General

Malware Config

Signatures

Files

• dypyw5.exe

  .exe windows:6 windows x64 arch:x64

  635e76f676fd4d1fed4a79a5c8da66c4

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetSystemTimeAsFileTime

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetWindowLongW

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  advapi32

  CloseServiceHandle

  ole32

  CoCreateInstance

  oleaut32

  SysStringLen

  msvcp140

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  d3d9

  Direct3DCreate9Ex

  d3dx9_43

  D3DXCreateTextureFromFileInMemory

  dwmapi

  DwmExtendFrameIntoClientArea

  imm32

  ImmSetCompositionWindow

  normaliz

  IdnToAscii

  wldap32

  ord79

  crypt32

  CertFreeCertificateChainEngine

  ws2_32

  ntohl

  rpcrt4

  UuidToStringA

  psapi

  GetModuleInformation

  userenv

  UnloadUserProfile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __std_exception_destroy

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  api-ms-win-crt-convert-l1-1-0

  strtoul

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-runtime-l1-1-0

  _set_app_type

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  api-ms-win-crt-string-l1-1-0

  tolower

  api-ms-win-crt-math-l1-1-0

  powf

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-filesystem-l1-1-0

  _stat64

  api-ms-win-crt-locale-l1-1-0

  localeconv

  shell32

  ShellExecuteA

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  hn�[��_������VJ��5_b$eu��-oq�ib���2e�<0�� ���h��y��A�XU:k�)�x<� �H�6�8X7��v&�!�������a��@m��k�GE�wTV%�!2���'٤�S󝦾�~��p ٣������]��6%�hh��"GEo�A����Y�K-��͘�vR+Y�5�������obhk\�肁p���cO ��A~5i�mS�U�I�fɌ��V�ե�������b�z�+�ڟ����� �2���n�g1�0XFnr��M�`B���٦4[?%$�}��2��K� �3I�θ�-�ې�Г@'�6P��̄ߋ?�����:y3&�#ʇn�R����㐇�oa��EbΙ���`,�ց�{+�;g�%p��0���}���{��d.� ��c��d$#+�䧉�+џ����)���3���*dL���y�*���y0�$]����ƯT���z<0�b3Z� ��HA�0���ź�,#;D����tS[/"8=�����!��^�:x�Ԉ7D�!����[h�A��5����r�b�'Z 0� *��d���aw<��8|OS;��G5��+�2�X}�p�-9x�(0��ӴD{ew`��uz�X�r;0����"�������~_cy��0zp�<��rD�r��wS��$h'p�O>��ح�db\ ��� ftQ�9�9G~נ��`ʝl�x��x�2��,w,�L�d}��B��#1���*��o�q%K�ld� ����.a�Y�(ӷ�~��@˂'��<�:��_���#��'r�H�žM�� T{���ۻDT�kcp����S�����flT�X@�qVN5��Ͱ4Ƀ��� ���U�:��3����w���'�*Ō?C�E�S�pQ����[ XY��Ji���TS���g��V\�GK&?��vT�C{�� �*�3{9DI�����wm��I�����b*��|�\�����/���\��<�nMx�^�+V����v��L��f���O�����~4b��T��`H�����"I����sr�� r�����̃.� �j��?O�˕��~*����T�ܤDp�|�p./ �����(�=B�P��lv܎��n���ϴ��b�t���{St��j�̍�z��2Q4J���pl��ؓ�O6Oh�T��WX���j,��\n��"�q�����a?6m�,����c:�?^
  � w.�J���m�a* � w��F�����=$�$�&
  ��CEIKB���x2��&��p1`�܌��7H�_� jm��Ɣ��Ő�'�GRP;���;Zɪ|��S����2Mje�+�@��d�iu��g˧4Æ��$���������و̼cDD�r���]�LZfR �:�0�h͓�����SQ��1f�U��i �`�� ��� !��1 ��{�z'k^*���f^�?x��j.�p�C3@E->f�sBM�d��?�5/m�����8��ziNmQ��*k�A9�CQ
  �@�\����O1����C��i�h)���BR��)�?�G����g�s�P�q0.�}k��,���� ̛��p蘻 �M�mB!J��zg��"U���K)nֶ�{ �����]�݅\=�!��e�����k�|5��ہ�@�ᑛ���C����g2� f���fD�OTP�3dK3�bWZ!�C�4Y���t�b�W��l�-By�wu�޵M�� h��$Ef,u<�Rr_����?�R��DT��k�Q����ڙ�& /�`J�G���*?�����\��=��X I�t���u�N|@���"�b�o�Jϲ�p�؂Ni=�%<�w3�DP�y �1���+3�(���m>ٿ���S�٘��;_aM�%�Ȧ���z�z���!���!�8VU 3P�]�:��Á�ۯ����6�Vv+��I強��E�bhP��Z[>��0� T
  �|�\&����> dK,Y���~fG��n�F(-F?���y45��욋84����X�Q�%Zh����Ҽ����ԛG1(pXŨ�7b z>]�����vglX���_H�7l'�9E���ږ��������w���#,� V!y&��/�Ѯps�G��p��� N�9B��Lמ_3��:�v��b�t�io>ь�o�P._~;ȣY�8�Qj�?�6��'I�]�Q�i��;������5��ְ��ɾg L��Ct��0��L@g�J5�a�<1���5�����L�� �Htɏ���/�F�nZ���bIW���&%d�Ha�}ÙB���Ǟ � ���=��]<Ŕ_\SO媉�6���Y�=w��|r���8�<T[�΋�[l?�>��[`���[=����D��Y)r~6�W�� :�2B��bT\�L��$� `I�|�i�۝zU��Û�@:��uz���L�8^R{ �{Q=�t-,��^B� �Ȭx�B��%z|*O.��-���"���#�~Y&-�^�$U��С�uΫʶ���p�E‚�\��M�j���܂>��Z����!Z��,lr��B������J%D!=��#U�Κ��+I���Y�,�8���Yj�O�P �Ðv�w��@N+I*s���D��73��=�V����I`�Ow��%u5u�o[u��r�� j������g������J�F�6���㮀f�J�}��EѐF� P/D-z@\� .J0g"�D�O�x��\
  +��텫��ss��G���;��K�}��NJ�o��lk\��(�a>��ε��=y�ܱxCzi �|p�y�gD9oQc�l�=8<[�F��'ͽ���T����{�X^�Ư=��uL$�`���=$�f��#:OkC1�-o3��%`��� k�b}��T�c����{n!��BXq�8f�3�Tq��9�b=q�,��C-��.3��uh+��#��4�@�=��)���E�Hղ� mK�3~���n��Ѝ�ؒHh3�^� �`)����=�CI�����W>�5'�������!Z~��] ����P�ߙ���=�D�r�g]�B�Q��y�w�g��#mZ��$B��;1.�p��Ҹ����}��������W�7�DHz����`:�ܷ�lȹ�¾"ob�l+/ �pBݤ

  Sections

  .text

  Size: - Virtual size: 1.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 252KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 196KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.0MB - Virtual size: 6.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 200B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ