General

Malware Config

Signatures

Files

• d84041eca0858276599f1048ad508174f1c7b921b515d2e479ac6bf2af0092c0

  .exe windows:5 windows x86 arch:x86

  b6852ed4e334147c4929ea4ff7285899

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\PMS\pms4\Project(20130805)\Update_2010\bin\Update_2010.pdb

  Imports

  kernel32

  GetFileSizeEx

  CloseHandle

  GetSystemDirectoryW

  GetTempPathW

  GetFileAttributesW

  GetTickCount

  GetLastError

  ReadFile

  SetFilePointer

  WriteFile

  FlushFileBuffers

  CreateFileA

  DeviceIoControl

  Sleep

  SetFileAttributesW

  DeleteFileW

  GetCurrentProcessId

  TerminateProcess

  GetProcAddress

  GetTempPathA

  GetModuleFileNameA

  SystemTimeToFileTime

  GetCurrentDirectoryW

  LocalFileTimeToFileTime

  WideCharToMultiByte

  CreateFileW

  OpenEventW

  CreateEventW

  CreateThread

  SetEndOfFile

  HeapReAlloc

  LoadLibraryW

  SetStdHandle

  WriteConsoleW

  HeapSize

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LCMapStringW

  GetVersionExW

  MultiByteToWideChar

  FreeResource

  LockResource

  LoadResource

  SizeofResource

  GetModuleFileNameW

  FindResourceW

  IsProcessorFeaturePresent

  DeleteCriticalSection

  GetFileType

  SetHandleCount

  GetStringTypeW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  HeapCreate

  GetStdHandle

  GetConsoleMode

  GetConsoleCP

  RtlUnwind

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  RaiseException

  GetModuleHandleW

  ExitProcess

  InterlockedDecrement

  GetCurrentThreadId

  HeapAlloc

  HeapFree

  GetCommandLineW

  HeapSetInformation

  GetStartupInfoW

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EncodePointer

  DecodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetProcessHeap

  user32

  LoadCursorW

  RegisterClassExW

  LoadStringW

  wsprintfW

  LoadIconW

  CreateWindowExW

  EndDialog

  PostQuitMessage

  EndPaint

  BeginPaint

  DefWindowProcW

  DestroyWindow

  DialogBoxParamW

  advapi32

  RegQueryValueExW

  RegCloseKey

  RegSetValueExW

  RegOpenKeyExW

  shell32

  ShellExecuteA

  ShellExecuteW

  ws2_32

  htonl

  gethostbyaddr

  WSAStartup

  socket

  gethostbyname

  inet_addr

  htons

  connect

  closesocket

  send

  recv

  WSAGetLastError

  iphlpapi

  GetAdaptersInfo

  Sections

  .text

  Size: 100KB - Virtual size: 100KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 214KB - Virtual size: 216KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  UGFDWSE

  Size: 4KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .adata

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE