General

Malware Config

Signatures

Files

• 3d9fb88bcef5eab71412d7dd1310f00362f982d801267692b28dc34ca45983c6.exe

  .exe windows:6 windows x64 arch:x64

  9e51c59a766829f3422610c9871477e8

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  FormatMessageA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetModuleHandleW

  GetSystemTimeAsFileTime

  GetThreadLocale

  InitializeSListHead

  IsDebuggerPresent

  IsProcessorFeaturePresent

  LoadLibraryA

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  SetUnhandledExceptionFilter

  TerminateProcess

  UnhandledExceptionFilter

  VirtualProtect

  gdi32

  EnumFontFamiliesExW

  user32

  GetDC

  vcruntime140

  _CxxThrowException

  __C_specific_handler

  __current_exception

  __current_exception_context

  __std_exception_copy

  __std_exception_destroy

  memcpy

  memset

  api-ms-win-crt-stdio-l1-1-0

  __acrt_iob_func

  __p__commode

  __stdio_common_vfprintf

  __stdio_common_vsprintf

  __stdio_common_vsscanf

  _set_fmode

  api-ms-win-crt-runtime-l1-1-0

  __p___argc

  __p___argv

  _c_exit

  _cexit

  _configure_narrow_argv

  _crt_atexit

  _errno

  _exit

  _get_initial_narrow_environment

  _initialize_narrow_environment

  _initialize_onexit_table

  _initterm

  _initterm_e

  _invalid_parameter_noinfo_noreturn

  _register_onexit_function

  _register_thread_local_exe_atexit_callback

  _seh_filter_exe

  _set_app_type

  exit

  terminate

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  _set_new_mode

  calloc

  free

  malloc

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-string-l1-1-0

  strlen

  strncpy

  api-ms-win-crt-environment-l1-1-0

  getenv

  Sections

  .text

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .retplne

  Size: 512B - Virtual size: 140B

  _RDATA

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 424B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 948B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ