General

Malware Config

Signatures

Files

• xjEbd9k

  .exe windows:5 windows x86 arch:x86

  0783cb37ef1240ef0478a960a2f29610

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  CryptSignHashA

  InitializeAcl

  RegReplaceKeyW

  RegSaveKeyA

  IsValidSid

  RegCreateKeyExA

  RegLoadKeyA

  IsValidAcl

  RegEnumKeyA

  OpenEventLogW

  ReadEventLogA

  RegRestoreKeyA

  RegUnLoadKeyA

  kernel32

  GetProcAddress

  OpenWaitableTimerA

  GetWindowsDirectoryW

  CreateFileW

  GetCurrencyFormatW

  FindResourceExA

  IsBadStringPtrW

  InterlockedExchange

  FindFirstFileW

  GetFullPathNameA

  GetProfileStringA

  GlobalAddAtomA

  LoadLibraryExW

  SetEvent

  GetModuleHandleA

  CreateMutexW

  GetPriorityClass

  ReadFile

  lstrcpy

  GetConsoleTitleA

  CreateFileMappingW

  ResumeThread

  OpenMutexA

  FormatMessageA

  CreateSemaphoreA

  GetLogicalDriveStringsA

  WaitForSingleObject

  InterlockedIncrement

  GetConsoleAliasW

  GetStartupInfoA

  ReadConsoleW

  GetPrivateProfileIntA

  FindNextFileA

  modemui

  CountryRunOnce

  drvGetDefaultCommConfigA

  InvokeControlPanel

  user32

  IsDialogMessageW

  CreateDesktopW

  LoadMenuW

  PostMessageW

  DrawStateA

  CharToOemA

  IsCharLowerW

  LoadCursorA

  GetClassLongA

  FlashWindow

  DialogBoxParamA

  LoadBitmapA

  PeekMessageA

  GetPropA

  wsprintfA

  authz

  AuthzAddSidsToContext

  AuthzInitializeContextFromSid

  Sections

  .text

  Size: 30KB - Virtual size: 29KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 812KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 97KB - Virtual size: 96KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ