General

Malware Config

Signatures

Files

• Surveillance_client_P2P(64)_1.5.46_2020_02_27.rar

  .rar

  Password: t4lg0

• Surveillance_client_P2P(64)_1.5.46_2020_02_27/Surveillance_client_P2P(64)_1.5.46_2020_02_27.doc

  .doc windows office2003
• Surveillance_client_P2P(64)_1.5.46_2020_02_27/Surveillance_client_P2P(64)_1.5.46_2020_02_27.exe

  .exe windows:5 windows x86 arch:x86

  Password: t4lg0

  20dd26497880c05caed9305b3c8b9109

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Imports

  oleaut32

  SysFreeString

  SysReAllocStringLen

  SysAllocStringLen

  advapi32

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  user32

  GetKeyboardType

  LoadStringW

  MessageBoxA

  CharNextW

  CreateWindowExW

  TranslateMessage

  SetWindowLongW

  PeekMessageW

  MsgWaitForMultipleObjects

  MessageBoxW

  LoadStringW

  GetSystemMetrics

  ExitWindowsEx

  DispatchMessageW

  DestroyWindow

  CharUpperBuffW

  CallWindowProcW

  kernel32

  GetACP

  Sleep

  VirtualFree

  VirtualAlloc

  GetSystemInfo

  GetTickCount

  QueryPerformanceCounter

  GetVersion

  GetCurrentThreadId

  VirtualQuery

  WideCharToMultiByte

  MultiByteToWideChar

  lstrlenW

  lstrcpynW

  LoadLibraryExW

  GetThreadLocale

  GetStartupInfoA

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  GetLocaleInfoW

  GetCommandLineW

  FreeLibrary

  FindFirstFileW

  FindClose

  ExitProcess

  WriteFile

  UnhandledExceptionFilter

  RtlUnwind

  RaiseException

  GetStdHandle

  CloseHandle

  TlsSetValue

  TlsGetValue

  LocalAlloc

  GetModuleHandleW

  WriteFile

  WideCharToMultiByte

  WaitForSingleObject

  VirtualQuery

  VirtualProtect

  VirtualFree

  VirtualAlloc

  SizeofResource

  SignalObjectAndWait

  SetLastError

  SetFilePointer

  SetEvent

  SetErrorMode

  SetEndOfFile

  ResetEvent

  RemoveDirectoryW

  ReadFile

  MultiByteToWideChar

  LockResource

  LoadResource

  LoadLibraryW

  GetWindowsDirectoryW

  GetVersionExW

  GetVersion

  GetUserDefaultLangID

  GetThreadLocale

  GetSystemInfo

  GetSystemDirectoryW

  GetStdHandle

  GetProcAddress

  GetModuleHandleW

  GetModuleFileNameW

  GetLocaleInfoW

  GetLastError

  GetFullPathNameW

  GetFileSize

  GetFileAttributesW

  GetExitCodeProcess

  GetEnvironmentVariableW

  GetDiskFreeSpaceW

  GetCurrentProcess

  GetCommandLineW

  GetCPInfo

  InterlockedExchange

  InterlockedCompareExchange

  FreeLibrary

  FormatMessageW

  FindResourceW

  EnumCalendarInfoW

  DeleteFileW

  CreateProcessW

  CreateFileW

  CreateEventW

  CreateDirectoryW

  CloseHandle

  Sleep

  comctl32

  InitCommonControls

  Sections

  .text

  Size: 61KB - Virtual size: 60KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .itext

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 21KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 8B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 44KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ