General

Malware Config

Signatures

Files

• response.bin

  .zip

  Password: infected

• Injector.bin

  .exe windows:4 windows x86 arch:x86

  Password: infected

  aa69aa26982c04df6d44383c5ed7f778

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  CreateSemaphoreW

  CreateThread

  DeleteCriticalSection

  EnterCriticalSection

  FreeConsole

  FreeLibrary

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetModuleHandleA

  GetModuleHandleW

  GetProcAddress

  GetStartupInfoA

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  IsDBCSLeadByteEx

  LeaveCriticalSection

  LoadLibraryA

  MultiByteToWideChar

  QueryPerformanceCounter

  ReleaseSemaphore

  SetLastError

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  msvcrt

  ___mb_cur_max_func

  __doserrno

  __getmainargs

  __initenv

  __lconv_init

  __p__acmdln

  __p__fmode

  __pioinfo

  __set_app_type

  __setusermatherr

  _amsg_exit

  _cexit

  _errno

  _fdopen

  _filelengthi64

  _fileno

  _fileno

  _fstat64

  _initterm

  _iob

  _lseeki64

  _onexit

  _read

  _strnicmp

  _write

  _write

  abort

  atoi

  calloc

  exit

  fclose

  fflush

  fgetpos

  fopen

  fprintf

  fputc

  fputs

  fread

  free

  fsetpos

  fwrite

  getc

  getwc

  isspace

  iswctype

  localeconv

  malloc

  memchr

  memcmp

  memcpy

  memmove

  memset

  putc

  putwc

  realloc

  setlocale

  setvbuf

  signal

  sprintf

  strchr

  strcmp

  strcoll

  strerror

  strftime

  strlen

  strncmp

  strtoul

  strxfrm

  towlower

  towupper

  ungetc

  ungetwc

  vfprintf

  wcscoll

  wcsftime

  wcslen

  wcsxfrm

  user32

  EnableWindow

  Sections

  .text

  Size: 838KB - Virtual size: 838KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 113KB - Virtual size: 112KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 90KB - Virtual size: 90KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  /4

  Size: 248KB - Virtual size: 247KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 52B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  /14

  Size: 512B - Virtual size: 272B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /29

  Size: 161KB - Virtual size: 160KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /41

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /55

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /67

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /80

  Size: 1024B - Virtual size: 580B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /91

  Size: 45KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /102

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ