General

Malware Config

Signatures

Files

• 7b1cced1299fa139cdff06d71e56dba80d9409950f2bddee5ce336c568401592

  .exe windows:5 windows x86 arch:x86

  0ee2d3e5f03e5c87f330a10e47d7ab28

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersionExA

  GetVersion

  GetVersionExA

  GetVersion

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  wsprintfA

  SetFocus

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  winmm

  midiStreamOut

  ws2_32

  bind

  gdi32

  LineTo

  winspool.drv

  OpenPrinterA

  advapi32

  RegCloseKey

  shell32

  Shell_NotifyIconA

  ole32

  CLSIDFromProgID

  oleaut32

  UnRegisterTypeLi

  comctl32

  ord17

  comdlg32

  ChooseColorA

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  )���y1��=5�);'���$���}娜L���@�‘�Q����������U��ne��_�2�[?,��bT���gN�`H�5�؃�E����� ͌ͮ�Δ;1떘���>�Y�F�H�}"���͘5�,�/A���\Y٩�)�<�)_���Y]�p��u�ik��j�bA�i&3�d@� ��&�X�]I_��qŐWI� !����^a9<ұxTa��f+<<�:8=7\r�����A�e�1ꡞ�*��Fci�J��.�]��/�{m��ۃu+
  � ���!C�cVL����xo?�^M]%}��# �����@���^K%� ���1�U*$zZ���@�� ��Zd�9B�ciwM��a��7�/+�4�X'����xV�dT�� :�k-iM9�e�u�̙u$g('6�%��j��oU�� �-���%ï���d��i�!����x�-&���FUi7w ���_�ƒ�� ��*yJK*vq��/����8�Hd�E{�骥��<���T������p�~� �������k��r;�N|��f�@�O��a'���v�Os����PFp0�t�����"��s�ר|b2~R!:�V��Ve��r�]L��g�%2�Zr Q
  � a h��9�� �Z��M5��,7���A��g#āJ�s�aIt��� �x�AH VǎU6)5&}��lF��ֳ�
  �8��OG�Ȍ����0�#\�D0%�� ��~��і*��)��}H�
  �-k����������Ks����M��+�LnoW�"O|��ʆ췖iW���V=����x�����˘�� $*bC��c8Px X7 ���8�l�2�/�q��#gtG���oUQ�P|�#�R�w��mY�^�\�cj���������<���̶�Eg�e��� ^�i��+�z�ȥ���2�r6�'�rh�F��b��wd��cr�&�����<�Y��|;,��/����)C��t����P�g�w�bO����E�G�5�NcCw
  O�{CJzA=�D@�������/l�����N)MBv,6��Ŭ
  ɕ��>�U�Q���h��Ԗe�a���;���D�i�5(��˭P��o���E�^cVM´��gU��yn��[˝ّ_�>��D�^{�����Gml�ˋ���T+��\%�=�8W�
  ���/q��o*��qO���MF!�Og�b���i7%n�fy�d�i�E����I�O���?�J�-��V�JJ5�J5��Nl 0¬��8��k���5 �� Ȝa��WG�Ů��6��k��}٢[��{�n����I�耒����`$�\�nL��W$Ф�� 8f����EyBI�G�F$���c�!���>F1Κ���)/�_�,�a���ѻs�3:���������&[:ݑ�wq%��,3�����[@݃$"v���]�Y�ۀ?Ȭ�e@?��ݜ#]������������gf~��㸜���)dJ�l&����t��k����L��R#�� 勂�jޔcg��,�|����:́x����k:���$=��j��4i�5���_X6�9�m��J^�fn��˖�T�� M3��Ɣ�e���]�d,*��9�Z9'�-����#�*GR�j1�s󩨿��G
  &KC�|<:�1M��i�UoiZ�a �Ρ�d��y+��r�����e0������Mm��[(qmu��V3Ig/_?��,�P�p�F����-����Z���%mg͙����a�]$�
  M;��iG=������&������� pU��_�8���L"��EWC[}��v@I*��[O� %@��a��: �˽S�޿F'?o�t�=�ԏRľ2X HA���
  �$�C!��zx����,��T_G����v3Fq%φ��3���Q��:͵��k}�vr��y�_ �/�Z���Z�#�.�Ɋ���j�k�;f>��S�ݕ9l���D+@��8�3��*�(˺2Q��k���<��D�e�øtx
  �_�|)�=��w�����M'�������q��{1���l�{����w�����R&�!R�Q(���S_�6|��_���c�+�5��2��[�'O�@ U HҚD�̏��E�}DA��i��v��,��%��[n�w��WvK5�c�S���Q\N�(S�j�����n������u?�h��=3Ӵw��E���;��}�?Ʒ����p}���{�񦌷��8��E��F�!������| =����FL�8#3�ۧ�ItJ ���b5��ҡcwR_wsf���ů��Lz�J�T#�xP���yCb��$���;�x;c��h�X���`Uc� M�$F!d�x�9@����p�����I�Fx<� q͡���Zs��;�e�[N�K=ũ��C�(|���wose��r)�.V.��j������
  ~:�цhW�U� HY���O�2z��R���Q�FI#� �A�r����6�����a~�x�lB��|�Z�p �sf�&��2�,�����<�|�^���������j��,�0�,��*s�ڸ�!��#�fa���5�o�qT�ɫ渋
  ?��e�hy��w�_��[�d6��@W�������J� 1sa7��`
  n��:���|˲�\�Fߊ^�@��zw�TQ�7����b�����S{��/M!1�~���H��bG��s�Fc�]+�҇.� ���3j"�_1�NboS�{���]���QR��"G���/l�������HI������6�����>�����������J��2�K �f
  hn����������W�7ۣ����&�~Mr�Kʳ_��S6�����8����D�=��(9���$�l����#s�2uD����jho\?�MI-�{׍�%Μ���@�"���=���i��.-';�U��4��E�El��A���+�Q�c&$�F{E�~KA��!�0^m���x[����XƓ� �h��:?`�f�����G|C�"p� �%�!T9V� �v ��U}����O�K�D3F��u1˂���:D�+��^�m2�>���/�3��c�GϽ�˭y9�U-QR
  ;�w&k�k΅

  Sections

  .text

  Size: - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 4.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 764KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 2.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.5MB - Virtual size: 6.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ