gfaYpday[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gfaYpday.exe
Size

7.3MB
MD5

8e690d7a49350dc48d140e7789eb6b58
SHA1

f68afde49b3f40fe9471239ebc925b845abe1757
SHA256

ac3a122a3c9c2b5fd4b225070b4c9309e1bc7d537ec0817e72706b7dd74d1ed1
SHA512

a888442587efe749ed30622b96ff59d55e0ef06e7d6bdfa22d8bf33fb965b52802bedb7c5d78b86f33079852fba732ddaac0d37dffc98ed38dccdacdd5f7a9f3
SSDEEP

196608:0iGDbJglgOyMcPtkG/uHZMmkj9I9WX4NCe9gos:0iYBOy5uGmHXQXACavs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gfaYpday.exe

Files

gfaYpday.exe
.exe windows:6 windows x64 arch:x64

Password: infected

6e54e9742f4945523ac48c0886d13a69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MoveFileExA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
RtlCaptureContext
InitializeCriticalSectionEx
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
QueryFullProcessImageNameW
AreFileApisANSI
GetModuleHandleW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateFileW
GetConsoleWindow
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
Beep
lstrcpyA
DeleteFileA
GetLastError
CopyFileA
GetTempPathA
Sleep
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
K32EnumProcessModules
CloseHandle
Process32Next
K32GetModuleFileNameExA
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetModuleFileNameA
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
CreateThread
GetCurrentProcess
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringW
GetFileInformationByHandleEx
GlobalAlloc
RtlLookupFunctionEntry
MultiByteToWideChar
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ReleaseCapture
IsIconic
SetCursorPos
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetCursorPos
OpenClipboard
ReleaseDC
SetForegroundWindow
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
UnregisterClassA
RegisterClassExA
CharUpperBuffW

gdi32

GetDeviceCaps

advapi32

SetSecurityInfo
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
RegSetValueExA
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
RegQueryValueExA

shell32

SHGetFolderPathA
ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?uncaught_exception@std@@YA_NXZ
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
_Cnd_do_broadcast_at_thread_exit

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

normaliz

IdnToAscii

wldap32

ord41
ord22
ord217
ord27
ord32
ord45
ord35
ord79
ord30
ord200
ord301
ord143
ord50
ord33
ord60
ord211
ord46
ord26

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore

ws2_32

ntohl
gethostname
sendto
recvfrom
WSACleanup
ioctlsocket
closesocket
freeaddrinfo
recv
send
WSAStartup
WSAIoctl
WSAGetLastError
bind
WSASetLastError
connect
getpeername
socket
getaddrinfo
select
getsockname
__WSAFDIsSet
accept
setsockopt
htonl
getsockopt
listen
htons
ntohs

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
strrchr
memset
memmove
__C_specific_handler
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memcpy
strchr
__std_terminate
strstr

api-ms-win-crt-stdio-l1-1-0

_open
_write
_read
fseek
fwrite
_wfopen
__stdio_common_vsprintf
__p__commode
_set_fmode
fread
_close
__stdio_common_vsscanf
fputc
fflush
__acrt_iob_func
fgetc
ftell
_lseeki64
fgetpos
setvbuf
ungetc
fsetpos
feof
fputs
fopen
_fseeki64
_popen
_pclose
fgets
_get_stream_buffer_pointers
fclose

api-ms-win-crt-string-l1-1-0

strpbrk
tolower
strcmp
strcspn
strncpy
strspn
strcat_s
strncmp
_strdup
isupper

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
calloc
realloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_fstat64
_lock_file
_unlock_file
_unlink
rename

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-runtime-l1-1-0

_getpid
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_resetstkoflw
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__sys_nerr
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
terminate
system
_beginthreadex
abort
exit
_invalid_parameter_noinfo_noreturn
strerror

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale
_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

_dclass
acosf
__setusermatherr
cosf
fmodf
sinf
ceilf
sqrtf
_dsign

Exports

Exports

��^�[�5��;�Y�\D�r�� O\��J��OvO�q��t �Z��~�m�~D��w2h��N��%MbD��u��Xx��͍�N��57�5�9ʓo��'!j�,��|��ۂq�q�n�0C�1�f��:�NϏ��M9G yՄ�G�V��>!�f ��JF�u�S|�Xzt��KUС�� Q 4� ��7U&�t�9�q��9�_��>�Um�7{4z��>��e�&�f�Y⥄��D�Z�v�,�'��_D��}��'�g�ݏ O�q��DD��u��{��_x4d�V��2��L�1;�Z��GvoȄ�}��'q��q�o�ԵY�8��O��:l��"��E�� ,;i� �6�O ��e�aM�Jh�H��d��:̕\�֐�?�1-7[(��ѓ��(�X��)BM�x�z��~�+��}\ �m��`rY\��OW9)��b�[��߳�vR��=Y}�P�DB�5po��y�h*P��Lg/�&��˱�A��ʋ��@�'�'��о?��&U�zB�=�*�J�PD�H�0��D�L\2:�+��Ɵ2��|g� �M��6�YW��z �"%��z.e��D��d�=�,0��z5V�\��o�� BsK`xl��m:+��7��xʒF�U��d��Fo޻�7�&%�p�J*�|$MVK�ft��NxD��7V��*�R/D��9a4,��4�dB��Dd��]��#.i��ev��>�k��@% ��IS��$�O�T��NR2��2��RK�K?afG�Ip��~��M�(#z��;��Ց��j~r��l/k�Ί7��(�� r�$@�a�r�|_�!�'d(%��*��?)�]R��@W�;W��ޫT��"��=A�}��J�̩�ƴ ��@�� C�ÅY�jjU�if(�LV��^�2�CJ�Rg��SoLN��gm`�v Äg�-�j�/��Y�e�4x��ODN��8�T��#�� ڬ��!2C��^(��X��*u� ϋ�j�h�QM��5�$!> �i͆2Y�GG�w�d��Z�A�R��9�a`n��hϼ?�`�Í�{.^J-n?^��>:�E��E�(W��^͒+�W#��|9��R[wB�Гo�DN��Y��A׸��ni�*s:�;5%F��O��k��|*�q��o��YB]�lb񃈢3&y��0��m�iݻc&�asCg��N�5�s��:k7��n�'�.�L�\L$��+��0JU��&q�5��'��g�|��[ �"��z��<��i�,zp� A�g�%�ϴ��H��2�6,��~8� ǯ��"� ��zR�_��H��$a,�#�T�m�r�`��ζ:�CĕeP��2�M��jAN sF��Д7mW�o�Tn��eU ["�;"-h$�A��L�5?VU&��@�_�$��++;Q��{��khȞ��l��ש�U�w��rOX �2��:��*��wk[j�z[��t�:��C�J�!��B�9jq�F�mC��e��A��6Ӿ�ms��>ͥH:ߦ`"�^��X�14�:fn��|ͳ�K��@Dj��$��P<D��L�eHw�;��y]��^w��(�}�T��[�z� ��/7.�P�P�� 7�}��t/�jW��xS��-~!�l.��l�#��m��? e�"Q��?lT�P��"i$x�^⾮_��T�Xd��ZD�¿�Q��B"��s=F�H��؃r��N�㾌+|�q�t��&+65W��g54 ��^T�x~�);Z��9��j��Z��D�4a��U�u�zhʍ�>�uE-*��d4�� !/��HD��\w��#no6��Gw+��6��6N�ʭ�NXZ�+%�"�g��vub��_�G/��H%pʜ�v|3�$Y��Ҭ=�S�>�c �� -6c�+�d��(��/��!�YZ�˦�ά��e��y�x|1�,5��7)�w��9N�v� ��)�?}�J��r z(�� i��go�&$�|82a�.��)3@��Q�k%��K:p��g��h!��L8��}=WNb f��h��Z��Vcr��gfr4+�9#�p��>�?Դ�߰��T0S ~Y��=qˢb7� �E&�;Z�\��JK��ן.�p� �y��i a� ��+�(��(!�':\=�K�(�{��G�ްs�V*9m*�dlc��W�#*:�A;v��Fs��y�-�� >V '�#�KfqQ/��(d6K^ ��S�c�6��X��q��"C�Y�o��;�">.=�@�$�ɓ�3��X�@;��kF��{:��lO"p4e�9a��b+��y/bF��o=��8K7�%�y�H"g�VT��⨉=��Ȣ"�v�~)uՔ��ʪ\�ѹ_��y�{M�� '�3��q"��b/#��֢J(�F��z~��'��̀!,'n�1��%�f��5��ժ�4%o��Lb��G�� k±b�'�} :��h`Mۂ�Y�<�lc˖�n�m �`I&�z�P�5 ��i*�!��Zlx uNF�b��!��c��\��3��O~C��g�p<�ڑ��6�sx!yRC�#��; �j�jc��n&=��~��R�,�>�O��Ʉ)�iS��b=L{��G�5��܀��?m:�j:; �.�Z¨{��_�Ĉ}��Z��wee�`"(X]��Y�E��(R �s��W^��u��g<:�F�DMo�O�$9O��S�3�"�&�+��x��֠}��f�mntK��,�=� b?��Y�u�N58~�O[4ꤟ�98i�ֻd��wY> ���o_:�!̰E��%E��[n

Sections

.text
Size: - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.4gY
Size: - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.o\x
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0Dev
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.< #
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.S{Y
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2 E
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6e54e9742f4945523ac48c0886d13a69

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

d3d9

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 803KB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 44KB

.pdata Size: - Virtual size: 33KB

.4gY Size: - Virtual size: 488B

.o\x Size: - Virtual size: 1KB

.0Dev Size: - Virtual size: 2.5MB

.< # Size: - Virtual size: 3.0MB

.S{Y Size: 5KB - Virtual size: 5KB

.2 E Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 803KB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 44KB

.pdata
Size: - Virtual size: 33KB

.4gY
Size: - Virtual size: 488B

.o\x
Size: - Virtual size: 1KB

.0Dev
Size: - Virtual size: 2.5MB

.< #
Size: - Virtual size: 3.0MB

.S{Y
Size: 5KB - Virtual size: 5KB

.2 E
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 512B - Virtual size: 480B