General

Malware Config

Signatures

Files

• 37157625bef24977ce0cf11e74b3d5c8412a0638b541e51cc0944b5127b2469d

  .exe windows:5 windows x86 arch:x86

  b43a53d3077a7147b6ebcadbdc920a98

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-50\bin\HRConfig.pdb

  Imports

  kernel32

  IsDebuggerPresent

  OutputDebugStringW

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  IsProcessorFeaturePresent

  VirtualAlloc

  VirtualFree

  GetCPInfo

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  ResetEvent

  WaitForSingleObjectEx

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentProcessId

  RtlUnwind

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  lstrcmpW

  ExpandEnvironmentStringsW

  DecodePointer

  LoadLibraryExW

  lstrcmpiW

  GetFileAttributesExW

  GetCurrentDirectoryW

  LoadLibraryW

  SetCurrentDirectoryW

  GetModuleFileNameW

  GetUserDefaultUILanguage

  CreateEventW

  WaitForMultipleObjects

  SetEvent

  TerminateThread

  GetExitCodeThread

  GetLogicalDrives

  GetVolumeInformationW

  GetDriveTypeW

  GetLogicalDriveStringsW

  SetErrorMode

  QueryDosDeviceW

  CreateThread

  lstrlenW

  SetLastError

  InitializeCriticalSectionAndSpinCount

  GetCurrentThreadId

  RaiseException

  ReleaseMutex

  WaitForSingleObject

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingA

  OpenFileMappingA

  CreateMutexW

  OpenMutexW

  LocalAlloc

  GetVersionExW

  LoadLibraryExA

  FreeLibrary

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  FindClose

  FindNextFileW

  FindFirstFileW

  GetFileAttributesW

  LoadLibraryA

  GetVersion

  GetModuleHandleA

  GetTickCount

  InterlockedIncrement

  DeleteCriticalSection

  LocalFree

  Sleep

  OpenProcess

  InitializeCriticalSection

  LeaveCriticalSection

  GetCurrentProcess

  GetLongPathNameW

  EnterCriticalSection

  InterlockedExchange

  DeviceIoControl

  CreateFileA

  GetSystemDirectoryA

  MultiByteToWideChar

  GetSystemDefaultLangID

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  WideCharToMultiByte

  InterlockedDecrement

  GetNativeSystemInfo

  GetWindowsDirectoryW

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  MoveFileW

  DeleteFileW

  GetTempFileNameW

  GetFileSize

  WriteFile

  ReadFile

  GetLastError

  GetModuleHandleW

  GetProcAddress

  CreateFileW

  CloseHandle

  GetStdHandle

  GetACP

  GetFileType

  SetEnvironmentVariableA

  SetEnvironmentVariableW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetConsoleCP

  GetConsoleMode

  ReadConsoleW

  SetFilePointerEx

  FindFirstFileExW

  IsValidCodePage

  GetOEMCP

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  FlushFileBuffers

  WriteConsoleW

  SetEndOfFile

  user32

  InvalidateRect

  CharNextW

  IntersectRect

  CopyRect

  UnionRect

  EqualRect

  IsRectEmpty

  SetRectEmpty

  GetClientRect

  SetFocus

  IsWindowVisible

  MoveWindow

  PostMessageW

  ReleaseDC

  GetDCEx

  SetWindowLongW

  GetWindowLongW

  LoadCursorW

  SetCursor

  GetWindowThreadProcessId

  BringWindowToTop

  IsWindow

  ClientToScreen

  GetParent

  SetTimer

  IsChild

  GetSystemMetrics

  DefWindowProcW

  SetWindowPos

  ScreenToClient

  SendMessageW

  GetWindowRect

  GetMessageW

  RegisterWindowMessageW

  EnumThreadWindows

  EnumChildWindows

  SendMessageTimeoutW

  DestroyWindow

  SetForegroundWindow

  FindWindowW

  PeekMessageW

  ShowWindow

  TranslateMessage

  DispatchMessageW

  PostQuitMessage

  GetWindow

  MapWindowPoints

  KillTimer

  GetScrollInfo

  LoadImageW

  SetWindowTextW

  EnableWindow

  GetClassInfoExW

  RegisterClassExW

  UnregisterClassW

  CreateWindowExW

  FlashWindow

  SetWindowRgn

  IsIconic

  OffsetRect

  MonitorFromWindow

  GetMonitorInfoW

  IsZoomed

  CallWindowProcW

  gdi32

  GetObjectType

  DeleteObject

  SelectObject

  CreateRoundRectRgn

  DeleteDC

  CreateCompatibleDC

  SetLayout

  CreateDIBSection

  advapi32

  RegOpenKeyExW

  RegQueryValueExW

  RegEnumKeyExW

  RegDeleteKeyW

  RegCreateKeyExW

  GetSidSubAuthority

  CheckTokenMembership

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  RegEnumValueW

  RegEnumKeyW

  RegQueryInfoKeyW

  FreeSid

  SetEntriesInAclW

  AllocateAndInitializeSid

  SetSecurityDescriptorDacl

  RegCloseKey

  RegCreateKeyExA

  InitializeSecurityDescriptor

  OpenProcessToken

  ConvertSidToStringSidW

  GetTokenInformation

  RegQueryValueExA

  RegEnumKeyExA

  RegOpenKeyExA

  RegSetValueExW

  RegDeleteValueW

  shell32

  SHGetFolderPathW

  ShellExecuteW

  DragFinish

  DragQueryFileW

  SHGetFileInfoW

  SHGetSpecialFolderLocation

  SHGetSpecialFolderPathW

  DragAcceptFiles

  ole32

  CoTaskMemRealloc

  CoTaskMemFree

  CoTaskMemAlloc

  CoCreateInstance

  CoUninitialize

  CoInitialize

  oleaut32

  VarUI4FromStr

  shlwapi

  PathIsUNCW

  PathFileExistsW

  comctl32

  ImageList_GetImageCount

  InitCommonControlsEx

  ImageList_DrawIndirect

  Sections

  .text

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 301KB - Virtual size: 304KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 41KB - Virtual size: 72KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 455KB - Virtual size: 455KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ