General

Malware Config

Signatures

Files

• HSY#41YAS_38A92D4D_3SH72AHD_38A92N_AOKC3928.exe

  .exe windows:5 windows x86 arch:x86

  93dfc16ed07ebeb5b405221f10d12c0e

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegEnumKeyW

  RegEnumValueW

  RegQueryValueExW

  RegSetValueExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  SetFileSecurityW

  RegCreateKeyExW

  RegOpenKeyExW

  shell32

  SHFileOperationW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteExW

  ole32

  OleInitialize

  OleUninitialize

  CoTaskMemFree

  IIDFromString

  CoCreateInstance

  comctl32

  ord17

  ImageList_Destroy

  ImageList_AddMasked

  ImageList_Create

  user32

  PeekMessageW

  DispatchMessageW

  wsprintfA

  SystemParametersInfoW

  SetClassLongW

  GetWindowLongW

  GetSysColor

  ScreenToClient

  SetCursor

  GetWindowRect

  TrackPopupMenu

  AppendMenuW

  EnableMenuItem

  CreatePopupMenu

  GetSystemMenu

  GetSystemMetrics

  IsWindowEnabled

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  OpenClipboard

  CheckDlgButton

  EndDialog

  DialogBoxParamW

  IsWindowVisible

  SetWindowPos

  CreateWindowExW

  GetClassInfoW

  SetDlgItemTextW

  CallWindowProcW

  GetMessagePos

  CharNextW

  ExitWindowsEx

  SetWindowTextW

  SetTimer

  CreateDialogParamW

  DestroyWindow

  LoadImageW

  FindWindowExW

  SetWindowLongW

  InvalidateRect

  ReleaseDC

  GetDC

  SetForegroundWindow

  EnableWindow

  GetDlgItem

  ShowWindow

  IsWindow

  PostQuitMessage

  SendMessageTimeoutW

  SendMessageW

  wsprintfW

  FillRect

  GetClientRect

  EndPaint

  BeginPaint

  DrawTextW

  DefWindowProcW

  GetDlgItemTextW

  CharNextA

  CharPrevW

  RegisterClassW

  MessageBoxIndirectW

  LoadCursorW

  gdi32

  SetBkMode

  CreateBrushIndirect

  GetDeviceCaps

  SelectObject

  DeleteObject

  SetBkColor

  SetTextColor

  CreateFontIndirectW

  kernel32

  GetLastError

  WaitForSingleObject

  GetExitCodeProcess

  RemoveDirectoryW

  GetTempFileNameW

  CreateFileW

  CreateDirectoryW

  WideCharToMultiByte

  lstrlenW

  lstrcpynW

  GlobalLock

  GlobalUnlock

  CreateThread

  GetDiskFreeSpaceW

  CopyFileW

  GetVersionExW

  GetWindowsDirectoryW

  ExitProcess

  GetCurrentProcess

  CreateProcessW

  GetTempPathW

  SetEnvironmentVariableW

  GetCommandLineW

  GetModuleFileNameW

  GetTickCount

  GetFileSize

  MultiByteToWideChar

  MoveFileW

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  lstrcmpiW

  lstrcmpW

  MulDiv

  GlobalFree

  GlobalAlloc

  LoadLibraryExW

  GetModuleHandleW

  FreeLibrary

  Sleep

  CloseHandle

  SetFileTime

  SetFilePointer

  SetFileAttributesW

  ReadFile

  GetShortPathNameW

  GetFullPathNameW

  GetFileAttributesW

  FindNextFileW

  FindFirstFileW

  FindClose

  DeleteFileW

  CompareFileTime

  SearchPathW

  SetCurrentDirectoryW

  ExpandEnvironmentStringsW

  WriteFile

  MoveFileExW

  GetSystemDirectoryW

  GetModuleHandleA

  GetProcAddress

  lstrcmpiA

  lstrcpyA

  lstrcatW

  SetErrorMode

  Sections

  .text

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 3.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 188KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/System.dll

  .dll windows:6 windows x86 arch:x86

  4f33ea844b96a31c8f4690530ba63854

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalAlloc

  GlobalSize

  GlobalFree

  lstrcpynW

  lstrcpyW

  GetLastError

  VirtualAlloc

  VirtualProtect

  VirtualFree

  FreeLibrary

  GetModuleHandleW

  GetProcAddress

  LoadLibraryW

  lstrlenW

  MultiByteToWideChar

  WideCharToMultiByte

  user32

  wsprintfW

  ole32

  StringFromGUID2

  CLSIDFromString

  Exports

  Exports

  Alloc

  Call

  Copy

  Free

  Get

  Int64Op

  Store

  StrAlloc

  Sections

  .text

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 958B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 512B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Dillseed/filsystemkontrol.txt
• Dropkick/Bakongo/Overhastily/Datareduktionsfordelerne/behvet.spi
• Lures/Psychopathically/Ulogiske/Clerks.Hea
• Trolls/Ddsfjenderne142/Karskade/forbenings.pha
• Trolls/Ddsfjenderne142/Karskade/tarmkatarer.pre