General

Malware Config

Signatures

Files

• 8713dc7033b0877593e5176b5e566e9d9895852004962cc17195875ddbf0ae79

  .dll windows:4 windows x86 arch:x86

  5142674d8d0b129a5f8e0e637d9ec458

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  mfc42

  ord3738

  ord561

  ord825

  ord815

  ord3953

  ord2725

  ord800

  ord537

  ord823

  ord2915

  ord540

  ord2614

  ord858

  ord535

  ord3663

  ord860

  ord939

  ord5710

  ord5683

  ord2818

  ord4278

  ord6662

  ord4160

  ord922

  ord924

  ord4129

  ord2764

  ord2454

  ord4277

  ord2763

  ord940

  ord1643

  ord4204

  ord6283

  ord6282

  ord926

  ord941

  ord4202

  ord4424

  ord2830

  ord4222

  ord5467

  ord1581

  ord2918

  ord1989

  ord2805

  ord960

  ord6314

  ord4179

  ord6389

  ord5445

  ord3318

  ord6012

  ord5775

  ord2603

  ord5186

  ord3180

  ord3183

  ord3176

  ord3508

  ord3652

  ord403

  ord703

  ord2841

  ord5440

  ord6383

  ord5450

  ord6394

  ord2107

  ord3181

  ord3178

  ord4058

  ord2781

  ord668

  ord1980

  ord2770

  ord356

  ord6876

  ord6877

  ord1116

  ord1176

  ord1575

  ord1168

  ord1577

  ord1182

  ord342

  ord1243

  ord1197

  ord1570

  ord1253

  ord1255

  ord6467

  ord1578

  ord600

  ord826

  ord269

  ord4622

  ord4080

  ord3079

  ord3825

  ord3831

  ord3830

  ord2976

  ord3081

  ord2985

  ord3262

  ord3136

  ord4465

  ord3259

  ord3147

  ord2982

  ord5714

  ord5289

  ord5307

  ord4698

  ord4079

  ord5302

  ord5300

  ord3346

  ord2396

  ord5199

  ord1089

  ord3922

  ord5731

  ord2512

  ord2554

  ord4486

  ord6375

  ord3887

  ord4274

  msvcrt

  _initterm

  _onexit

  __dllonexit

  _snprintf

  _close

  _read

  _lseek

  _open

  ftell

  _stricmp

  calloc

  realloc

  strtok

  getenv

  strchr

  _adjust_fdiv

  sprintf

  malloc

  free

  _rmdir

  _CxxThrowException

  _ftol

  _strupr

  _ftime

  _strnicmp

  _strdup

  __CxxFrameHandler

  _write

  _mbsnbcpy

  setlocale

  atoi

  sscanf

  ??1type_info@@UAE@XZ

  strncmp

  _mbscmp

  fseek

  fread

  rename

  _stat

  time

  localtime

  fwrite

  fflush

  fopen

  fclose

  _access

  kernel32

  GetModuleFileNameA

  FindResourceA

  SizeofResource

  LoadResource

  LockResource

  SetThreadLocale

  GetCurrentProcess

  FlushInstructionCache

  DeleteFileA

  GetVolumeInformationA

  GetLastError

  GetDiskFreeSpaceExA

  CreateDirectoryA

  LocalFree

  FormatMessageA

  GetSystemDefaultLangID

  CopyFileA

  FindClose

  FindFirstFileA

  GetVersion

  FreeLibrary

  CloseHandle

  CreateFileA

  GetProcAddress

  LoadLibraryA

  SetFilePointer

  ReadFile

  WaitForSingleObject

  ResetEvent

  CreateEventA

  DeviceIoControl

  LocalAlloc

  user32

  IsWindow

  SendMessageA

  RegisterWindowMessageA

  msvcp60

  ??1_Lockit@std@@QAE@XZ

  ??0_Lockit@std@@QAE@XZ

  Exports

  Exports

  GetMDRUtilsFuncs

  Sections

  .text

  Size: 304KB - Virtual size: 300KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 28KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ