General

Malware Config

Signatures

Files

• bd959353bc6c05b085fc37589ea2ccd2c91aaf05ec7cf1a487f5de7fa0abc962

  .exe windows:4 windows x64 arch:x64

  77531a9d79cce9e0cd9e633c3fd840b7

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  advapi32

  CryptAcquireContextW

  CryptDecrypt

  CryptDestroyKey

  CryptImportKey

  CryptReleaseContext

  CryptSetKeyParam

  comctl32

  InitCommonControls

  crypt32

  CryptStringToBinaryA

  kernel32

  CloseHandle

  ConnectNamedPipe

  CreateEventW

  CreateFileW

  CreateNamedPipeW

  CreateThread

  DeleteCriticalSection

  EnterCriticalSection

  GetLastError

  GetModuleHandleW

  GetStartupInfoW

  HeapAlloc

  HeapCreate

  HeapDestroy

  HeapFree

  InitializeCriticalSection

  LeaveCriticalSection

  LocalAlloc

  LocalFree

  QueryPerformanceCounter

  QueryPerformanceFrequency

  ReadFile

  SetUnhandledExceptionFilter

  Sleep

  TlsGetValue

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WriteFile

  lstrlenA

  msvcrt

  __C_specific_handler

  __iob_func

  __lconv_init

  __set_app_type

  __setusermatherr

  __wgetmainargs

  __winitenv

  _amsg_exit

  _cexit

  _commode

  _fmode

  _initterm

  _onexit

  _rotr64

  _wcmdln

  abort

  calloc

  exit

  fprintf

  free

  fwrite

  malloc

  memcpy

  signal

  strlen

  strncmp

  vfprintf

  ntdll

  EtwpCreateEtwThread

  NtQueryInformationProcess

  RtlFreeUnicodeString

  RtlStringFromGUID

  rpcrt4

  UuidCreate

  user32

  DialogBoxParamW

  MessageBoxW

  wsprintfW

  Sections

  .text

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 176B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 346KB - Virtual size: 345KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 1024B - Virtual size: 696B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 1024B - Virtual size: 548B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 992B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 104B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 168B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE