General

Malware Config

Signatures

Files

• db98b05e2c1ef05c32c654c40612334d

  .exe windows:4 windows x86 arch:x86

  8912e30a65490369250990eae75033fc

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  SHGetFolderPathW

  kernel32

  GlobalAddAtomW

  ResumeThread

  OpenThread

  SetThreadPriority

  GetTickCount

  LeaveCriticalSection

  GetStartupInfoW

  FindFirstFileW

  DeleteFileW

  FindNextFileW

  CopyFileW

  ExitProcess

  OutputDebugStringW

  GetCommandLineW

  GetProcAddress

  GetDriveTypeW

  QueryPerformanceCounter

  FindClose

  EnumResourceLanguagesW

  DeviceIoControl

  LoadModule

  GetSystemTimeAsFileTime

  ReleaseMutex

  EnterCriticalSection

  LoadLibraryExW

  GetCurrentProcessId

  GetModuleHandleA

  GetFileAttributesW

  SetPriorityClass

  GetExitCodeThread

  CreateDirectoryW

  LoadResource

  CreateFileW

  FindResourceW

  advapi32

  RegisterEventSourceW

  OpenServiceW

  RegEnumKeyExW

  ReportEventW

  OpenProcessToken

  OpenSCManagerW

  CloseServiceHandle

  ControlService

  DeregisterEventSource

  OpenThreadToken

  DeleteService

  SetServiceStatus

  CreateServiceW

  ole32

  CoUninitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoInitialize

  CoRevokeClassObject

  StringFromGUID2

  CoTaskMemFree

  CoRegisterClassObject

  CoInitializeSecurity

  setupapi

  CM_Get_Sibling

  CMP_WaitNoPendingInstallEvents

  SetupDiGetDeviceRegistryPropertyW

  CM_Get_DevNode_Status

  Sections

  .text

  Size: 133KB - Virtual size: 269KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 142KB - Virtual size: 141KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ