blackmoon | 16d825e2e39d1fba7057c075e68f062562ba0af343191dae38a12fbb6c7ef0ff

Sharing

Copy URL

Twitter E-mail

General

Target

16d825e2e39d1fba7057c075e68f062562ba0af343191dae38a12fbb6c7ef0ff
Size

15.8MB
MD5

73f863e3e9565ea6af14d423da22ab95
SHA1

e1357bde13337b24077b84fe81dc94b4195ca34c
SHA256

16d825e2e39d1fba7057c075e68f062562ba0af343191dae38a12fbb6c7ef0ff
SHA512

0f325376aa670958f28fb95c0d7f924ee36d1970ee4fd2aad3c884c2fa26513795c249467db76fdc75249e6032ad16be19bfab1bf26188647292e391b96ebce8
SSDEEP

196608:mWaFQnLeLIyz14i0BpBP6rhbYVxMnJVg6qSw6ssR3nMOBdHTSu:mdwqLoiKPP6riVunQQwfs9nMOrHT3

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16d825e2e39d1fba7057c075e68f062562ba0af343191dae38a12fbb6c7ef0ff

Files

16d825e2e39d1fba7057c075e68f062562ba0af343191dae38a12fbb6c7ef0ff
.exe windows:5 windows x86 arch:x86

0caef1e4eeb980a3120fd12122959c82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
GetModuleFileNameA
CreateFileA
IsBadReadPtr
HeapFree
ReadFile
HeapReAlloc
HeapAlloc
ExitProcess
GetTickCount
GetTempPathA
Sleep
GetLocalTime
LocalSize
GetProcessHeap
VirtualAlloc
VirtualProtectEx
WideCharToMultiByte
LocalAlloc
lstrlenW
GetFileSize
GetCurrentDirectoryA
FreeLibrary
LoadLibraryA
LCMapStringA
FlushFileBuffers
MapViewOfFile
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetStringTypeW
GetStringTypeA
GetOEMCP
GetCommandLineA
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleA
SetStdHandle
RtlMoveMemory
LocalFree
GlobalAlloc
GlobalLock
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RaiseException
GlobalUnlock
GlobalFree
LoadLibraryW
GetProcAddress
MultiByteToWideChar
CreateFileMappingA
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
DeviceIoControl
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
VirtualAlloc
VirtualFree
GetSystemInfo
SetLastError
VirtualProtect
IsBadReadPtr
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
TerminateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeZoneInformation
GetVersion
FileTimeToSystemTime
CreateMutexA
ReleaseMutex
SuspendThread
GetACP
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadCodePtr
InterlockedExchange
LocalFree
InterlockedDecrement
InterlockedIncrement
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
ShowWindow
TrackMouseEvent
CallWindowProcA
IsWindow
ReleaseDC
UpdateLayeredWindow
GetDC
wsprintfA
GetWindowLongA
DispatchMessageA
OpenClipboard
GetSystemMetrics
GetClassNameA
EnumWindows
GetCursorPos
GetClipboardData
GetMessageA
PeekMessageA
GetAncestor
GetWindowRect
TranslateMessage
CreateWindowExA
SendMessageA
EnumChildWindows
GetPropA
SetPropA
CloseClipboard
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
SetPropA
CreateWindowExA
RegisterClassA
GetPropA
DefWindowProcW
GetDesktopWindow
GetClassNameA
UnregisterClassA
GetDlgItem
FindWindowExA
GetWindowTextA
SetWindowTextA
GetForegroundWindow
CallWindowProcA
RegisterHotKey
UnregisterHotKey
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
GetMessageA
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
GetClassInfoA
wsprintfA
WaitForInputIdle
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
EqualRect
CreateIconFromResourceEx
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
UnhookWindowsHookEx
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
CloseClipboard
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBSection
DeleteObject
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetTextExtentPoint32A
TranslateCharsetInfo
CreateFontA
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetDeviceCaps

gdiplus

GdipGetRegionBounds
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusStartup
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetImageWidth
GdipDeletePen
GdipSetSmoothingMode
GdipGetImageHeight

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID

imm32

ImmGetContext
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionWindow

shell32

ShellExecuteA
SHAppBarMessage
Shell_NotifyIconA
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA

shlwapi

PathFileExistsA

winmm

PlaySoundA
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiStreamRestart
midiStreamStop
midiOutReset
midiStreamClose
waveOutUnprepareHeader
waveOutRestart

ws2_32

WSAAsyncSelect
closesocket
send
WSAStartup
inet_ntoa
ntohl
recvfrom
ioctlsocket
recv
getpeername
accept
WSACleanup
select

rasapi32

RasHangUpA
RasGetConnectStatusA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantCopy
UnRegisterTypeLi
VariantClear

comctl32

ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

hh�y��eU!6f�s�� 7�j��J#Qsq�]s��SS��gF�+H޸�ٖ�\$��Y)�2'W�=R~j:!��m��怳M5�sW}��Ŝi�',8�N<��٧��ǆY�f\��$��p�l�2>�� b��I�J�oG� ɄEP)� �G�&��0.�F�]�&�o�5��A�t��ӗ=��#�UEP��~p�ĕm�p�g'��@��(��`bxD�$��H�d��lMq��<��=|�@��`��@�f�(ɘѼ�X{'��t;_Y��x ޵��|<TZ�2Ϲ@ R��$�J�Y��'O��e��|i��)7z��Z\��06��Ǿ�nA�/�#��QHlC�:��Əⰺ�;D��9 ��?�m2��7;��F�;Pj��3�{i��C\��M�cQգ�|��NM[�L�mQ��@:��cR&��Ц�D�ؘu�@0��N��>�� _��pԒ�P#�8hƦ��/�Ӷ{�Z�Ǧ}k,[g �N��M-'�Wc0�QA�-�;�OL:`!Tv�ʿ��B>윱F��<<F��Ծ� ��?��g��bd�� h��a�嚉�[%K��oL��5��.��f�p��B�;�3z��?�CjD��:~L��V͟�-q^ūt��e@�!��hpצ/ ^GP+<Z,ƞ� �Y��nh�p��D3n�(��w�E�Z�a `2?#ܞt'%��Z`��p�?��0�V��~��F.��'�V{^�kG��t�_�hB�?�>a�m��(5/�IZ=f��ޤ��!HlE~��Fd��69��M��/嵪�3Lĩ��e��m�j%� ��J�F�uE;n�.@�|w�<��L��7(�EQ��͎=f�G��iނ��L��a)fNUp�O�)d��6ʔj��6R~G�S�ª ܳ&y��| �y -5�=�*B��zWDy�qڧv8��=3_}xm��>�.r�%�0�B�� 8I�+s�\o��=}y��$�-��H�*� ��S��ډ��&�� SdRV��˚E>�8[|�+Ɂ�hX#JN��).�@�z��͵�� 6�&oHsE��k��b�e�x��x�3�]�j`��N�S$��;��bs��Q��Q��Z`��k.��Zc_�O��O��{�o��%� �+��K�w#?��-ϭ�a�:��80�Ҳ�M�Ò��O��⯩YwQ�1~e�ޕ�ܣ�;�Cӗ�Z�af��o�ߩ��${�C�Rs�\ga�� [`��C�� 0r9'�=bx/y�3�P��j�؋ϔٻ�� \�k&F�x�}��PӇ,��cK��h��~Z3��{k�x�;$��`pE��z}^�s��;��dm ��nH\ %3�I4�f�'��F�1^K��u�<�KPQ~�N��(?��x��j�s͐E��pظ&d�I�,��q��w v��.)��t�Q�(�(��pa��u�od'�-w �� UE�}��7�{M��:ۥ�TOa�.AF<�{�7J�y!�8�+ q t� ��(1��}-�`� G�~�-��oA�|� ��?��T��0��?_C��pO�޷,A'ZnK��H�5Rh�B�W BB�0�{��d�0�r�gLR�v�t� ;� (��Ve� ��-/� ��"��b>� :E\�r��p:I�?c[��<��V]��K��A��'�9L Vd��2�j�x��z��=a��.��>*�79�Z��eԄ:S ��TT�+�w'(k0�c��A�\��˜4� �ָ�澖��;ÿ��NA��Բ��+�rh��w��䜹�N�۲{�e�nO��:��<m��i��|�f��˻=>��;]��O��B��f屻7��ͺ�5^�5J�3��\3��E(FS�U�ź��#m�ʃ`��ƚ��#c��m��(�z�t�7b!��=ޯ y␨"Ghʱ��f��K�L��wK��}(�v��Y]�� G��@��Q��6�Br9��&G��^�_�=5�1��Oǟ2��x�+��rJqyZ��fDҦ��H�"�/@�׭<��"8q�% V�3�ߩ��Q�И 0��p��S�K��(i؃��$�k�DNи��t�.y�Y��c6X�'��m��vƲ��W��;D��CY��s�_j��7Ѻ��u��9=p�DO!!6�.=֛�&�XA��D��Z��*4N�k�gH�At�+��Z�4��Tε��!�qyu^�dZ8%9hmn��~*�F��>U*��a�� +�ipa�ԟ�JHs�s�0��'�ܾ��p��Y��+�]�cv��*R��}�!��l�?�<�yyH��4V��l]��˱�k��,C��UD��UJs.��K�$}0��hR!�W�ȴ��t��"q8BF��.��UeFbo�K��x7\��2�~��5��@RP�J� 5v�ۓꔫ�M�^y~A�N,X�+��ZSu��4��TU��ֲ��>U��Kg��2��<O)�}�_�j��+K��f=�[�M��c�!��^٩$�=�CHI��x8��ȧ�^�*Ց��B�e&�v�)J�T `j��h�WӾ��6�U U�Fɂ��˕��+!�tn쇙�k�e��>z?� %P�mSy��Dŝ#=w�,�o��жXT�/�z��Iq��-�v4s��dp~�� 5��HM��G޻ͦ��л��Z�#\洑��rG��BU�r��{~G��GtAk(�$uI��)��6n�2�4�n��!c�h�|_��!�|q9E��a�d{�Au��C��ޞ{Zm��a�`��q�Z^~!P��+󊮒�

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmps1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0caef1e4eeb980a3120fd12122959c82

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

ole32

imm32

shell32

shlwapi

winmm

ws2_32

rasapi32

winspool.drv

advapi32

oleaut32

comctl32

wininet

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 8.0MB - Virtual size: 8.0MB

.data Size: 436KB - Virtual size: 718KB

.vmps0 Size: 2.2MB - Virtual size: 2.2MB

.vmps1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 88KB - Virtual size: 85KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 8.0MB - Virtual size: 8.0MB

.data
Size: 436KB - Virtual size: 718KB

.vmps0
Size: 2.2MB - Virtual size: 2.2MB

.vmps1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 88KB - Virtual size: 85KB