General

Malware Config

Signatures

Files

• Payroll.7z

  .7z

  Password: infected

• dolphin.exe

  .exe windows:4 windows x86 arch:x86

  Password: infected

  67e3e686fa83c12de08bdb764b7761b9

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExA

  RegSetValueExA

  kernel32

  CloseHandle

  CreateProcessA

  CreateRemoteThread

  CreateToolhelp32Snapshot

  DeleteCriticalSection

  EnterCriticalSection

  ExitProcess

  FindClose

  FindFirstFileA

  FindNextFileA

  FreeLibrary

  GetCommandLineA

  GetLastError

  GetModuleFileNameA

  GetModuleHandleA

  GetProcAddress

  InitializeCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  OpenProcess

  Process32First

  Process32Next

  SetUnhandledExceptionFilter

  Sleep

  TlsGetValue

  VirtualAllocEx

  VirtualFreeEx

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WriteProcessMemory

  msvcrt

  _pclose

  _popen

  _strdup

  _stricoll

  __getmainargs

  __mb_cur_max

  __p__environ

  __p__fmode

  __set_app_type

  _cexit

  _errno

  _fpreset

  _fullpath

  _iob

  _isctype

  _onexit

  _pctype

  _setmode

  abort

  atexit

  calloc

  fgets

  fprintf

  free

  fwrite

  malloc

  mbstowcs

  memcpy

  memset

  perror

  printf

  puts

  realloc

  setlocale

  signal

  strcmp

  strcoll

  strlen

  strstr

  system

  tolower

  vfprintf

  wcstombs

  ws2_32

  WSAGetLastError

  WSAStartup

  connect

  htons

  inet_addr

  recv

  send

  socket

  Sections

  .text

  Size: 14KB - Virtual size: 13KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 28B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  /4

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 112B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 32B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  /14

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /29

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /41

  Size: 512B - Virtual size: 303B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /55

  Size: 512B - Virtual size: 456B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /67

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ