General

Malware Config

Signatures

Files

• 08810549d87143439b0293f5772766cacaeebf217d692ddfb776f916f8b582fd

  .zip

  Password: infected

• 4339192e184bea89107928ccd5bcc1f5d4a928922361ab3f999926f74a0f6512

  .exe windows:4 windows x86 arch:x86

  71964c01f21c7bdcdd5be87bbfa4df10

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mpr

  WNetEnumResourceW

  WNetOpenEnumW

  WNetCloseEnum

  kernel32

  CreateFileW

  GetLastError

  FindClose

  FindFirstFileW

  DeviceIoControl

  GetDriveTypeW

  WaitForMultipleObjects

  SetErrorMode

  FindNextFileW

  TryEnterCriticalSection

  Sleep

  GetStdHandle

  WriteFile

  ReadFile

  FlushFileBuffers

  GetFileSizeEx

  MoveFileW

  SetFileAttributesW

  SetEndOfFile

  SetFilePointerEx

  GetProcessHeap

  GlobalAlloc

  GlobalFree

  GetVersion

  GetFileAttributesW

  GetCurrentProcess

  HeapFree

  PeekNamedPipe

  GetProcAddress

  LoadLibraryA

  GetComputerNameW

  SetEvent

  CreateEventW

  TerminateThread

  OpenProcess

  GetFileType

  GetModuleHandleA

  DuplicateHandle

  GetCurrentProcessId

  ExitProcess

  GetModuleHandleW

  CreatePipe

  GetCommandLineW

  CreateToolhelp32Snapshot

  GetSystemWindowsDirectoryW

  GetLogicalDrives

  GetLocaleInfoW

  GetModuleFileNameW

  GetEnvironmentVariableW

  Process32FirstW

  CreateProcessW

  Process32NextW

  CreateDirectoryW

  CreateThread

  WaitForSingleObject

  GetVolumeInformationW

  TerminateProcess

  DeleteCriticalSection

  GetExitCodeProcess

  LeaveCriticalSection

  InitializeCriticalSection

  EnterCriticalSection

  CloseHandle

  HeapAlloc

  SetHandleInformation

  user32

  DialogBoxParamW

  KillTimer

  ShowWindow

  wsprintfA

  MessageBoxW

  SetWindowTextA

  SendMessageW

  GetWindowThreadProcessId

  UnregisterHotKey

  OpenClipboard

  SetClipboardData

  GetWindowTextLengthW

  CloseClipboard

  GetWindowTextA

  EmptyClipboard

  GetDlgItem

  wsprintfW

  GetShellWindow

  SetTimer

  SetWindowTextW

  RegisterHotKey

  EndDialog

  EnableWindow

  PostMessageW

  advapi32

  CryptGenRandom

  CryptImportKey

  CryptEncrypt

  CryptDestroyKey

  CryptSetKeyParam

  CryptReleaseContext

  GetTokenInformation

  SetTokenInformation

  OpenProcessToken

  DuplicateTokenEx

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyExA

  CryptDecrypt

  CryptAcquireContextW

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteExW

  CommandLineToArgvW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  ord680

  ole32

  CoUninitialize

  CoTaskMemFree

  CoInitialize

  Sections

  .text

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 78KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 664B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ