General

Malware Config

Signatures

Files

• 2ae853f0b83d3dffeaf192cb3e64209ad52bbfd5f0c41f85f1e1cea7217e3dc4

  .zip
• Birdman/8lN0/YR9.md
• Birdman/Birdman.dll

  .dll windows:6 windows x86 arch:x86

  244d8f9f2c625c07accc7836974657c1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  GetProcessHeap

  CloseHandle

  GetComputerNameA

  GetLastError

  HeapWalk

  HeapCreate

  TryEnterCriticalSection

  CreateActCtxA

  ActivateActCtx

  CreateThread

  GetCurrentProcessId

  WaitForSingleObject

  CreateFileMappingA

  MapViewOfFile

  UnmapViewOfFile

  VirtualAlloc

  HeapLock

  Exports

  Exports

  DeR8

  HUF_inc_var

  ITbi4

  ObrRM2679

  OdAgP61

  YiRgp93sN0

  Sections

  .text

  Size: 20KB - Virtual size: 20KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 787KB - Virtual size: 787KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Birdman/TZZ.pdf.lnk

  .lnk