General

Malware Config

Signatures

Files

• 240313-epmldaec36_pw_infected.zip

  .zip

  Password: infected

• c4ee18d4a484321620bef6ddd00fc620

  .exe windows:6 windows x86 arch:x86

  Password: infected

  6ef74f7b87fa15b6df54d064a5b8ef31

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetStdHandle

  GetCommandLineW

  WriteFile

  GetLastError

  HeapAlloc

  HeapFree

  GetProcessHeap

  WaitForSingleObject

  GetCurrentProcess

  ExitProcess

  GetExitCodeProcess

  CreateProcessW

  GetWindowsDirectoryW

  VirtualProtect

  IsWow64Process

  FreeLibrary

  GetModuleHandleW

  GetProcAddress

  LoadLibraryExW

  LocalFree

  GetBinaryTypeW

  lstrlenW

  WideCharToMultiByte

  EnumTimeFormatsW

  GetConsoleOutputCP

  WriteConsoleW

  user32

  LoadStringW

  MessageBoxW

  ole32

  OleInitialize

  OleUninitialize

  msvcrt

  towlower

  malloc

  memset

  Sections

  .text

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 286B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ