General

Malware Config

Signatures

Files

• 271b8b1752d9fc555fb8eb9d72e1f226c13b5fa7a35f256f20fb1ec42477a26d

  .zip

  Password: infected

• bdbd0ee82dc7acfb5fafe10561dddd6b6b11c1d55f2f96bc6a1c8eb5dce167e1.exe

  .exe windows:5 windows x86 arch:x86

  c50fc44c4cf7f76a6615cc583b65389f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  MoveFileExW

  OpenJobObjectA

  SetDefaultCommConfigW

  CreateDirectoryW

  FreeEnvironmentStringsA

  GetTickCount

  GetConsoleAliasesLengthA

  TzSpecificLocalTimeToSystemTime

  GetSystemTimes

  WideCharToMultiByte

  LoadLibraryW

  GetLocaleInfoW

  CompareStringW

  GetStartupInfoW

  FlushFileBuffers

  GetConsoleAliasesW

  SetLastError

  InterlockedIncrement

  GetProcessHeaps

  CreateNamedPipeA

  EnumDateFormatsExA

  ResetEvent

  LoadLibraryA

  GetProcessWorkingSetSize

  OpenWaitableTimerW

  LocalAlloc

  DnsHostnameToComputerNameA

  SetCurrentDirectoryW

  FreeEnvironmentStringsW

  GetCurrentDirectoryA

  EndUpdateResourceA

  FileTimeToLocalFileTime

  GetVolumeInformationW

  IsValidLocale

  EnumSystemLocalesA

  HeapAlloc

  GetProcAddress

  GetModuleHandleExA

  EncodePointer

  DecodePointer

  GetCommandLineA

  HeapSetInformation

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  GetModuleHandleW

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  HeapCreate

  HeapDestroy

  Sleep

  HeapSize

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleFileNameA

  GetEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  DeleteCriticalSection

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  GetCurrentThread

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  FatalAppExitA

  SetConsoleCtrlHandler

  FreeLibrary

  InterlockedExchange

  HeapReAlloc

  RtlUnwind

  HeapFree

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  GetConsoleCP

  GetConsoleMode

  LCMapStringW

  MultiByteToWideChar

  GetStringTypeW

  SetFilePointer

  IsProcessorFeaturePresent

  CloseHandle

  WriteConsoleW

  SetStdHandle

  CreateFileW

  GetUserDefaultLCID

  GetLocaleInfoA

  RaiseException

  user32

  GetClassLongW

  advapi32

  GetServiceKeyNameW

  ReadEventLogA

  Sections

  .text

  Size: 156KB - Virtual size: 156KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .farateh

  Size: 512B - Virtual size: 124B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wegupov

  Size: 1024B - Virtual size: 1024B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 60KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ