General

Malware Config

Signatures

Files

• Bonzify.bin.zip

  .zip

  Password: infected

• Bonzify.bin

  .exe windows:5 windows x86 arch:x86

  0bee32f8779ce7af7a869e923f1dd6fb

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Users\PC\Documents\Visual Studio 2015\Projects\Bonzify\Release\Bonzify.pdb

  Imports

  kernel32

  FindClose

  lstrcmpA

  lstrcatA

  CreateFileA

  lstrcpyA

  CloseHandle

  LocalFree

  GetProcessHeap

  FlushFileBuffers

  Sleep

  DeleteFileA

  CreateThread

  HeapAlloc

  SizeofResource

  lstrlenA

  SetLastError

  TerminateProcess

  ExpandEnvironmentStringsA

  GetFullPathNameA

  FindResourceA

  WaitForSingleObject

  OpenProcess

  CreateToolhelp32Snapshot

  LockResource

  Process32Next

  LoadResource

  lstrcmpiA

  CreateProcessA

  FindNextFileA

  WriteFile

  HeapFree

  FindFirstFileA

  Process32First

  LocalAlloc

  user32

  SendMessageA

  advapi32

  RegOpenKeyA

  RegSetValueExA

  RegCloseKey

  shell32

  SHCreateDirectoryExA

  SHChangeNotify

  ole32

  CoInitialize

  CoCreateInstance

  oleaut32

  SysAllocString

  SysFreeString

  shlwapi

  PathRemoveFileSpecA

  Sections

  .text

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6.4MB - Virtual size: 6.4MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 452B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ