General

Malware Config

Signatures

Files

• entropy.rar

  .rar

  Password: entropy

• entropy/entropy.dll
• entropy/entropy.exe

  .exe windows:6 windows x64 arch:x64

  Password: entropy

  c2d457ad8ac36fc9f18d45bffcd450c2

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  WriteFile

  WriteConsoleW

  WerSetFlags

  WerGetFlags

  WaitForMultipleObjects

  WaitForSingleObject

  VirtualQuery

  VirtualFree

  VirtualAlloc

  TlsAlloc

  SwitchToThread

  SuspendThread

  SetWaitableTimer

  SetProcessPriorityBoost

  SetEvent

  SetErrorMode

  SetConsoleCtrlHandler

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  ResumeThread

  RaiseFailFastException

  PostQueuedCompletionStatus

  LoadLibraryW

  LoadLibraryExW

  SetThreadContext

  GetThreadContext

  GetSystemInfo

  GetSystemDirectoryA

  GetStdHandle

  GetQueuedCompletionStatusEx

  GetProcessAffinityMask

  GetProcAddress

  GetErrorMode

  GetEnvironmentStringsW

  GetCurrentThreadId

  GetConsoleMode

  FreeEnvironmentStringsW

  ExitProcess

  DuplicateHandle

  CreateWaitableTimerExW

  CreateThread

  CreateIoCompletionPort

  CreateFileA

  CreateEventA

  CloseHandle

  AddVectoredExceptionHandler

  AddVectoredContinueHandler

  Sections

  .text

  Size: 4.6MB - Virtual size: 4.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 463KB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 107KB - Virtual size: 107KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 512B - Virtual size: 180B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  /4

  Size: 512B - Virtual size: 297B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /19

  Size: 891KB - Virtual size: 890KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /32

  Size: 166KB - Virtual size: 165KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /46

  Size: 512B - Virtual size: 48B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /65

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /78

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /90

  Size: 318KB - Virtual size: 317KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .idata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 64KB - Virtual size: 63KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .symtab

  Size: 682KB - Virtual size: 682KB

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• entropy/entropyloader.dll