General

Malware Config

Signatures

Files

• e9a7fdb0344525ae154d0433142a3ecacb583cf270fc73c9d87eb5a9101c939e

  .exe windows:5 windows x86 arch:x86

  78a76bfb673714b91d14011e6e54e806

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  LeaveCriticalSection

  InitializeCriticalSection

  EnterCriticalSection

  LCMapStringA

  FreeLibrary

  GetCommandLineA

  SetFilePointer

  GetEnvironmentVariableA

  GetUserDefaultLCID

  WriteFile

  WritePrivateProfileStringA

  GetTickCount

  Sleep

  GetVersionExA

  GetPrivateProfileStringA

  GetFileSize

  ReadFile

  GetModuleFileNameA

  IsBadReadPtr

  HeapFree

  HeapReAlloc

  ExitProcess

  GetExitCodeThread

  CreateRemoteThread

  VirtualFreeEx

  HeapAlloc

  GetProcessHeap

  DuplicateHandle

  FlushInstructionCache

  GetModuleHandleA

  WideCharToMultiByte

  CreateThread

  WriteProcessMemory

  VirtualAllocEx

  GetSystemDirectoryA

  GetWindowsDirectoryA

  GetShortPathNameA

  WaitForSingleObject

  CreateProcessA

  CreateEventA

  CreateMutexA

  SetWaitableTimer

  CreateWaitableTimerA

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingA

  OpenFileMappingA

  CreateFileA

  GetDiskFreeSpaceExA

  GlobalMemoryStatusEx

  SetEnvironmentVariableA

  CompareStringW

  CompareStringA

  Module32Next

  GetFileAttributesA

  VirtualProtect

  OpenEventA

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  MultiByteToWideChar

  GetModuleHandleW

  QueryDosDeviceA

  GetLogicalDriveStringsA

  Module32First

  Process32Next

  Process32First

  CreateToolhelp32Snapshot

  IsBadCodePtr

  GetStringTypeW

  GetStringTypeA

  SetUnhandledExceptionFilter

  LCMapStringW

  IsBadWritePtr

  HeapCreate

  HeapDestroy

  GetStdHandle

  SetHandleCount

  GetEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  TerminateProcess

  VirtualFree

  VirtualAlloc

  IsDebuggerPresent

  RtlMoveMemory

  lstrcpyn

  GetProcAddress

  GetFileType

  SetStdHandle

  HeapSize

  GetACP

  GetLocalTime

  GetSystemTime

  RaiseException

  RtlUnwind

  GetStartupInfoA

  GetOEMCP

  GetCPInfo

  SetErrorMode

  GetProcessVersion

  FindResourceA

  LoadResource

  LockResource

  GetVersion

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  lstrcatA

  GlobalFlags

  MulDiv

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  GlobalReAlloc

  TlsFree

  GlobalHandle

  TlsAlloc

  FlushFileBuffers

  LocalAlloc

  lstrcpyA

  lstrcpynA

  LocalFree

  InterlockedDecrement

  InterlockedIncrement

  GlobalDeleteAtom

  lstrcmpA

  lstrcmpiA

  GetCurrentThread

  GetCurrentThreadId

  GetLastError

  GetTempPathA

  lstrlenA

  DeleteCriticalSection

  SetLastError

  GetTimeZoneInformation

  LoadLibraryA

  OpenProcess

  GetCurrentProcessId

  CloseHandle

  GetCurrentProcess

  VirtualQuery

  GetSystemTimeAsFileTime

  GetModuleHandleA

  CreateEventA

  GetModuleFileNameW

  LoadLibraryA

  TerminateProcess

  GetCurrentProcess

  CreateToolhelp32Snapshot

  Thread32First

  GetCurrentProcessId

  GetCurrentThreadId

  OpenThread

  Thread32Next

  CloseHandle

  SuspendThread

  ResumeThread

  WriteProcessMemory

  GetSystemInfo

  VirtualAlloc

  VirtualProtect

  VirtualFree

  GetProcessAffinityMask

  SetProcessAffinityMask

  GetCurrentThread

  SetThreadAffinityMask

  Sleep

  FreeLibrary

  GetTickCount

  GlobalFree

  GetProcAddress

  LocalAlloc

  LocalFree

  ExitProcess

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  DeleteCriticalSection

  GetModuleHandleW

  LoadResource

  MultiByteToWideChar

  FindResourceExW

  FindResourceExA

  WideCharToMultiByte

  GetThreadLocale

  GetUserDefaultLCID

  GetSystemDefaultLCID

  EnumResourceNamesA

  EnumResourceNamesW

  EnumResourceLanguagesA

  EnumResourceLanguagesW

  EnumResourceTypesA

  EnumResourceTypesW

  CreateFileW

  LoadLibraryW

  GetLastError

  FlushFileBuffers

  CreateFileA

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetCommandLineA

  RaiseException

  RtlUnwind

  HeapFree

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  HeapAlloc

  LCMapStringA

  LCMapStringW

  SetHandleCount

  GetStdHandle

  GetFileType

  GetStartupInfoA

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  HeapReAlloc

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  HeapSize

  WriteFile

  SetFilePointer

  GetConsoleCP

  GetConsoleMode

  InitializeCriticalSectionAndSpinCount

  SetStdHandle

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  SetPropW

  MoveWindow

  MessageBeep

  SetForegroundWindow

  EnumChildWindows

  CreateWindowExW

  SendMessageW

  ShowWindow

  UpdateWindow

  GetClassLongA

  GetPropW

  SetWindowPos

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PostMessageA

  RemovePropW

  LoadIconW

  RegisterClassExW

  DefWindowProcW

  GetParent

  WaitForInputIdle

  PostQuitMessage

  LoadCursorA

  KillTimer

  UpdateLayeredWindow

  SetTimer

  ReleaseCapture

  CallWindowProcW

  GetWindowRect

  BeginPaint

  EndPaint

  ReleaseDC

  GetWindowLongW

  SetWindowLongW

  TrackMouseEvent

  SendMessageA

  DestroyWindow

  IsZoomed

  SetCapture

  GetFocus

  SetFocus

  GetDC

  GetWindowTextW

  IsRectEmpty

  SetWindowRgn

  RedrawWindow

  GetIconInfo

  CreateCaret

  DestroyCaret

  GetKeyState

  SetCaretPos

  GetCursorPos

  IsIconic

  DestroyIcon

  MessageBoxA

  wsprintfA

  DispatchMessageA

  GetWindowThreadProcessId

  SetCursor

  IsWindow

  EnumWindows

  CreateWindowStationA

  GetClassNameA

  GetWindowTextA

  GetWindowTextLengthA

  IsWindowVisible

  GetWindow

  GetDesktopWindow

  GetMenuStringA

  GetSubMenu

  GetMenuItemCount

  GetMenu

  CallWindowProcA

  SystemParametersInfoA

  RegisterWindowMessageA

  EndDialog

  CreateDialogIndirectParamA

  DestroyMenu

  PostThreadMessageA

  UnregisterClassA

  LoadStringA

  GetSysColorBrush

  LoadIconA

  MapWindowPoints

  GetSysColor

  AdjustWindowRectEx

  GetClientRect

  EmptyClipboard

  SetClipboardData

  OpenClipboard

  GetClipboardData

  CloseClipboard

  PeekMessageA

  GetMessageA

  SetWindowTextA

  EnableWindow

  IsWindowEnabled

  GetForegroundWindow

  GetActiveWindow

  SetActiveWindow

  GetLastActivePopup

  SetWindowsHookExA

  ValidateRect

  CallNextHookEx

  GetNextDlgTabItem

  EnableMenuItem

  CheckMenuItem

  SetMenuItemBitmaps

  ModifyMenuA

  GetMenuState

  LoadBitmapA

  GetMenuCheckMarkDimensions

  RegisterClipboardFormatA

  GetSystemMetrics

  PtInRect

  GetDlgCtrlID

  ClientToScreen

  UnhookWindowsHookEx

  TabbedTextOutA

  DrawTextA

  GrayStringA

  GetDlgItem

  SendDlgItemMessageA

  IsDialogMessageA

  SetWindowLongA

  GetWindowPlacement

  GetMessagePos

  GetMessageTime

  DefWindowProcA

  RemovePropA

  GetPropA

  SetPropA

  CreateWindowExA

  GetMenuItemID

  RegisterClassA

  GetClassInfoA

  WinHelpA

  GetCapture

  GetTopWindow

  CopyRect

  GetWindowLongA

  GetUserObjectInformationW

  CharUpperBuffW

  MessageBoxW

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  GetObjectW

  DeleteDC

  SelectObject

  CreateDIBSection

  CreateCompatibleDC

  DeleteObject

  CreateRoundRectRgn

  BitBlt

  CreateBitmap

  SaveDC

  RestoreDC

  SetBkColor

  TextOutA

  SetMapMode

  SetViewportOrgEx

  OffsetViewportOrgEx

  SetViewportExtEx

  ScaleViewportExtEx

  GetDIBits

  SetWindowExtEx

  ScaleWindowExtEx

  GetClipBox

  GetDeviceCaps

  GetTextExtentPoint32W

  GetObjectA

  GetStockObject

  RectVisible

  PtVisible

  SetTextColor

  Escape

  ExtTextOutA

  comctl32

  ImageList_GetIcon

  ImageList_GetIconSize

  ord17

  wsock32

  send

  recv

  getsockname

  ntohs

  WSAAsyncSelect

  select

  WSACleanup

  inet_addr

  gethostbyname

  connect

  ioctlsocket

  htons

  socket

  closesocket

  WSAStartup

  wininet

  InternetOpenUrlA

  InternetCanonicalizeUrlA

  InternetCrackUrlA

  HttpOpenRequestA

  HttpSendRequestA

  HttpQueryInfoA

  InternetReadFile

  InternetConnectA

  InternetSetOptionA

  InternetCloseHandle

  InternetOpenA

  advapi32

  RegCreateKeyExA

  RegOpenKeyExA

  RegSetValueExA

  RegOpenKeyA

  RegQueryValueExA

  RegCloseKey

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  OpenProcessToken

  shell32

  SHGetSpecialFolderPathA

  ShellExecuteA

  ole32

  CreateStreamOnHGlobal

  CoCreateGuid

  CLSIDFromString

  OleRun

  CoCreateInstance

  CLSIDFromProgID

  OleInitialize

  OleUninitialize

  CoFreeUnusedLibraries

  CoRegisterMessageFilter

  CoRevokeClassObject

  OleFlushClipboard

  OleIsCurrentClipboard

  psapi

  GetProcessImageFileNameA

  gdiplus

  GdipCreateBitmapFromHBITMAP

  GdipCreateHBITMAPFromBitmap

  GdipImageGetFrameCount

  GdipGetPropertyItemSize

  GdipGetPropertyItem

  GdipCreateBitmapFromHICON

  GdipImageSelectActiveFrame

  GdipGetFontHeight

  GdipSetStringFormatTrimming

  GdipSetStringFormatFlags

  GdipGetStringFormatAlign

  GdipSetStringFormatAlign

  GdipCombineRegionRect

  GdipCreateMatrix

  GdipGetRegionScansCount

  GdipGetRegionScans

  GdipCreatePathGradientFromPath

  GdipSetClipRegion

  GdipSetClipRect

  GdipGetImagePixelFormat

  GdipSetInterpolationMode

  GdipSetCompositingQuality

  GdipDrawString

  GdipBitmapGetPixel

  GdipDeleteMatrix

  GdipDeleteRegion

  GdipGetRegionBounds

  GdipMeasureCharacterRanges

  GdipCreateRegion

  GdipSetStringFormatMeasurableCharacterRanges

  GdipDrawPath

  GdipSetPenDashStyle

  GdipDeletePen

  GdipDrawRectangle

  GdipFillRectangle

  GdipCreateLineBrushFromRect

  GdipSetTextRenderingHint

  GdipSetSmoothingMode

  GdipGetFamilyName

  GdipDeleteFont

  GdipCreateFont

  GdipDeleteFontFamily

  GdipCreateFontFamilyFromName

  GdiplusStartup

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImage

  GdipDeleteGraphics

  GdipDrawImageRect

  GdipGetImageGraphicsContext

  GdipCreateBitmapFromScan0

  GdipLoadImageFromStream

  GdipDrawImageRectRect

  GdipMeasureString

  GdipCreateSolidFill

  GdipDeleteBrush

  GdipFillPath

  GdipSetClipPath

  GdipClosePathFigure

  GdipAddPathArc

  GdipCreatePath

  GdipGraphicsClear

  GdipCloneBitmapArea

  GdipDeletePath

  GdipGetFontStyle

  GdipGetFontSize

  GdipDeleteStringFormat

  GdipResetClip

  GdipDisposeImageAttributes

  GdipSetImageAttributesColorMatrix

  GdipCreateImageAttributes

  GdipGetVisibleClipBounds

  GdipCreateFromHDC

  GdipCreateRegionHrgn

  GdipGetStringFormatFlags

  GdipSetStringFormatHotkeyPrefix

  GdipGetStringFormatHotkeyPrefix

  GdipGetStringFormatTrimming

  GdipCreateStringFormat

  GdipDrawPolygon

  GdipFillPolygon

  imm32

  ImmReleaseContext

  ImmGetCompositionStringA

  ImmAssociateContext

  ImmGetContext

  oledlg

  ord8

  oleaut32

  VariantTimeToSystemTime

  SafeArrayDestroy

  VariantClear

  SysAllocString

  SafeArrayCreate

  VariantCopy

  RegisterTypeLi

  LHashValOfNameSys

  LoadTypeLi

  VariantChangeType

  SystemTimeToVariantTime

  shlwapi

  PathFileExistsA

  rasapi32

  RasGetConnectStatusA

  RasHangUpA

  winspool.drv

  ClosePrinter

  OpenPrinterA

  DocumentPropertiesA

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  AL�.�h�;h� fK��,g�UH���� ���v-�+rkKj‰#.���Qւ�y�;����$d52����`�q����g�qh�$Ѽ����xY,��wl��5`rK�Un�͞r�꒲C׶���J�\s��"��ES�*���3�Y�MH3�h����5�N��*A��}�z�kxݫ�j�}ǚg#.�0����j�9L��"��+��y���./b��[���w��������L�6���J
   G���j���#O��T�C)=���������<^����A?��t�r .]!����R(��;!F1D�2���w���(�z���9�IЦ�JF�Ǯla�0A�����|
  @��e�xy7��cx̴�o����1$1��>T����T.�Y���n����5��Y�Fx��E%��(�kp숝� ���?�3 f!m[�Q���1��.N)��?ՠflC�,-F�"�ېZ뫈�|=20D�L�x��2ʨBR�v��:��c�f�U#gdU<YL\��Ȓ~�u�1��X<3,�ugm�zLJg��DBء*���w��R��h�����6C�N����Wο����v��6� �U˜��1k�����Pw�!�߯�{�T��.�yt�'>$|z��N���d����W���\g�'� ��}c ��2���
  �˭���' ~j/X���yl�S�ٞA���
  C���=�$�S�������i���Fw�D��a�����V�ɇ�
  ��[~fB<�䡐Q��x����J=�wy�yS�1�R�h��L)񧗊G񤵐w7P�j�l"�Q����]8��L3�M����F9ݍD�4��}h���x��Fe��G����p�$S4ۂ��"�����8� ��K
  ��9�������,9��Wp#�Namg�����2�k�qw� HJ1 j���D�a�-+sٍ�}�C�ak.ei+} 橞�=^�Р���,��mh���M��f�?e�����w�y��ًy��C(\9�ZuK�ڹ:��Y���lt��8�!����)Y��%cT�N$|�X1y�w<�c�dL����� )��� p�^ �";��.�%���~��1s#�A�� �O8ќ
  � ��2�H�G:��6�v@Hr��!4�8_M���2�0[U ���
  �����TU_1���G����D�?�ˆV:Z�~����k�Ͻ��6a�A�wJZ'�P��J8�8��8�Fe�O���Qn9��ny��w3bX�9 ]����'���(l�TC6�jYBL]h���RPt j�w/�L��$�t�W�ư�:�9�aRWLm�kij�q�[�|���rvz+γ����\@� ���ρ���ӂ5��qP��ʼn��؉R*?��A�=<�r��W���Tz5]��C"�����pI*����GwF,�w����>�,5��ʺ�x�
  W�k�%g�M���h�Y3{ot�#��0b���]Q��H[װ�W��1��N��Y��.u_Z�L γ �O2�q�QDV���7�~����i|i(�����e;�$z���.���q���9���T��96K�ڤ�\�.���%5�U���� �ay�����H��Il��,.�8���^!�`X&3:��CnJ` ऩ?�������3L�7 �=z��p��D(j��W{�U��1��0!d�����nBn�w**��~���Ϭqcc@�iэ�R'�h�50`��X�7ia����M���ؙ�[��͚�V���M�u������o�.�[F��8[Ҍ�3X7 �+_�s���J��"�,��24?QDŸ5�س��J݃&!hs�K U��M������(��aW��$�5l��2���_J9S�T�X.����;�,U���>�E�XkL�� c�͠C��g2}��G���I^��ά�n:��Q��%"�p�P���N���r�� rskM˥��?�zVy�GVSsV���Yz#�����P&:^�k���E����ʙ���$J,�.҇�� ���Q���Q�Q �A�.�_%�6h�J�b=�����~ �ޫ7m���$}�d,���Wi�4���(-�7HbO9}-o�_�m<r�U]����Gf>ũ��(����u좞���R:�@����b��{H�%[q8�oF3�{Zښ����(7Q�k�Hi1{O�߄4���Z[��!ga�<��B��5z�EG� �5�_{�H`8�$�j� ;���>&�i�W_+��,wB�a ��"��u�ə%{������ͩ*�[dZ�K��8��@�`����^��-�]�ږ��bb����E�l��<�~$�8�+�N}UG�a��R4,N�U�B�N��r��^���@�4�y�m7:L�2�����aB�Zf�N�e���a�}�bV�g ��\�5��<mB0�sH7���n�\~��:��ڈ�� ����# ������K�ҩ�Q1Xo�V�tpR�����LZrf�w�Lo�TD�F2q�� �&��Gk�f8�KY�V˹��b�5��b�����8�O��)<+vwժ�����ө�l��/-��m\�N� l�p4�<A<o���Вe:�:F�XEMu�.U��$�|���%��rvh�d*��ԃ��ۓ^.Z���k� �jt#���b } jgȠ]t�����8��
  ��T��~˘�#A��Sm�x��K��7�$�rX<��VˬX���_,"�H4���ەx'���l��i*�Έ̎Em�����~bd#�� ��2|r��?[ ���R�]�uyEg����"���v���X�|qG��M���� ���o �I}7��_>QK*����e Bld*v:�����W�C�{,uC��d�^�K���ހ��t ����O((�C{5���ɛԌ���8�-_�'�����G%$őA���U&dz�&���q��0��2�6I�a��B)$����ͤ �:��tێ3蘲\_bSk ȑ_��<&���vq%��U��!�!ټ��e������J��`<1����z ��s��ҹ�%L��4��<�%"u�����2����P�O^DՎ���GYĒE��I�jUcN��� O�@��M>��||U�>9��>�|�9��Ӧ�%��üH]o6�m"B�k��

  Sections

  .text

  Size: 912KB - Virtual size: 910KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 32KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 92KB - Virtual size: 239KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  hDmHGr0

  Size: 8.6MB - Virtual size: 8.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  hDmHGr1

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE