General

Malware Config

Signatures

Files

• 18b2e6f43a155bb750d5ce35e089dd63fcf9d83c61c95fe23e5624fb42d4eb5d

  .exe windows:5 windows x86 arch:x86

  73f69d2f0d153d2098bcc0bcd3f11f4a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  E:\tms\work\SeAppService\src\bin\Release\SeAppService.pdb

  Imports

  kernel32

  MulDiv

  GetCommandLineW

  CreateDirectoryW

  MoveFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  OpenProcess

  LockResource

  WriteFile

  FreeResource

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalFree

  GetCurrentProcessId

  InitializeCriticalSection

  DeviceIoControl

  CreateProcessW

  GetModuleHandleA

  FindResourceExW

  WritePrivateProfileStringW

  GetPrivateProfileSectionNamesW

  WritePrivateProfileStructW

  GetExitCodeProcess

  WaitForSingleObject

  MoveFileExW

  GetVersionExW

  VirtualQuery

  SetUnhandledExceptionFilter

  ReadFile

  LocalFree

  CreateThread

  TerminateThread

  SuspendThread

  SetEvent

  CreateEventW

  SetFilePointer

  ExitProcess

  Sleep

  DuplicateHandle

  GetSystemTimeAsFileTime

  GetSystemInfo

  ResetEvent

  SetEndOfFile

  SetFileTime

  SystemTimeToFileTime

  TlsAlloc

  TlsSetValue

  TlsFree

  lstrcmpA

  lstrcmpiA

  AssignProcessToJobObject

  IsBadReadPtr

  GetPrivateProfileStringW

  GetTickCount

  VirtualFree

  VirtualAlloc

  DeleteFileW

  CopyFileW

  GetTempPathW

  GetSystemDirectoryW

  WideCharToMultiByte

  CreateFileW

  LoadLibraryW

  GetFileSize

  MultiByteToWideChar

  FindResourceW

  LoadLibraryExW

  CreateMutexW

  lstrcmpiW

  CloseHandle

  SizeofResource

  LoadResource

  SetErrorMode

  TerminateProcess

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  FindFirstFileExA

  WriteConsoleW

  GetTimeZoneInformation

  SetStdHandle

  ReadConsoleW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetModuleFileNameA

  GetConsoleMode

  GetConsoleCP

  RtlUnwind

  OpenThread

  HeapWalk

  HeapUnlock

  HeapLock

  GetFileSizeEx

  CreateFileA

  LocalFileTimeToFileTime

  GetStartupInfoW

  UnhandledExceptionFilter

  WaitForSingleObjectEx

  GetLocalTime

  DosDateTimeToFileTime

  GetFileType

  GetACP

  GetCurrentProcess

  FreeLibrary

  InterlockedDecrement

  InterlockedIncrement

  GetModuleHandleW

  GetModuleFileNameW

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  GetLastError

  GetCurrentThreadId

  RaiseException

  GetProcessHeap

  GetModuleHandleExA

  GetStdHandle

  ResumeThread

  InterlockedExchangeAdd

  InterlockedCompareExchange

  GetFileAttributesW

  GetCurrentDirectoryW

  GetCPInfo

  GetStringTypeW

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetModuleHandleExW

  TlsGetValue

  SwitchToThread

  PostQueuedCompletionStatus

  GetQueuedCompletionStatus

  CreateIoCompletionPort

  InterlockedExchange

  SetFilePointerEx

  FlushFileBuffers

  IsProcessorFeaturePresent

  QueryPerformanceFrequency

  QueryPerformanceCounter

  OutputDebugStringA

  ReleaseMutex

  HeapSize

  HeapFree

  FlushInstructionCache

  InterlockedPushEntrySList

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  GetProcAddress

  DecodePointer

  VirtualProtect

  LoadLibraryExA

  IsDebuggerPresent

  OutputDebugStringW

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  user32

  PostMessageW

  DefWindowProcW

  CallWindowProcW

  UnregisterClassW

  RegisterClassExW

  GetClassInfoExW

  CreateWindowExW

  IsWindow

  SetWindowPos

  GetKeyState

  SetForegroundWindow

  GetDC

  SendMessageW

  GetWindowRect

  GetWindowLongW

  SetWindowLongW

  GetDesktopWindow

  FindWindowW

  FindWindowExW

  SetWindowsHookExW

  UnhookWindowsHookEx

  CallNextHookEx

  LoadCursorW

  MonitorFromWindow

  GetMonitorInfoW

  ReleaseDC

  DestroyWindow

  InvalidateRect

  IsIconic

  PeekMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  GetShellWindow

  PostThreadMessageW

  WindowFromPoint

  GetParent

  MapWindowPoints

  MoveWindow

  ReplyMessage

  IntersectRect

  ClientToScreen

  ShowWindow

  EnumDisplayMonitors

  EnumDisplayDevicesW

  GetWindowThreadProcessId

  PtInRect

  AllowSetForegroundWindow

  KillTimer

  SetTimer

  IsWindowVisible

  PostQuitMessage

  SendMessageTimeoutW

  GetMessagePos

  MonitorFromPoint

  GetCursorPos

  GetSystemMetrics

  OffsetRect

  FillRect

  MessageBoxW

  WaitMessage

  CallMsgFilterW

  GetQueueStatus

  MsgWaitForMultipleObjectsEx

  wvsprintfW

  SetCursor

  UnionRect

  SetFocus

  GetActiveWindow

  GetFocus

  SetCapture

  ReleaseCapture

  GetUpdateRect

  ScreenToClient

  IsRectEmpty

  GetWindow

  RegisterClassW

  EnableWindow

  SetPropW

  GetPropW

  IsZoomed

  SetWindowRgn

  CreateCaret

  GetCaretBlinkTime

  HideCaret

  ShowCaret

  SetCaretPos

  GetCaretPos

  GetSysColor

  CharPrevW

  DrawTextW

  SetRect

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  CreateAcceleratorTableW

  InvalidateRgn

  GetGUIThreadInfo

  GetClientRect

  EndPaint

  BeginPaint

  UpdateLayeredWindow

  CharNextW

  gdi32

  TextOutW

  MoveToEx

  ExtTextOutW

  GdiFlush

  CreatePenIndirect

  SetTextColor

  GetDIBits

  BitBlt

  SetBrushOrgEx

  GetObjectW

  CreateDIBSection

  GdiAlphaBlend

  SetStretchBltMode

  StretchBlt

  SelectObject

  GetStockObject

  DeleteObject

  DeleteDC

  CreateCompatibleDC

  GetDeviceCaps

  CreateCompatibleBitmap

  CreateFontIndirectW

  CreatePen

  Rectangle

  RestoreDC

  SaveDC

  GetTextMetricsW

  SetWindowOrgEx

  CreateRoundRectRgn

  GetObjectA

  CombineRgn

  CreateDCW

  SetBkMode

  CreateRectRgnIndirect

  CreateSolidBrush

  GetCharABCWidthsW

  GetClipBox

  GetTextExtentPoint32W

  LineTo

  RoundRect

  SelectClipRgn

  ExtSelectClipRgn

  SetBkColor

  CreatePatternBrush

  shell32

  SHAppBarMessage

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  SHChangeNotify

  ord680

  CommandLineToArgvW

  shlwapi

  SHGetValueA

  PathFileExistsW

  PathFindFileNameW

  SHGetValueW

  PathAppendW

  SHSetValueW

  StrDupW

  SHStrDupW

  PathRemoveFileSpecW

  PathCombineW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  ws2_32

  bind

  closesocket

  send

  recv

  listen

  inet_addr

  htons

  socket

  accept

  WSAStartup

  netapi32

  Netbios

  userenv

  CreateEnvironmentBlock

  DestroyEnvironmentBlock

  imm32

  ImmReleaseContext

  ImmSetCompositionFontW

  ImmSetCompositionWindow

  ImmGetContext

  Exports

  Exports

  ??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

  Sections

  .text

  Size: 829KB - Virtual size: 828KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 226KB - Virtual size: 225KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 23KB - Virtual size: 113KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 478KB - Virtual size: 480KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE