General

Malware Config

Signatures

Files

• bb6af94db448e5a030dbcf2299c11359cd28acb6d56a2d8a0750e3a62bf8e678

  .exe windows:4 windows x86 arch:x86

  676f4bc1db7fb9f072b157186a10179e

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetStartupInfoA

  GetModuleHandleA

  LoadLibraryA

  ExitProcess

  SetThreadContext

  WriteProcessMemory

  VirtualAllocEx

  CreateProcessW

  GetProcAddress

  GetModuleFileNameW

  gdi32

  PolyPolygon

  Escape

  ExtTextOutA

  TextOutA

  RectVisible

  PtVisible

  CreateCompatibleDC

  LPtoDP

  CreateCompatibleBitmap

  GetMapMode

  Polygon

  PtInRegion

  CreatePolygonRgn

  CombineRgn

  Polyline

  BitBlt

  DPtoLP

  mfc42

  ord5302

  ord2725

  ord4079

  ord4698

  ord5307

  ord5289

  ord5714

  ord2982

  ord3147

  ord3259

  ord4465

  ord3136

  ord3262

  ord2985

  ord3081

  ord2976

  ord3830

  ord3831

  ord3825

  ord3079

  ord4080

  ord4622

  ord4424

  ord3738

  ord561

  ord815

  ord641

  ord2514

  ord5265

  ord4376

  ord4853

  ord4998

  ord6052

  ord4078

  ord1775

  ord4407

  ord5241

  ord2385

  ord5163

  ord6374

  ord4353

  ord5280

  ord3798

  ord4837

  ord4441

  ord2648

  ord2055

  ord6376

  ord5300

  ord5065

  ord1727

  ord5261

  ord2446

  ord2124

  ord5277

  ord4627

  ord4425

  ord3597

  ord324

  ord2864

  ord6880

  ord4299

  ord4234

  ord2971

  ord5759

  ord6192

  ord5756

  ord6186

  ord4330

  ord6189

  ord6172

  ord5873

  ord5789

  ord5794

  ord5678

  ord5736

  ord5579

  ord5571

  ord6061

  ord5864

  ord3596

  ord3571

  ord816

  ord640

  ord5785

  ord2379

  ord6194

  ord6021

  ord1640

  ord323

  ord562

  ord1146

  ord1168

  ord4710

  ord755

  ord470

  ord6197

  ord3346

  ord2396

  ord5199

  ord1089

  ord3922

  ord5731

  ord2512

  ord2554

  ord4486

  ord6375

  ord4274

  ord4673

  ord1641

  ord3706

  ord283

  ord472

  ord823

  ord5787

  ord5788

  ord6086

  ord825

  ord2414

  ord3626

  ord3749

  ord3663

  ord1576

  msvcrt

  _except_handler3

  __set_app_type

  _setmbcp

  __CxxFrameHandler

  _ftol

  wcslen

  wcsstr

  strstr

  wcscat

  wcscpy

  __dllonexit

  _onexit

  _exit

  _XcptFilter

  exit

  _acmdln

  __getmainargs

  _initterm

  __setusermatherr

  _adjust_fdiv

  _controlfp

  __p__fmode

  __p__commode

  user32

  EnableWindow

  GrayStringA

  DrawTextA

  TabbedTextOutA

  LoadCursorA

  SetCursor

  ClientToScreen

  IsIconic

  GetSystemMetrics

  GetClientRect

  DrawIcon

  SendMessageA

  LoadIconA

  ReleaseCapture

  GetWindowRect

  SetWindowRgn

  SetCapture

  CopyRect

  Sections

  .text

  Size: 44KB - Virtual size: 44KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 204KB - Virtual size: 204KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  gu_idata

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  gu_rsrcs

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ