Extracted

• 467725a009680e79d89ce8f6a481ca399cb0f478a09045769dea1f6949050cb2

  .zip

  Password: infected

• 35178ea71fd6bc4c15e2c302613f3c0ff5579b0669e800a24dc30d68e0328942.exe

  .exe windows:5 windows x86 arch:x86

  bcf77c2c3cd3748f83f9c44cda23fdb3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  strchr

  strcpy_s

  ??_U@YAPAXI@Z

  __CxxFrameHandler3

  memcpy

  strncpy

  malloc

  _wtoi64

  atexit

  ??_V@YAXPAX@Z

  memmove

  memchr

  strtok_s

  memset

  kernel32

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetTickCount

  QueryPerformanceCounter

  GetStartupInfoW

  GetFileType

  SetHandleCount

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetModuleFileNameA

  HeapSize

  VirtualFree

  VirtualAlloc

  ExitProcess

  VirtualAllocExNuma

  GetCurrentProcess

  GetUserDefaultLCID

  lstrlenA

  LocalAlloc

  ReadProcessMemory

  VirtualQueryEx

  OpenProcess

  FileTimeToSystemTime

  CloseHandle

  WaitForSingleObject

  CreateThread

  GetDriveTypeA

  GetLogicalDriveStringsA

  GetProcAddress

  LoadLibraryA

  GetStringTypeW

  MultiByteToWideChar

  GetLocaleInfoA

  EnumSystemLocalesA

  lstrcmpiW

  UnhandledExceptionFilter

  LCMapStringW

  WideCharToMultiByte

  HeapSetInformation

  GetCommandLineA

  HeapReAlloc

  HeapAlloc

  GetLocaleInfoW

  LoadLibraryW

  InterlockedExchange

  FreeLibrary

  IsValidCodePage

  GetOEMCP

  RaiseException

  GetLastError

  HeapFree

  DecodePointer

  EncodePointer

  IsValidLocale

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  FatalAppExitA

  EnterCriticalSection

  RtlUnwind

  HeapCreate

  HeapDestroy

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  GetModuleHandleW

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  GetCurrentThread

  Sleep

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  SetConsoleCtrlHandler

  GetCPInfo

  GetACP

  user32

  CharToOemA

  advapi32

  RegOpenKeyExA

  RegGetValueA

  GetCurrentHwProfileA

  ole32

  CoInitializeSecurity

  CoInitializeEx

  CoSetProxyBlanket

  CoCreateInstance

  oleaut32

  VariantClear

  SysAllocString

  SysFreeString

  VariantInit

  shlwapi

  ord155

  Sections

  .text

  Size: 206KB - Virtual size: 206KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 58KB - Virtual size: 58KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 2.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 176B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 21KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ