General

Malware Config

Signatures

Files

• e99c79bc77c3b9679a974cbb9fd4fe2a952c675f56a05503b505b24304ba23ba.exe

  .exe windows:6 windows x86 arch:x86

  27cfe5237af2563d5cf9261f92875077

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  HeapFree

  CloseHandle

  GetModuleHandleW

  LoadLibraryW

  GetProcAddress

  HeapReAlloc

  CreateMutexW

  GetCurrentProcessId

  GetCurrentThreadId

  GetCurrentThread

  SetThreadPriority

  Sleep

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  FreeLibrary

  GetCommandLineW

  GetVersionExW

  SetLastError

  CopyFileExW

  WaitForMultipleObjects

  GetOverlappedResult

  WaitForSingleObject

  GetExitCodeProcess

  GetFileInformationByHandleEx

  GetModuleHandleA

  TlsGetValue

  TlsSetValue

  InitOnceBeginInitialize

  TlsAlloc

  InitOnceComplete

  TlsFree

  TryAcquireSRWLockExclusive

  GetStdHandle

  GetConsoleMode

  MultiByteToWideChar

  WriteConsoleW

  CreateWaitableTimerExW

  SetWaitableTimer

  FormatMessageW

  WaitForSingleObjectEx

  LoadLibraryA

  GetCurrentProcess

  CreateMutexA

  ReleaseMutex

  GetEnvironmentVariableW

  GetTempPathW

  GetModuleFileNameW

  CreateFileW

  GetLastError

  GetFullPathNameW

  CreateDirectoryW

  GetFileInformationByHandle

  FindFirstFileW

  FindClose

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  CompareStringOrdinal

  GetSystemDirectoryW

  GetWindowsDirectoryW

  CreateProcessW

  GetFileAttributesW

  DuplicateHandle

  CreateThread

  InitializeProcThreadAttributeList

  UpdateProcThreadAttribute

  DeleteProcThreadAttributeList

  CreateNamedPipeW

  ReadFileEx

  SleepEx

  WriteFileEx

  CreateEventW

  CancelIo

  ReadFile

  ExitProcess

  GetProcessHeap

  HeapAlloc

  GetCurrentDirectoryW

  RtlCaptureContext

  AcquireSRWLockShared

  ReleaseSRWLockShared

  SwitchToThread

  SetFilePointerEx

  GetConsoleOutputCP

  FlushFileBuffers

  HeapSize

  LCMapStringW

  CompareStringW

  GetStringTypeW

  SetThreadStackGuarantee

  AddVectoredExceptionHandler

  SetFileInformationByHandle

  FreeConsole

  GetFileType

  SetStdHandle

  SetEnvironmentVariableW

  WideCharToMultiByte

  GetCPInfo

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  TerminateProcess

  RtlUnwind

  EncodePointer

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  LoadLibraryExW

  RaiseException

  WriteFile

  GetModuleHandleExW

  GetCommandLineA

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  DecodePointer

  winhttp

  WinHttpOpen

  WinHttpConnect

  WinHttpCloseHandle

  WinHttpOpenRequest

  WinHttpSendRequest

  WinHttpReceiveResponse

  WinHttpQueryDataAvailable

  WinHttpReadData

  WinHttpQueryHeaders

  ntdll

  NtCreateFile

  RtlNtStatusToDosError

  NtWriteFile

  NtReadFile

  advapi32

  RegCloseKey

  RegOpenKeyW

  SystemFunction036

  shell32

  IsUserAnAdmin

  ShellExecuteW

  bcrypt

  BCryptGenRandom

  Sections

  .text

  Size: 306KB - Virtual size: 308KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 83KB - Virtual size: 84KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 2KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ