amadey | All[.]ElectroRAT[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

All.ElectroRAT.zip
Size

881KB
MD5

7ff8d31ad43f62f1c6876b725a1ebb1f
SHA1

e23baf502bf5b2eb81fea0a2e570e7ade8998bee
SHA256

dda14413450a11f336a8305cf274943d614905c3429d4f0efeffe6bf4b8b7bdc
SHA512

b1afbd5ed92933ffa1a1add1b5b8cc581c7361d8106fed20a8aee1493af7a0279b27e4220515d39e4f5640df43309aa40073750f9e232438cc5f7a561273a9c6
SSDEEP

12288:yykcN4NEaT6082MQxzgoOnAlUiQNd83MBBPXyyg1/UgGc3G4af3ENPNBAIhH6oRt:vkckET92MAs8oNvLKBU5l4iCsWvVbGo

Score

10^/10

044a28 cred module amadey

Malware Config

Extracted

Family

amadey

Version

2.03

Botnet

044a28

Attributes

install_dir
3101f8f780
install_file
gbudn.exe
strings_key
98efc0765f4c223e79368db4c8650353
url_paths
/hfv23svj2/index.php

rc4.plain

Signatures

Amadey family
amadey

Detect Amadey credential stealer module 1 IoCs

cred module

resource	yara_rule
static1/unpack001/ca467e332368cbae652245faa4978aa4	amadey_cred_module

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2a3b92f6180367306d750e59c9b6446b
unpack001/b154ac015c0d1d6250032f63c749f9cf
unpack001/b96bd6bbf0e3f4f98b606a2ab5db4a69
unpack001/bb8e52face5b076cc890bbfaaf4bb73e
unpack001/ca467e332368cbae652245faa4978aa4
unpack001/e93d6f4ce34d4f594d7aed76cfde0fad
unpack001/fa5390bbcc4ab768dd81f31eac0950f6

Files

All.ElectroRAT.zip
.zip

Password: infected
0468127a19daf4c7bc41015c5640fe1f
.exe windows:6 windows x86 arch:x86

8b847a7b9c8a22909cec12c67eb79951

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:1f:8c:d5:9e:64:74:6b:ea:e1:53:ec:ca:21:06:6b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-05-2019 00:00

Not After

04-06-2020 12:00

Subject

CN=Mozilla Corporation,OU=Release Engineering,O=Mozilla Corporation,L=Mountain View,ST=California,C=US,1.2.840.113549.1.9.1=#0c2072656c656173652b636572746966696361746573406d6f7a696c6c612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:e6:c7:62:64:fb:ef:42:6c:71:1b:a1:1b:c5:1a:da:5c:ee:e0:1c
Signer

Actual PE Digest

e2:e6:c7:62:64:fb:ef:42:6c:71:1b:a1:1b:c5:1a:da:5c:ee:e0:1c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleA
IsValidCodePage
GetLastError
ExitProcess
GetModuleHandleW
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

user32

GetMessageW
TranslateMessage
DispatchMessageW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2a3b92f6180367306d750e59c9b6446b
.exe windows:6 windows x86 arch:x86

37feaa2c735711635bed71303ba0b945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Mktmp\NL1\Release\NL1.pdb

Imports

kernel32

GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetVersionExW
SuspendThread
GetComputerNameExW
ResumeThread
GetModuleHandleA
Sleep
GetLastError
GetFileAttributesA
CreateFileA
CloseHandle
GetSystemInfo
LoadLibraryW
GetModuleFileNameW
HeapAlloc
GetThreadContext
GetProcAddress
VirtualAllocEx
LocalFree
ReadProcessMemory
GetComputerNameW
GetProcessHeap
GetModuleHandleW
FreeLibrary
CreateProcessA
CreateDirectoryA
SetThreadContext
WriteConsoleW
SetEndOfFile
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
HeapFree
WriteProcessMemory
CreateThread
GetModuleFileNameA
HeapSize
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
CompareStringW
LCMapStringW
DeleteFileW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
DecodePointer

user32

GetSystemMetrics

advapi32

ConvertSidToStringSidW
GetUserNameW
LookupAccountNameW

shell32

ShellExecuteA
ShellExecuteExW

wininet

InternetConnectW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetOpenUrlW
HttpOpenRequestW

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b154ac015c0d1d6250032f63c749f9cf
.exe windows:5 windows x86 arch:x86

db984d50afe43b86386f77062f219561

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetLastError
GetProcAddress
LoadLibraryA
SetLocaleInfoW
HeapAlloc
CloseHandle
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetModuleHandleW
RtlUnwind
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetCurrentProcess
HeapSize
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapCreate
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
HeapReAlloc

user32

EndPaint
PostQuitMessage
GetClientRect
BeginPaint
GetDC
ReleaseDC
DefWindowProcW
GetMessageW
LoadCursorW
TranslateMessage
LoadIconW
ShowWindow
CreateWindowExW
RegisterClassW
UpdateWindow
DispatchMessageW

gdi32

LineTo
GetStockObject
MoveToEx

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b96bd6bbf0e3f4f98b606a2ab5db4a69
.exe windows:5 windows x86 arch:x86

703ac4d1b72c1ccdd10c79b1648fa904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
lstrcpyW
VirtualProtect
VirtualFree
VirtualAlloc
IsValidCodePage
GetLastError
LoadLibraryA
ExitProcess
IsValidLocale
GetModuleHandleW
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
SetStdHandle
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW

user32

DefWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
ShowWindow
GetMessageW
TranslateAcceleratorW
TranslateMessage
LoadCursorW
PostQuitMessage
UpdateWindow
BeginPaint
EndPaint
DispatchMessageW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bb8e52face5b076cc890bbfaaf4bb73e
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main

Sections

CODE
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 63B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ca467e332368cbae652245faa4978aa4
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Main

Sections

CODE
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e93d6f4ce34d4f594d7aed76cfde0fad
.exe windows:5 windows x86 arch:x86

7e7cdb2d3b22f798dfcef9c5a8c303bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcAddress
GetModuleHandleA
CloseHandle
lstrcpyW
ExitProcess
GetModuleHandleW
GetLastError
IsValidCodePage
MultiByteToWideChar
LCMapStringW
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
WideCharToMultiByte
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
Sleep
LoadLibraryW
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW

user32

GetMessageW
TranslateMessage
ShowWindow
CreateWindowExW
UpdateWindow
DispatchMessageW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fa5390bbcc4ab768dd81f31eac0950f6
.exe windows:6 windows x86 arch:x86

8b847a7b9c8a22909cec12c67eb79951

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleA
IsValidCodePage
GetLastError
ExitProcess
GetModuleHandleW
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

user32

GetMessageW
TranslateMessage
DispatchMessageW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

8b847a7b9c8a22909cec12c67eb79951

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:1f:8c:d5:9e:64:74:6b:ea:e1:53:ec:ca:21:06:6bCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

e2:e6:c7:62:64:fb:ef:42:6c:71:1b:a1:1b:c5:1a:da:5c:ee:e0:1cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 4KB - Virtual size: 3KB

37feaa2c735711635bed71303ba0b945

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wininet

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

db984d50afe43b86386f77062f219561

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 421KB - Virtual size: 420KB

.reloc Size: 2KB - Virtual size: 2KB

703ac4d1b72c1ccdd10c79b1648fa904

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 255KB - Virtual size: 255KB

.reloc Size: 4KB - Virtual size: 3KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:1f:8c:d5:9e:64:74:6b:ea:e1:53:ec:ca:21:06:6b
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

e2:e6:c7:62:64:fb:ef:42:6c:71:1b:a1:1b:c5:1a:da:5c:ee:e0:1c
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 421KB - Virtual size: 420KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 255KB - Virtual size: 255KB

.reloc
Size: 4KB - Virtual size: 3KB

CODE
Size: 194KB - Virtual size: 194KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 63B

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 6KB

CODE
Size: 101KB - Virtual size: 101KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 64B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 622KB - Virtual size: 621KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 520KB - Virtual size: 520KB

.reloc
Size: 4KB - Virtual size: 3KB