General

Malware Config

Signatures

Files

• a1a4fb75dec19097c5acc1d7557fdbc69a1021c4da47cc2c96aa1c03d7ef51eb

  .zip

  Password: infected

• 1ca85c7d735a4bdc8900acd52f4ec46bf0d0f13908907657175bbf92d82e28ce

  .exe windows:5 windows x86 arch:x86

  851a0ba8fbb71710075bdfe6dcef92eb

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mpr

  WNetEnumResourceW

  WNetUseConnectionW

  WNetOpenEnumW

  WNetCloseEnum

  ws2_32

  ioctlsocket

  getpeername

  ntohl

  select

  WSAGetLastError

  htons

  recv

  socket

  closesocket

  getsockopt

  WSAAddressToStringW

  htonl

  connect

  iphlpapi

  GetIpAddrTable

  winhttp

  WinHttpReceiveResponse

  WinHttpOpenRequest

  WinHttpConnect

  WinHttpCloseHandle

  WinHttpOpen

  WinHttpSendRequest

  kernel32

  FindClose

  FindNextFileW

  SystemTimeToFileTime

  OpenProcess

  FindFirstFileW

  MoveFileW

  GetFileSizeEx

  SetFilePointerEx

  SetEndOfFile

  GetCurrentThreadId

  GetLocalTime

  ExitProcess

  SetFilePointer

  WaitForSingleObject

  GetComputerNameW

  SetEvent

  GetLogicalDrives

  GetTickCount

  Sleep

  CopyFileW

  GetFileAttributesW

  ReadFile

  CreateFileW

  MultiByteToWideChar

  CreateEventW

  WaitForMultipleObjects

  CloseHandle

  SetFileAttributesW

  CreateThread

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  ResetEvent

  DeleteCriticalSection

  AllocConsole

  WriteFile

  WideCharToMultiByte

  WriteConsoleW

  GetStdHandle

  CreateMutexW

  CreateProcessW

  GetCurrentProcess

  SetHandleInformation

  HeapFree

  GetLocaleInfoW

  ReadProcessMemory

  TerminateProcess

  GetModuleFileNameW

  FlushFileBuffers

  OpenMutexW

  GetLastError

  GetProcAddress

  Process32FirstW

  GetExitCodeThread

  CreatePipe

  Process32NextW

  GetModuleHandleA

  CreateToolhelp32Snapshot

  ReleaseMutex

  GetVersion

  DeleteFileW

  GetCurrentProcessId

  GetVolumeInformationW

  ExpandEnvironmentStringsW

  HeapAlloc

  GetProcessHeap

  HeapReAlloc

  QueryPerformanceCounter

  user32

  GetWindowThreadProcessId

  GetShellWindow

  advapi32

  FreeSid

  LookupPrivilegeValueW

  OpenProcessToken

  GetTokenInformation

  EqualSid

  RegSetValueExW

  RegCloseKey

  AdjustTokenPrivileges

  RegOpenKeyExW

  LookupAccountSidW

  AllocateAndInitializeSid

  DuplicateTokenEx

  RegQueryValueExW

  shell32

  ShellExecuteExW

  ole32

  CoGetObject

  CoInitializeEx

  CoUninitialize

  Sections

  .text

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .cdata

  Size: 14KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE