General

Malware Config

Signatures

Files

• 7b91afefb37ecb337669d23e0cbad138.bin

  .zip

  Password: infected

• 72bdfcbf6f43df60ce7f69fd246ce880f6e825f563226c7228ce172395ab1ef2.exe

  .exe windows:6 windows x86 arch:x86

  Password: infected

  25bd1649e75855dcadd9e9ac5c5a14b7

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LocalAlloc

  GetCurrentThreadId

  GetModuleHandleA

  GetLocaleInfoA

  OpenProcess

  CreateToolhelp32Snapshot

  MultiByteToWideChar

  Sleep

  GetTempPathA

  GetModuleHandleExA

  GetTimeZoneInformation

  GetTickCount64

  CopyFileA

  GetLastError

  GetFileAttributesA

  TzSpecificLocalTimeToSystemTime

  CreateFileA

  SetEvent

  TerminateThread

  LoadLibraryA

  GetVersionExA

  DeleteFileA

  Process32Next

  CloseHandle

  GetSystemInfo

  CreateThread

  ResetEvent

  GetWindowsDirectoryA

  HeapAlloc

  SetFileAttributesA

  GetLocalTime

  GetProcAddress

  VirtualAllocEx

  LocalFree

  IsProcessorFeaturePresent

  GetFileSize

  RemoveDirectoryA

  ReadProcessMemory

  GetCurrentProcessId

  GetProcessHeap

  GlobalMemoryStatusEx

  SetThreadExecutionState

  FreeLibrary

  WideCharToMultiByte

  CreateRemoteThread

  GetComputerNameExA

  CreateDirectoryA

  GetSystemTime

  WaitForSingleObject

  CreateEventA

  GetPrivateProfileStringA

  IsWow64Process

  IsDebuggerPresent

  VirtualQueryEx

  GetComputerNameA

  SetUnhandledExceptionFilter

  InitializeCriticalSectionEx

  SetFilePointer

  CreateFileW

  AreFileApisANSI

  EnterCriticalSection

  GetFullPathNameW

  GetDiskFreeSpaceW

  LockFile

  LeaveCriticalSection

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  GetTempPathW

  GetFileAttributesW

  FormatMessageW

  GetDiskFreeSpaceA

  DeleteFileW

  UnlockFile

  LockFileEx

  DeleteCriticalSection

  GetSystemTimeAsFileTime

  FormatMessageA

  QueryPerformanceCounter

  GetTickCount

  FlushFileBuffers

  HeapSize

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  SetStdHandle

  HeapReAlloc

  EnumSystemLocalesW

  GetVolumeInformationA

  CreateMutexA

  FindClose

  lstrlenA

  FindNextFileA

  GetProcessId

  GetUserDefaultLocaleName

  TerminateProcess

  OutputDebugStringA

  WriteFile

  GetCurrentProcess

  SetLastError

  HeapFree

  FindFirstFileA

  WriteProcessMemory

  Process32First

  ReadFile

  GetPrivateProfileSectionNamesA

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  GetFileSizeEx

  GetConsoleOutputCP

  ReadConsoleW

  GetConsoleMode

  GetStdHandle

  GetModuleFileNameW

  GetModuleHandleExW

  ExitProcess

  GetFileType

  SetFilePointerEx

  LoadLibraryExW

  TlsFree

  GetModuleFileNameA

  lstrcpynA

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  RaiseException

  RtlUnwind

  InitializeSListHead

  GetStartupInfoW

  UnhandledExceptionFilter

  GetStringTypeW

  FindFirstFileW

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  GetFinalPathNameByHandleW

  GetModuleHandleW

  GetFileInformationByHandleEx

  GetLocaleInfoEx

  InitializeSRWLock

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  TryAcquireSRWLockExclusive

  LCMapStringEx

  EncodePointer

  DecodePointer

  CompareStringEx

  GetCPInfo

  WriteConsoleW

  user32

  wsprintfA

  GetSystemMetrics

  MessageBoxA

  GetWindowRect

  EnumDisplayDevicesA

  GetDC

  GetKeyboardLayoutList

  CharNextA

  GetCursorPos

  GetDesktopWindow

  ReleaseDC

  gdi32

  CreateCompatibleBitmap

  SelectObject

  CreateCompatibleDC

  DeleteObject

  BitBlt

  advapi32

  RegCloseKey

  LsaClose

  LsaOpenPolicy

  RegEnumKeyA

  RegGetValueA

  GetCurrentHwProfileA

  LsaFreeMemory

  RegQueryValueExA

  CredEnumerateA

  RegCreateKeyExA

  GetUserNameA

  RegSetValueExA

  RegOpenKeyExA

  LsaQueryInformationPolicy

  RegEnumKeyExA

  shell32

  ShellExecuteA

  SHGetFolderPathA

  ole32

  CoInitialize

  CoCreateInstance

  CoInitializeEx

  CoUninitialize

  ws2_32

  WSAStartup

  socket

  connect

  recv

  freeaddrinfo

  setsockopt

  WSAGetLastError

  shutdown

  WSACleanup

  closesocket

  getaddrinfo

  crypt32

  CryptUnprotectData

  shlwapi

  PathFindExtensionA

  gdiplus

  GdipGetImageEncoders

  GdiplusShutdown

  GdiplusStartup

  GdipSaveImageToFile

  GdipGetImageEncodersSize

  GdipDisposeImage

  GdipCreateBitmapFromHBITMAP

  setupapi

  SetupDiEnumDeviceInfo

  SetupDiGetDeviceInterfaceDetailA

  SetupDiGetClassDevsA

  SetupDiEnumDeviceInterfaces

  ntdll

  RtlUnicodeStringToAnsiString

  rstrtmgr

  RmStartSession

  RmGetList

  RmRegisterResources

  RmShutdown

  RmEndSession

  Exports

  Exports

  Start

  Sections

  .text

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 156KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 35KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ