General

Malware Config

Signatures

Files

• 1bfde1b52b05ddab592668ec53b9cb235d422dbe83807ab1cd8f7c579a34c997

  .zip

  Password: infected

• aadb5217c4c9316b90ce4eb5f2b52f72d34d426d66ce00c9addaef1654853acf.exe

  .exe windows:5 windows x86 arch:x86

  a24e60cd731cebbd3b0000f1c6958034

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\Users\medveput\armitage-tmp

  Imports

  winspool.drv

  EnumPrintProcessorsW

  kernel32

  GetNumaAvailableMemoryNode

  InterlockedExchange

  GetProcessShutdownParameters

  GetProcAddress

  GenerateConsoleCtrlEvent

  Sleep

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  GetModuleHandleA

  SetUnhandledExceptionFilter

  GetStartupInfoA

  InterlockedCompareExchange

  gdi32

  GetSystemPaletteEntries

  msvcrt

  _controlfp

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  __setusermatherr

  _amsg_exit

  _initterm

  _acmdln

  exit

  _ismbblead

  _XcptFilter

  _exit

  _cexit

  __getmainargs

  ?terminate@@YAXXZ

  shlwapi

  StrTrimA

  Sections

  .text

  Size: 13KB - Virtual size: 14KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 114KB - Virtual size: 114KB

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 540B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ