0e232515a168d4822dde98962080d7cf0
SSDEEP

196608:FfeB5+hCXgGbSCh7AjcLbet2Jly3MX/fMVLXPmbz05yHGcnkhjeRx42HmRuUPm:yAcS9kbNQCfMVrP4A5SGccAAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/cli.exe
unpack001/1/explorer.exe
unpack001/1/svchost.exe

Files

5aa5c904c3d6762938eae4003fa72f097528715d571b0901b20b6237d4f5c52d
.zip
1/1.bat
1/2.bat
1/cli.exe
.exe windows:4 windows x64 arch:x64

323478f90d9561d528520f017cd265d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExA

iphlpapi

if_nametoindex

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateSemaphoreA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetWindowsDirectoryW
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
LockFileEx
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCP
SetConsoleMode
SetConsoleOutputCP
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_chsize
_close
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstat64
_get_osfhandle
_getpid
_gmtime64
_initterm
_isatty
_lock
_lseeki64
_onexit
_open
_read
_setjmp
_strdup
_strnicmp
_time64
_ultoa
_unlock
_vscprintf
_vsnprintf
_wfopen
_write
_wsystem
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
ispunct
isspace
isupper
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
raise
realloc
setbuf
setlocale
setvbuf
signal
sprintf
sscanf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy
wcsftime
wcslen
wcstombs
wcsxfrm
_snwprintf
longjmp
_write
_strdup
_read
_open
_fileno
_fdopen
_close

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

user32

MessageBoxW

ws2_32

WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getprotobynumber
getservbyname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

main

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/config.txt
1/explorer.exe
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/svchost.exe
.exe windows:4 windows x64 arch:x64

38c90fb098276b103f19acf990d7c0e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

iphlpapi

GetAdaptersAddresses
GetBestInterface
if_indextoname
if_nametoindex

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateSemaphoreA
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocalTime
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadId
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapSetInformation
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFileMappingW
OutputDebugStringA
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_chsize
_close
_ctime64
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstat64
_ftime
_get_osfhandle
_getcwd
_getpid
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_open
_read
_scprintf
_setjmp
_setmode
_snprintf
_splitpath_s
_strdup
_stricmp
_strnicmp
_time64
_ultoa
_unlock
_vscprintf
_vsnprintf
_wfopen
_write
_wsystem
abort
atoi
atol
calloc
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
ispunct
isspace
isupper
iswctype
iswprint
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
putwc
qsort
raise
rand
realloc
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsrchr
wcsstr
wcstombs
wcsxfrm
_vsnwprintf
_snwprintf
longjmp
_write
_strdup
_read
_open
_memicmp
_fileno
_fdopen
_close

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getprotobynumber
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

evmc_create_aleth_interpreter
evmc_get_instruction_metrics_table
secp256k1_context_clone
secp256k1_context_create
secp256k1_context_destroy
secp256k1_context_no_precomp
secp256k1_context_randomize
secp256k1_context_set_error_callback
secp256k1_context_set_illegal_callback
secp256k1_ec_privkey_negate
secp256k1_ec_privkey_tweak_add
secp256k1_ec_privkey_tweak_mul
secp256k1_ec_pubkey_combine
secp256k1_ec_pubkey_create
secp256k1_ec_pubkey_negate
secp256k1_ec_pubkey_parse
secp256k1_ec_pubkey_serialize
secp256k1_ec_pubkey_tweak_add
secp256k1_ec_pubkey_tweak_mul
secp256k1_ec_seckey_verify
secp256k1_ecdh
secp256k1_ecdh_hash_function_default
secp256k1_ecdh_hash_function_sha256
secp256k1_ecdsa_recover
secp256k1_ecdsa_recoverable_signature_convert
secp256k1_ecdsa_recoverable_signature_parse_compact
secp256k1_ecdsa_recoverable_signature_serialize_compact
secp256k1_ecdsa_sign
secp256k1_ecdsa_sign_recoverable
secp256k1_ecdsa_signature_normalize
secp256k1_ecdsa_signature_parse_compact
secp256k1_ecdsa_signature_parse_der
secp256k1_ecdsa_signature_serialize_compact
secp256k1_ecdsa_signature_serialize_der
secp256k1_ecdsa_verify
secp256k1_nonce_function_default
secp256k1_nonce_function_rfc6979
secp256k1_scratch_space_create
secp256k1_scratch_space_destroy

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 345KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

323478f90d9561d528520f017cd265d0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 15KB - Virtual size: 14KB

.rdata Size: 177KB - Virtual size: 177KB

.pdata Size: 76KB - Virtual size: 76KB

.xdata Size: 131KB - Virtual size: 130KB

.bss Size: - Virtual size: 28KB

.edata Size: 512B - Virtual size: 69B

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 237KB - Virtual size: 618KB

/4 Size: 512B - Virtual size: 295B

/19 Size: 391KB - Virtual size: 391KB

/32 Size: 78KB - Virtual size: 78KB

/46 Size: 512B - Virtual size: 48B

/65 Size: 652KB - Virtual size: 651KB

/78 Size: 530KB - Virtual size: 530KB

/90 Size: 133KB - Virtual size: 133KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

.symtab Size: 317KB - Virtual size: 316KB

38c90fb098276b103f19acf990d7c0e4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.data Size: 32KB - Virtual size: 31KB

.rdata Size: 3.4MB - Virtual size: 3.4MB

/4 Size: 1024B - Virtual size: 896B

.pdata Size: 355KB - Virtual size: 355KB

.xdata Size: 840KB - Virtual size: 839KB

.bss Size: - Virtual size: 345KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 14KB - Virtual size: 13KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 15KB - Virtual size: 14KB

.rdata
Size: 177KB - Virtual size: 177KB

.pdata
Size: 76KB - Virtual size: 76KB

.xdata
Size: 131KB - Virtual size: 130KB

.bss
Size: - Virtual size: 28KB

.edata
Size: 512B - Virtual size: 69B

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 237KB - Virtual size: 618KB

/4
Size: 512B - Virtual size: 295B

/19
Size: 391KB - Virtual size: 391KB

/32
Size: 78KB - Virtual size: 78KB

/46
Size: 512B - Virtual size: 48B

/65
Size: 652KB - Virtual size: 651KB

/78
Size: 530KB - Virtual size: 530KB

/90
Size: 133KB - Virtual size: 133KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB

.symtab
Size: 317KB - Virtual size: 316KB

.text
Size: 11.9MB - Virtual size: 11.9MB

.data
Size: 32KB - Virtual size: 31KB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

/4
Size: 1024B - Virtual size: 896B

.pdata
Size: 355KB - Virtual size: 355KB

.xdata
Size: 840KB - Virtual size: 839KB

.bss
Size: - Virtual size: 345KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 14KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 78KB - Virtual size: 78KB