General

Malware Config

Signatures

Files

• 0d5c74ededad90cf94e042cda47c65f13741944ff9a8832dda9d21a4ed679299

  .exe windows:5 windows x86 arch:x86

  d0ed5095b24ea016272250ccea1f9314

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  winmm

  midiStreamOut

  midiOutPrepareHeader

  waveOutWrite

  waveOutPause

  waveOutReset

  waveOutClose

  waveOutGetNumDevs

  waveOutOpen

  midiOutUnprepareHeader

  midiStreamOpen

  midiStreamProperty

  midiStreamStop

  midiOutReset

  midiStreamClose

  midiStreamRestart

  waveOutUnprepareHeader

  waveOutRestart

  waveOutPrepareHeader

  ws2_32

  WSACleanup

  inet_ntoa

  closesocket

  getpeername

  accept

  ntohl

  WSAAsyncSelect

  recvfrom

  ioctlsocket

  recv

  kernel32

  GetVersion

  CreateMutexA

  ReleaseMutex

  SuspendThread

  GetACP

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  HeapSize

  GetTimeZoneInformation

  RaiseException

  GetLocalTime

  GetSystemTime

  RtlUnwind

  GetStartupInfoA

  GetOEMCP

  GetCPInfo

  GetProcessVersion

  SetErrorMode

  GlobalFlags

  GetCurrentThread

  GetFileTime

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  TlsFree

  GlobalHandle

  TlsAlloc

  LocalAlloc

  lstrcmpA

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcmpiA

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  DuplicateHandle

  lstrcpynA

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  LocalFree

  InterlockedDecrement

  InterlockedIncrement

  SetLastError

  GetSystemDirectoryA

  GetWindowsDirectoryA

  OpenProcess

  TerminateProcess

  GetCurrentProcess

  GetFileSize

  SetFilePointer

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  TerminateThread

  CreateSemaphoreA

  ResumeThread

  ReleaseSemaphore

  EnterCriticalSection

  LeaveCriticalSection

  GetProfileStringA

  WriteFile

  WaitForMultipleObjects

  CreateFileA

  SetEvent

  FindResourceA

  LoadResource

  LockResource

  ReadFile

  GetModuleFileNameA

  WideCharToMultiByte

  MultiByteToWideChar

  GetCurrentThreadId

  ExitProcess

  GlobalSize

  GlobalFree

  DeleteCriticalSection

  InterlockedExchange

  InitializeCriticalSection

  lstrcatA

  lstrlenA

  WinExec

  lstrcpyA

  FindNextFileA

  GlobalReAlloc

  HeapFree

  HeapReAlloc

  GetProcessHeap

  HeapAlloc

  GetFullPathNameA

  FreeLibrary

  LoadLibraryA

  GetLastError

  GetVersionExA

  WritePrivateProfileStringA

  GetPrivateProfileStringA

  CreateThread

  CreateEventA

  Sleep

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GetTempPathA

  FindFirstFileA

  FindClose

  SetFileAttributesA

  GetFileAttributesA

  DeleteFileA

  SetCurrentDirectoryA

  GetVolumeInformationA

  GetModuleHandleA

  GetProcAddress

  MulDiv

  GetCommandLineA

  GetTickCount

  WaitForSingleObject

  CloseHandle

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  SetHandleCount

  GetStdHandle

  GetFileType

  GetEnvironmentVariableA

  HeapDestroy

  HeapCreate

  VirtualFree

  SetEnvironmentVariableA

  LCMapStringA

  LCMapStringW

  VirtualAlloc

  IsBadWritePtr

  SetUnhandledExceptionFilter

  GetStringTypeA

  GetStringTypeW

  CompareStringA

  CompareStringW

  IsBadReadPtr

  IsBadCodePtr

  SetStdHandle

  VirtualQuery

  GetSystemTimeAsFileTime

  GetModuleHandleA

  CreateEventA

  GetModuleFileNameW

  LoadLibraryA

  TerminateProcess

  GetCurrentProcess

  CreateToolhelp32Snapshot

  Thread32First

  GetCurrentProcessId

  GetCurrentThreadId

  OpenThread

  Thread32Next

  CloseHandle

  SuspendThread

  ResumeThread

  WriteProcessMemory

  GetSystemInfo

  VirtualAlloc

  VirtualProtect

  VirtualFree

  GetProcessAffinityMask

  SetProcessAffinityMask

  GetCurrentThread

  SetThreadAffinityMask

  Sleep

  FreeLibrary

  GetTickCount

  GlobalFree

  GetProcAddress

  LocalAlloc

  LocalFree

  ExitProcess

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSection

  DeleteCriticalSection

  GetModuleHandleW

  LoadResource

  MultiByteToWideChar

  FindResourceExW

  FindResourceExA

  WideCharToMultiByte

  GetThreadLocale

  GetUserDefaultLCID

  GetSystemDefaultLCID

  EnumResourceNamesA

  EnumResourceNamesW

  EnumResourceLanguagesA

  EnumResourceLanguagesW

  EnumResourceTypesA

  EnumResourceTypesW

  CreateFileW

  LoadLibraryW

  GetLastError

  FlushFileBuffers

  CreateFileA

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetCommandLineA

  RaiseException

  RtlUnwind

  HeapFree

  GetCPInfo

  InterlockedIncrement

  InterlockedDecrement

  GetACP

  GetOEMCP

  IsValidCodePage

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  SetLastError

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  HeapAlloc

  LCMapStringA

  LCMapStringW

  SetHandleCount

  GetStdHandle

  GetFileType

  GetStartupInfoA

  GetModuleFileNameA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  HeapReAlloc

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  HeapSize

  WriteFile

  SetFilePointer

  GetConsoleCP

  GetConsoleMode

  InitializeCriticalSectionAndSpinCount

  SetStdHandle

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetClassInfoA

  IsZoomed

  DefWindowProcA

  GetSystemMenu

  GetSysColorBrush

  LoadStringA

  ShowWindow

  SystemParametersInfoA

  LoadImageA

  EnumDisplaySettingsA

  ClientToScreen

  EnableMenuItem

  GetSubMenu

  GetDlgCtrlID

  CreateAcceleratorTableA

  CreateMenu

  ModifyMenuA

  AppendMenuA

  CreatePopupMenu

  DrawIconEx

  CreateIconFromResource

  CreateIconFromResourceEx

  RegisterClipboardFormatA

  SetRectEmpty

  DispatchMessageA

  GetMessageA

  WindowFromPoint

  DrawFocusRect

  DeleteMenu

  GetMenu

  SetMenu

  PeekMessageA

  IsIconic

  SetFocus

  GetActiveWindow

  DrawEdge

  DestroyAcceleratorTable

  SetWindowRgn

  GetMessagePos

  ScreenToClient

  ChildWindowFromPointEx

  CopyRect

  LoadBitmapA

  WinHelpA

  KillTimer

  SetTimer

  ReleaseCapture

  GetCapture

  SetCapture

  GetScrollRange

  SetScrollRange

  SetScrollPos

  GetMenuCheckMarkDimensions

  GetMenuState

  SetMenuItemBitmaps

  PostQuitMessage

  MoveWindow

  SetRect

  InflateRect

  IntersectRect

  DestroyIcon

  PtInRect

  OffsetRect

  IsWindowVisible

  EnableWindow

  RedrawWindow

  GetWindowLongA

  SetWindowLongA

  GetSysColor

  SetActiveWindow

  SetCursorPos

  LoadCursorA

  SetCursor

  GetDC

  FillRect

  IsRectEmpty

  ReleaseDC

  IsChild

  DestroyMenu

  SetForegroundWindow

  GetWindowRect

  EqualRect

  UpdateWindow

  ValidateRect

  InvalidateRect

  GetClientRect

  GetFocus

  GetParent

  GetTopWindow

  PostMessageA

  IsWindow

  SetParent

  DestroyCursor

  SendMessageA

  SetWindowPos

  MessageBoxA

  GetCursorPos

  GetSystemMetrics

  EmptyClipboard

  SetClipboardData

  OpenClipboard

  GetClipboardData

  CloseClipboard

  wsprintfA

  DrawFrameControl

  TranslateMessage

  GetDesktopWindow

  GetClassNameA

  GetWindowThreadProcessId

  FindWindowA

  GetDlgItem

  GetWindowTextA

  GetForegroundWindow

  CallWindowProcA

  CreateWindowExA

  RegisterHotKey

  UnregisterHotKey

  CopyAcceleratorTableA

  GetKeyState

  TranslateAcceleratorA

  CheckMenuItem

  IsWindowEnabled

  GetWindow

  UnregisterClassA

  LoadIconA

  GetWindowTextLengthA

  CharUpperA

  GetWindowDC

  BeginPaint

  EndPaint

  TabbedTextOutA

  DrawTextA

  GrayStringA

  DestroyWindow

  CreateDialogIndirectParamA

  EndDialog

  GetNextDlgTabItem

  GetWindowPlacement

  RegisterWindowMessageA

  GetLastActivePopup

  GetMessageTime

  RemovePropA

  GetPropA

  UnhookWindowsHookEx

  SetPropA

  GetClassLongA

  CallNextHookEx

  SetWindowsHookExA

  GetMenuItemID

  GetMenuItemCount

  RegisterClassA

  GetScrollPos

  AdjustWindowRectEx

  MapWindowPoints

  SendDlgItemMessageA

  ScrollWindowEx

  IsDialogMessageA

  SetWindowTextA

  GetUserObjectInformationW

  CharUpperBuffW

  MessageBoxW

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  LineTo

  MoveToEx

  ExcludeClipRect

  GetClipBox

  ScaleWindowExtEx

  CreateBitmap

  SelectObject

  GetObjectA

  CreatePen

  PatBlt

  CombineRgn

  CreateRectRgn

  FillRgn

  CreateSolidBrush

  GetStockObject

  CreateFontIndirectA

  EndPage

  EndDoc

  DeleteDC

  StartDocA

  StartPage

  BitBlt

  CreateCompatibleDC

  Rectangle

  LPtoDP

  DPtoLP

  GetCurrentObject

  RoundRect

  GetTextExtentPoint32A

  GetDeviceCaps

  CreateRectRgnIndirect

  SetBkColor

  CreateFontA

  TranslateCharsetInfo

  SetWindowExtEx

  SetWindowOrgEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SetMapMode

  SetTextColor

  SetROP2

  SetPolyFillMode

  SetBkMode

  ExtSelectClipRgn

  GetViewportExtEx

  PtVisible

  RectVisible

  TextOutA

  ExtTextOutA

  Escape

  GetTextMetricsA

  CreateDCA

  CreateCompatibleBitmap

  GetPolyFillMode

  GetStretchBltMode

  GetROP2

  GetBkColor

  GetBkMode

  RestoreDC

  SaveDC

  GetTextColor

  CreateRoundRectRgn

  CreateEllipticRgn

  PathToRegion

  EndPath

  BeginPath

  GetWindowOrgEx

  GetViewportOrgEx

  GetWindowExtEx

  GetDIBits

  RealizePalette

  SelectPalette

  StretchBlt

  CreatePalette

  GetSystemPaletteEntries

  CreateDIBitmap

  SelectClipRgn

  CreatePolygonRgn

  GetClipRgn

  SetStretchBltMode

  Ellipse

  DeleteObject

  winspool.drv

  OpenPrinterA

  DocumentPropertiesA

  ClosePrinter

  advapi32

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueA

  RegCreateKeyExA

  RegCloseKey

  shell32

  DragAcceptFiles

  DragQueryFileA

  ShellExecuteA

  Shell_NotifyIconA

  SHGetSpecialFolderPathA

  DragFinish

  ole32

  CLSIDFromString

  OleUninitialize

  OleInitialize

  oleaut32

  LoadTypeLi

  RegisterTypeLi

  UnRegisterTypeLi

  comctl32

  ImageList_Add

  ImageList_BeginDrag

  ImageList_Create

  ImageList_Destroy

  ImageList_DragEnter

  ImageList_DragLeave

  ImageList_DragMove

  ImageList_DragShowNolock

  ImageList_EndDrag

  ord17

  comdlg32

  ChooseColorA

  GetFileTitleA

  GetSaveFileNameA

  GetOpenFileNameA

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  [Ew���~"A<'��&�\]e��w���A��s�E2�&��q;��Е1�� NEɘ �د`w!�[AL&�&��YRf5(4�澍�Ao��3E�I�<�����I����@�p����Ej�e ]���(��fd�{�_�
  U�֊E������Lp$�D05���0�ͮ�t�\�Ӣ�-�DGzs9iOPeQv$]\T������WEq5Q@�� ۷h �o=]�ގs�� ,u[Nh�+��gݱ��&�Axn~�b�F��Їx^�B�U���pV��l_��ex{?����άT��%��r��A_��-HC~������ ���.$x�A�N�ÍB�� չ\)�}���gZ�ks?���� ��\��<+���w�a �#�Y�IO��ڙ��4zGgtˆ�� ����=S�8=j����gI��p�J �U���ޒ��ԩ� "�"�?:���]�~��:��I�4 \[�|
  ���.�<�;i:9���W��+ԽO��)��y�ͮ"r~$Y�1if��
  ȯ;8���4H��(�1;��\�i��dCbf��,e�����t�R>][��h����ξy���l��. e��]����p���*\"'��sIR��pc�M0��f�P1�v]�9&�D���Y���_|�7�A�/HʬF���c���^��c���I�4��»�_���L���z|} ���y��X�H|��C҄ �"��W����<m���VCsKޝ�`� ��H>���� 펂�k�S?B��1�k��}MLhm(� ��Sߧ�,� ���dX/w�kp:��%G)Ȏ�X%���@��p���v�`7����&���
  "������uc���*�QC5th�?A�0�S@{�P�O����"�1c��T��qу�cn4�i�<�ޔ.��0�. ��w5<o�)k�V�d�ō�`{�%�r�ۊT ���+D:���B����r��mp��廧�*_�E�ࢡ��)\Ëo"zbgmއ��8�c0b��y2�h���a��qT��\V{Ju�/?��H��bwy%� �_����8������^ɪ�9j@f�,����)�)I��s�e�s�cd=���C�+��&8�f���ˊb?��� ��r�T��o@(��Jx�����׎��9uG���2�im�n� ���V� �H�0�Gc�4g��"G��\�w���u���h�eX�F�3�t{�'��]�V;����Ѥ���c�X�Ү/'
  �,�RB�����4 �B���*wI2�,��a�<������KgM� _�������=�p�6!�G�����p{|BJP��ED��o�l�E<� �߷��P��,b<��G8e:�_޵>�LeB���'�Fy.2΢|/V�ٗ=�X"t��v���q3�w�z�]�a�UA�L�� 4!�.�k��,�?��ſ�jl��Z|�uH���{����yC��bk2��A+�7�h���/]�O��<��t��>�D
  �U��$T1��r>ݝ��.�F�����aM8!q����݇�5PU��k�H��7��e�Iym��FnI��>;�p>�Gw����E����NM �9Mw�Z��E<@��7���
  g@�V�W��������E��=�̎� o��Xݎ�sG∺[7�cTo;Y��VV2:�@��j����e1�.���t��#:�eT�S�a��*=G�z>1���X���,��IS������Æ,Lbz��>������b��!e��5�TJ�_���|V�`��ˣ. s�o Χ��)�@�����}@�Q#������������9� j\~IbT�+��i�����{h�Mr��o��NT���m���gh_�]�����T�b�8��P��oeQ��;}�v����<D����� �E��gX��#��y%�М�DЃ?+g]��h@�?� [��=��U�����0�z�����]�ɞ��Zٰxle i����8G��o��J� IrP���I�x�/uK��/� M��Ã-w�����v/�b�0�79*����4������C�{ͷ7����za.�`����J;��t$Da�Ȯ��}���ڔ��B�Q?��z�j W����ڀ��V�R��Q,�Z%"���/bҼD�b��c��t��z��x����1�-"%g �ŕ:�떓N�y�
  �P���g�\��ӡ��a�sZ��W�M��eu���H[����f��^W��nd���X�؋}B2�o#�$a�@�%衔-r��VN�{��j,�#�A�K��kb�̾BE���!�#�Q�&���;���|�c�ݛ8�*|�v�4���> �����<�M�qw;�T�dHcbL���#Æ��&������9L�Iz�
  %��Qb���U<x;�]� ��i4���;�#��:��� �&|� <G �����L� �Uش��|i��MTec.Hl��lG�Mچ�n�� ��l g��]B5Q��4�J�\�4p�VL(o�Ơ�Zod7�?��%U_<�B���H��$���8���|���VC�t�Y���И?����s�z8�z�+������|˻2(x��%��5_S ����k[��ɸ8�����G��� l��T��<�a;��cx�Ѐ�6��x�nհY$u68�̥�щ5Аq%�[��*&IˣH)��2�MzKΞ�B�Z�ã��[�`����U��a ؙ�]�{U��~�� �d�s�^��~���5���I1�1B�� g�ǽ-�F�7t�g~ϲ�%H:����#U"��>d�����Y�ao�헞�@���?�K��2ݾd��m�4�
  ����,��_��Á�}���~W�Gi�\�p��N��3��E9���X6�%AB�ꘃE*�6j�J!/}�F0�]���.y5�?Q� ��=}�K#e��'���H�x�1�[�u��� R���=�F$� Ax�
  �5��V������F<V��ـP��Q40���!i�x�Kݱ#�����%���|1} MVJ�)� C����u�(�����Jg}�cǼ�钞 k�sm �|v�|�6F_�Fq�H ��$˭% ܚ�hK�*��˷�(��໰���eș����-�>��(
  ���c 7L��w44�vr`�L�����'�5����

  Sections

  .text

  Size: 1.0MB - Virtual size: 1.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 10.5MB - Virtual size: 10.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 128KB - Virtual size: 408KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: 2.2MB - Virtual size: 2.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ