General

Malware Config

Signatures

Files

• d3aae7eeb8c80b9c78f822f247971f0c

  .exe windows:6 windows x86 arch:x86

  51ff75d6d097884e3e24394f5a7d0c8f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  EnterCriticalSection

  GetCurrentProcess

  WriteFile

  LeaveCriticalSection

  SetFilePointer

  InitializeCriticalSectionEx

  UnmapViewOfFile

  GetModuleHandleA

  HeapSize

  MultiByteToWideChar

  GetFileInformationByHandle

  CopyFileA

  GetLastError

  CreateFileA

  FileTimeToSystemTime

  LoadLibraryA

  LockResource

  HeapReAlloc

  CloseHandle

  RaiseException

  FindResourceExW

  LoadResource

  FindResourceW

  HeapAlloc

  GetLocalTime

  DecodePointer

  HeapDestroy

  GetProcAddress

  CreateFileMappingA

  GetFileSize

  DeleteCriticalSection

  GetProcessHeap

  SystemTimeToFileTime

  FreeLibrary

  WideCharToMultiByte

  HeapFree

  MapViewOfFile

  GetTickCount

  IsWow64Process

  AreFileApisANSI

  GetFullPathNameW

  LockFile

  InitializeCriticalSection

  GetFullPathNameA

  SetEndOfFile

  GetTempPathW

  CreateFileW

  GetFileAttributesW

  GetCurrentThreadId

  Sleep

  GetTempPathA

  GetFileAttributesA

  GetVersionExA

  DeleteFileA

  DeleteFileW

  LoadLibraryW

  UnlockFile

  LockFileEx

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetSystemTime

  FormatMessageA

  QueryPerformanceCounter

  FlushFileBuffers

  SetStdHandle

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetOEMCP

  GetACP

  IsValidCodePage

  SizeofResource

  GetModuleFileNameA

  CreateProcessA

  ReadFile

  ReadConsoleW

  GetTimeZoneInformation

  GetFileSizeEx

  GetConsoleMode

  GetConsoleCP

  GetFileType

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  WriteConsoleW

  GetDateFormatW

  GetCommandLineW

  GetCommandLineA

  GetStdHandle

  GetModuleFileNameW

  GetModuleHandleExW

  ExitProcess

  QueryPerformanceFrequency

  VirtualQuery

  VirtualProtect

  VirtualAlloc

  GetCurrentDirectoryW

  CreateDirectoryW

  FindClose

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  RemoveDirectoryW

  SetFilePointerEx

  SetLastError

  GetModuleHandleW

  CopyFileW

  LocalFree

  GetStringTypeW

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  CreateEventW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  IsDebuggerPresent

  OutputDebugStringW

  SetEvent

  ResetEvent

  WaitForSingleObjectEx

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  InitializeSListHead

  TerminateProcess

  RtlUnwind

  LoadLibraryExW

  GetSystemInfo

  user32

  GetDC

  GetSystemMetrics

  ReleaseDC

  GetDesktopWindow

  gdi32

  DeleteObject

  GetObjectA

  shlwapi

  PathFindExtensionW

  PathFindExtensionA

  gdiplus

  GdipSaveImageToFile

  GdipCreateBitmapFromScan0

  GdipGetImageEncodersSize

  GdipDisposeImage

  GdipGetImageEncoders

  GdiplusStartup

  GdipCreateBitmapFromHBITMAP

  GdiplusShutdown

  wininet

  HttpEndRequestA

  HttpSendRequestExA

  InternetOpenA

  InternetCloseHandle

  HttpOpenRequestA

  HttpSendRequestA

  InternetConnectA

  InternetReadFile

  Sections

  .text

  Size: 609KB - Virtual size: 608KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 110KB - Virtual size: 110KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 34KB - Virtual size: 33KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ