d494f15a2b1734fec05c1b7ed7630a101d7ea3f08cac7db5e5b0ab603b0c313a

Sharing

Copy URL Twitter E-mail

General

Target

d494f15a2b1734fec05c1b7ed7630a101d7ea3f08cac7db5e5b0ab603b0c313a
Size

1.4MB
MD5

9107ecd9a68d607330ddffcb78f42196
SHA1

74c53eea2aa9604f04a0bcfa3d72df758899a803
SHA256

d494f15a2b1734fec05c1b7ed7630a101d7ea3f08cac7db5e5b0ab603b0c313a
SHA512

6e5b293cd1e1abaea0d83d2d18fd9c31ba239e8cc71c73b9496ee6c86fe24aa173da0c0aea0c6b90e25aa234d3d73b35ecfa8563022871dbb63bb491b3ab2790
SSDEEP

24576:EvoCtZ9EPmaLgVTfrSRHqtGV16GafzODJOwQU2aAlzzEUDlcVGRKvS51qd:EgCtXEul5jwHqtAz2ULAtzEUHRKKHqd

Score

N/A

Malware Config

Signatures

Files

d494f15a2b1734fec05c1b7ed7630a101d7ea3f08cac7db5e5b0ab603b0c313a
.zip
CPFilters.dll
.dll regsvr32 windows x86

e463b3d0acd374d171cd8f84137ee160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcschr
wcspbrk
_wtol
memmove
srand
swprintf_s
swscanf_s
iswxdigit
wcstoul
strncpy_s
_endthread
_beginthreadex
_ftol2_sse
_ftol2
tolower
_XcptFilter
_initterm
_amsg_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
realloc
_except_handler4_common
wcsncmp
_wcsicmp
sscanf_s
isupper
strcat_s
strnlen
wcsncpy_s
wcscat_s
_time32
rand
time
??0exception@@QAE@XZ
memcpy
free
_callnewh
malloc
wcscpy_s
memset
_vsnwprintf
_purecall
__CxxFrameHandler3
memmove_s
_wcsnicmp
_onexit
wcsstr
swscanf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memcpy_s
wcsnlen

mcewmdrmndbootstrap

ShutdownMCENDBootstrap
CreateMCENDBootstrap
StartupMCENDBootstrap

wmdrmsdk

WMDRMCreateProvider

advapi32

CryptReleaseContext
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegOpenKeyExW
RegCreateKeyW
RegSetValueW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
CryptGenRandom
CryptAcquireContextA
TraceMessage

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW

kernel32

InitializeCriticalSectionAndSpinCount
GetSystemTime
LocalAlloc
LoadLibraryExA
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
VirtualProtect
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
InterlockedCompareExchange
GetModuleFileNameW
CreateFileW
DebugBreak
GlobalAlloc
GlobalFree
GetGeoInfoA
CompareStringW
GlobalLock
GetModuleHandleA
RaiseException
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetEnvironmentStrings
OutputDebugStringA
WaitForSingleObject
WaitForMultipleObjects
FreeLibrary
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodeSystemPointer
EncodeSystemPointer
ExpandEnvironmentStringsW
GetCurrentProcessId
Sleep
OutputDebugStringW
GetVersionExW
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
InterlockedIncrement
CloseHandle
CreateEventW
SetEvent
ResetEvent
GetSystemInfo
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
InterlockedExchange
GetModuleHandleW
SetThreadPriority
GetCurrentThread
GetTickCount
CreateThread
lstrcmpiW
GetSystemTimeAsFileTime
CompareFileTime
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
ResumeThread
LocalFree
GetSystemFirmwareTable
GetTickCount64
GetModuleHandleExW
GlobalUnlock

ole32

PropVariantCopy
CoCreateInstance
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
PropVariantClear
CoInitializeEx
CoFileTimeNow
CoCreateGuid

oleaut32

SysStringByteLen
SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantInit
VariantClear
SysFreeString
VariantCopy

slc

SLGetWindowsInformationDWORD

winmm

timeGetTime

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext

mfplat

MFCreateCollection

ws2_32

ntohl
htonl
ntohs

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UpdatePlayready
UpdateWMDRM

Sections

.text
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EncDec.dll
.dll regsvr32 windows x86

870169933cab4a3202f96930b96b0681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler4_common
_onexit
_lock
__dllonexit
wcschr
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
wcsncat_s
wcscpy_s
??0exception@@QAE@XZ
tolower
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcspbrk
_CIsqrt
_ftol2_sse
_CIpow
_wtol
memmove
wcsncmp
wcsstr
swscanf
realloc
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memcpy_s
memmove_s
time
_ftol2
_wcsicmp
memset
memcpy
_vsnwprintf
free
_callnewh
malloc
_purecall
??1exception@@UAE@XZ
_wcsnicmp
_unlock
__CxxFrameHandler3

wmdrmsdk

_WMDRMCreateProvider

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoFileTimeNow
CoInitializeEx
StringFromCLSID
PropVariantClear

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysStringByteLen
VariantCopy
VariantChangeType
SysAllocString

ws2_32

ntohs
htonl
ntohl

winmm

timeGetTime

slc

SLGetWindowsInformationDWORD

kernel32

RaiseException
LocalAlloc
DebugBreak
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CompareStringW
GetVersionExA
VirtualProtect
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SetLastError
GetFileSize
WriteFile
SetFilePointer
ReadFile
GetModuleHandleA
LoadLibraryA
LoadLibraryExA
GetVersion
GetProcessHeap
HeapAlloc
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetVersionExW
WaitForSingleObject
WaitForMultipleObjects
FreeLibrary
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
SetEvent
ResetEvent
ReleaseSemaphore
GetSystemInfo
VirtualFree
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreW
VirtualAlloc
InterlockedExchange
GetModuleHandleW
SetThreadPriority
GetCurrentThread
GetTickCount
CreateThread
LocalFree
CompareFileTime
GetGeoInfoA
GetModuleHandleExW
CreateFileW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetCurrentProcessId
Sleep
GetSystemFirmwareTable
InterlockedCompareExchange
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
HeapFree
DeviceIoControl

user32

MoveWindow
InvalidateRect
SetWindowLongW
GetWindowLongW
GetDesktopWindow
GetWindowRect
LoadStringW
CreateDialogParamW
DestroyWindow
DefWindowProcW
ShowWindow
SetTimer
KillTimer

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATCatalogInfoFromContext

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetNameStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost.exe
.exe windows x86

b30081fefb0f0d119756211e2f0695f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteDC
GetDIBits
BitBlt
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBitmap
PatBlt
InvertRgn
CombineRgn
CreateRectRgn
StretchDIBits
SelectPalette
CreateCompatibleBitmap
GdiFullscreenControl
GdiFlush
PolyPatBlt
GetStockObject
SetBkColor
SetTextColor
SetDCBrushColor
GetNearestColor
DeleteObject
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreateDCW
GetTextFaceW
SetFontEnumeration
GetDeviceCaps
GetRegionData
GetRgnBox
PolyTextOutW
GetCurrentObject
SetBkMode
RealizePalette
SetSystemPaletteUse
GetStringBitmapW
CreateSolidBrush
TranslateCharsetInfo
GetCharWidth32W
CreateBitmap
SetBitmapBits
GetBitmapBits
StretchBlt
CreateFontIndirectW
SetDIBitsToDevice

user32

SetProcessDPIAware
GetForegroundWindow
WindowFromPoint
SetCursor
SendMessageTimeoutW
TrackPopupMenuEx
UnpackDDElParam
CreateIconFromResourceEx
ReuseDDElParam
CreateWindowExW
GetDC
GetSystemMenu
SetActiveWindow
LoadCursorW
KillTimer
ReleaseDC
DestroyWindow
GetKeyboardLayout
SetTimer
ScrollDC
SetScrollInfo
GetWindowRect
MapWindowPoints
MonitorFromRect
GetClientRect
GetMonitorInfoW
ClientToScreen
AdjustWindowRectEx
GetCaretBlinkTime
GetWindowTextW
SetWindowTextW
NotifyWinEvent
MapVirtualKeyW
VkKeyScanW
CloseClipboard
InvalidateRect
GetClipboardData
OpenClipboard
ReleaseCapture
RegisterClassExW
LoadIconW
LoadImageW
EnumDisplaySettingsW
BeginPaint
DrawIcon
EndPaint
DefWindowProcW
SetWindowPos
EnableMenuItem
LoadMenuW
AppendMenuW
SetMenuItemInfoW
ShowWindow
MessageBoxW
GetKeyboardState
ToUnicodeEx
GetMessageW
DispatchMessageW
UnhookWindowsHookEx
RegisterWindowMessageW
SetWindowsHookExW
SetCapture
SetClipboardData
EmptyClipboard
GetKeyState
PrivateExtractIconExW
EnterReaderModeHelper
TranslateMessageEx
ConsoleControl
GetWindowLongW
GetWindowPlacement
SetWindowPlacement
SystemParametersInfoW
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
CopyIcon
DestroyIcon
DialogBoxParamW
EndDialog
GetDlgItemTextW
IsDlgButtonChecked
SendNotifyMessageW
SetWindowLongW
SendDlgItemMessageW
CheckRadioButton
PtInRect
ScreenToClient
GetSystemMetrics
SendMessageW
PostMessageW
LoadStringW
GetCursorPos
IsIconic

msvcrt

malloc
free
__set_app_type
_controlfp
_except_handler4_common
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memcpy
_local_unwind4
_vsnwprintf
wcschr
wcsncmp
wcsrchr
memset
atoi
_itoa
memmove
?terminate@@YAXXZ

ntdll

RtlPrefixUnicodeString
RtlIntegerToUnicodeString
RtlUnicodeToMultiByteSize
RtlInitializeCriticalSectionAndSpinCount
RtlConsoleMultiByteToUnicodeN
RtlDosSearchPath_U
ShipAssert
RtlExitUserProcess
NtReplyWaitReceivePort
NtCreatePort
RtlOpenCurrentUser
NtEnumerateValueKey
NtQueryValueKey
RtlCreateTagHeap
NtOpenKey
NtAcceptConnectPort
NtWaitForMultipleObjects
NtSetInformationProcess
RtlReAllocateHeap
RtlInitCodePageTable
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlCustomCPToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToOemN
RtlExitUserThread
RtlInitUnicodeString
RtlUnicodeStringToInteger
NtSetEvent
NtCreateEvent
NtDuplicateObject
NtClearEvent
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtOpenProcess
NtQueryInformationProcess
NtVdmControl
NtReleaseMutant
NtWaitForSingleObject
NtCreateMutant
NtUnmapViewOfSection
NtReadVirtualMemory
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtReplyPort
RtlCompareUnicodeString
RtlSizeHeap
DbgPrintEx
RtlAllocateHeap
NtCreateSection
RtlFreeHeap
NtMapViewOfSection
NtClose
RtlGetCriticalSectionRecursionCount

api-ms-win-core-localregistry-l1-1-0

RegGetValueW

kernel32

CreateFileA
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
GetStringTypeW
GetSystemDirectoryA
GetModuleHandleW
GetACP
CreateThread
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrlenA
LockResource
InterlockedIncrement
InterlockedDecrement
GetVersionExW
VirtualProtect
LoadResource
VirtualAlloc
GetSystemInfo
VirtualQuery
LocalAlloc
LocalFree
LocalReAlloc
FindResourceExW
IsValidCodePage
GetCurrentProcessId
GetCurrentThreadId
GetLastError
CreateActCtxW
GetModuleFileNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
CloseHandle
SetFilePointer
ReadFile
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
CreateFileW
GetCommandLineW
SetProcessShutdownParameters
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
GetCPInfo
lstrlenW
Beep
GetCurrentThread
GetOEMCP
GlobalAlloc

imm32

ImmGetCompositionStringW
ImmGetGuideLineW
ImmGetContext
ImmGetOpenStatus
ImmGetConversionStatus
ImmReleaseContext
ImmAssociateContextEx
ImmAssociateContext
ImmTranslateMessage
ImmNotifyIME
ImmGetProperty
ImmGetCandidateListW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
SysAllocString
SysReAllocString
VariantClear

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FE_TEXT
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3d10_1.dll
.dll windows x86

09f234c97d832cd4b9afa887485b1401

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d10_1core

D3D10CoreRegisterLayers
D3D10CoreCreateDevice1
D3D10CoreGetVersion

msvcrt

_amsg_exit
_initterm
_XcptFilter
isspace
strchr
strstr
isdigit
atoi
tolower
malloc
free
_CIsqrt
_CIsin
_CIpow
_unlock
floor
_CIcos
ceil
_CIatan2
_CIatan
_CIasin
_CIacos
_ftol2_sse
_purecall
_stricmp
_ftol2
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
_vsnprintf
__dllonexit
_lock
_except_handler4_common
_CIlog
_onexit

kernel32

GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateFileA
GetFileSize
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetLastError
DisableThreadLibraryCalls
OutputDebugStringA
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

dxgi

CreateDXGIFactory

ntdll

WinSqmIsOptedIn
WinSqmAddToStreamEx

Exports

Exports

D3D10CompileEffectFromMemory
D3D10CompileShader
D3D10CreateBlob
D3D10CreateDevice1
D3D10CreateDeviceAndSwapChain1
D3D10CreateEffectFromMemory
D3D10CreateEffectPoolFromMemory
D3D10CreateStateBlock
D3D10DisassembleEffect
D3D10DisassembleShader
D3D10GetGeometryShaderProfile
D3D10GetInputAndOutputSignatureBlob
D3D10GetInputSignatureBlob
D3D10GetOutputSignatureBlob
D3D10GetPixelShaderProfile
D3D10GetShaderDebugInfo
D3D10GetVersion
D3D10GetVertexShaderProfile
D3D10PreprocessShader
D3D10ReflectShader
D3D10RegisterLayers
D3D10StateBlockMaskDifference
D3D10StateBlockMaskDisableAll
D3D10StateBlockMaskDisableCapture
D3D10StateBlockMaskEnableAll
D3D10StateBlockMaskEnableCapture
D3D10StateBlockMaskGetSetting
D3D10StateBlockMaskIntersect
D3D10StateBlockMaskUnion

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontsub.dll
.dll windows x86

66e74df74fb7e138e8c8ef84cc21ea66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
memset
memcpy
memmove
_initterm
realloc
free
malloc
_XcptFilter
qsort
bsearch

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

CreateFontPackage
MergeFontPackage

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ieuinit.inf
jscript.dll
.dll regsvr32 windows x86

f5c2ec3f2d0669defbf38fcfa1d3e83f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__pioinfo
__badioinfo
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
calloc
iswctype
memcpy
memset
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
_iob
__mb_cur_max
_errno
_isnan
sin
asin
exp
_read
acos
fmod
tan
_ftime
log
pow
cos
sqrt
atan2
bsearch
_ismbblead
_wasctime
_tzset
isdigit
localtime
_vsnwprintf
isalpha
_wcslwr
ceil
iswxdigit
wcsstr
towlower
atoi
wcscspn
_clearfp
_statusfp
strrchr
_ltow
_ultow
longjmp
strtoul
_control87
_mbsrchr
_mbsicmp
_wcsicmp
_purecall
_fileno
_lseeki64
_write
_wcsnicmp
??2@YAPAXI@Z
_wcsdup
realloc
wcsncmp
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memmove
wcschr
malloc
free
_isatty
atan
ungetc
floor
_CIfmod
_CIlog
_setjmp3

oleaut32

SysAllocStringByteLen
VariantChangeTypeEx
SafeArrayCopy
SafeArrayGetElement
CreateTypeLi
SafeArrayRedim
LoadTypeLibEx
GetActiveObject
LoadTypeLi
GetErrorInfo
SafeArrayCreate
SafeArrayDestroy
SysStringByteLen
VariantInit
VariantCopy
VariantCopyInd
SysAllocString
VariantClear
SysAllocStringLen
CreateTypeLib2
SysFreeString
LoadRegTypeLi
SysStringLen

kernel32

GetTimeFormatA
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetVersionExW
CreateFileW
CreateFileMappingW
CloseHandle
MapViewOfFile
LoadLibraryExW
FindResourceExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
OutputDebugStringA
Sleep
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
InterlockedCompareExchange
GetLastError
DelayLoadFailureHook
LCMapStringW
GetVersion
CompareStringA
GetNumberFormatW
SetLastError
LCMapStringA
CompareStringW
GetTimeFormatW
GetLocaleInfoW
GetDateFormatA
GetNumberFormatA
InterlockedIncrement
GetDateFormatW
MulDiv
GetSystemTime
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentVariableW
MultiByteToWideChar
GetComputerNameA
GetProcAddress
TlsSetValue
GetStringTypeW
WideCharToMultiByte
GetStringTypeA
TlsFree
TlsAlloc
FreeLibrary
GetVersionExA
LoadLibraryExA
LockResource
GetModuleFileNameW
SizeofResource
LoadResource
FreeResource
FindResourceA
IsValidCodePage
GetACP
IsValidLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSection
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
InterlockedDecrement

shlwapi

PathRemoveFileSpecW
PathCombineW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kerberos.dll
.dll windows x86

2a912e65b457a8bdf6a392ae3e3222e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_strnicmp
_strcmpi
strcat_s
qsort
_ultow
_wcsnicmp
strchr
wcscat_s
wcsncpy_s
wcsncat_s
_snprintf_s
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
memmove
strcpy_s
sscanf
sprintf_s
wcstol
wcstok
wcscpy_s
towlower
wcsrchr
_stricmp
wcschr
_snwprintf_s
swprintf_s
wcsncmp
_wcsicmp
memcpy
_vsnprintf_s
strrchr

ntdll

NtOpenProcess
RtlCopyLuid
RtlCompareUnicodeString
RtlFreeSid
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDeregisterWait
RtlRegisterWait
RtlInitializeGenericTableAvl
RtlEqualDomainName
RtlEnumerateGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlCopyUnicodeString
NtDuplicateToken
RtlInitializeSid
RtlSubAuthoritySid
RtlCopySid
RtlPrefixUnicodeString
VerSetConditionMask
RtlVerifyVersionInfo
RtlDowncaseUnicodeString
RtlSystemTimeToLocalTime
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
NtCreateEvent
NtOpenEvent
NtWaitForSingleObject
NtQuerySystemTime
RtlAllocateAndInitializeSid
RtlUpcaseUnicodeString
RtlEraseUnicodeString
RtlDuplicateUnicodeString
RtlRunDecodeUnicodeString
RtlIntegerToUnicodeString
NtSetInformationThread
RtlInitializeCriticalSection
NtQuerySystemInformation
WinSqmSetDWORD
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlCreateTimerQueue
RtlCreateTimer
RtlConvertSharedToExclusive
RtlDeleteTimerQueue
RtlCompareMemory
NtOpenProcessToken
RtlLengthSid
RtlEqualSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
RtlInitializeResource
RtlDeleteResource
EtwLogTraceEvent
RtlAcquireResourceExclusive
WinSqmSetIfMaxDWORD
WinSqmIncrementDWORD
NtQueryInformationToken
NtDuplicateObject
NtClose
NtSetEvent
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlDowncaseUnicodeChar
RtlConvertSidToUnicodeString
RtlAppendUnicodeStringToString
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlValidSid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlIntegerToChar
RtlDeleteTimerQueueEx
RtlUniform
RtlImageNtHeader
RtlDeleteCriticalSection
NtOpenThreadToken
RtlFreeUnicodeString
RtlAcquireResourceShared
RtlReleaseResource
NtAllocateLocallyUniqueId
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlLeaveCriticalSection
EtwTraceMessage

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
EqualSid
GetLengthSid
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation
IsTokenRestricted
CheckTokenMembership

cryptdll

MD5Init
MD5Update
MD5Final
CDGenerateRandomBits
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
CDLocateCSystem
CDLocateCheckSum
CDGetIntegrityVect

msasn1

ASN1Free
ASN1BERDecSXVal
ASN1BEREncSX
ASN1BERDecBool
ASN1BEREncBool
ASN1DecSetError
ASN1EncSetError
ASN1BERDecSkip
ASN1bitstring_free
ASN1BERDecBitString
ASN1DEREncBitString
ASN1objectidentifier_free
ASN1BERDecObjectIdentifier
ASN1BERDecOpenType2
ASN1BEREncObjectIdentifier
ASN1BEREncOpenType
ASN1charstring_free
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BERDecZeroCharString
ASN1DEREncCharString
ASN1octetstring_free
ASN1BERDecOctetString
ASN1DEREncOctetString
ASN1ztcharstring_free
ASN1intx2int32
ASN1intx2uint32
ASN1intxisuint32
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_FreeEncoded
ASN1_Encode
ASN1_Decode
ASN1_FreeDecoded
ASN1intx_free
ASN1intx_setuint32
ASN1_CreateModule
ASN1BEREncEndOfContents
ASN1BEREncS32
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BERDecS32Val
ASN1DecAlloc
ASN1BERDecPeekTag
ASN1BERDecNotEndOfContents
ASN1BERDecExplicitTag

kernel32

OutputDebugStringA
DebugBreak
DisableThreadLibraryCalls
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
LocalAlloc
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
LocalFree
CloseHandle
GetLastError
CreateEventW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
FormatMessageW
GetModuleHandleW
GetLocalTime
GetModuleFileNameA
GetProfileStringA
CreateFileA
MultiByteToWideChar
Sleep
GetComputerNameExW
lstrcmpW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
SetEvent
OpenEventW
UnregisterWaitEx
GetComputerNameW
GetACP
InterlockedExchangeAdd
DelayLoadFailureHook
LoadLibraryExA
GetVersion
VirtualQuery
VirtualProtect
lstrlenW
WriteFile
WaitForSingleObject
lstrcmpiA
lstrlenA
RegisterWaitForSingleObjectEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
SetCurrentDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetVersionExW
GetCurrentDirectoryW
MoveFileExW
UnregisterWait
DeleteCriticalSection
SetLastError
GetSystemDirectoryW
LoadLibraryW
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
CreateFileMappingW
VirtualAlloc
InitializeCriticalSection
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

Exports

Exports

DllMain
KerbCreateTokenFromTicket
KerbDomainChangeCallback
KerbIsInitialized
KerbKdcCallBack
KerbMakeKdcCall
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e463b3d0acd374d171cd8f84137ee160

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

mcewmdrmndbootstrap

wmdrmsdk

advapi32

crypt32

kernel32

ole32

oleaut32

slc

winmm

wintrust

mfplat

ws2_32

Exports

Exports

Sections

.text Size: 597KB - Virtual size: 597KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

870169933cab4a3202f96930b96b0681

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

wmdrmsdk

ole32

oleaut32

ws2_32

winmm

slc

kernel32

user32

advapi32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 470KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 18KB - Virtual size: 18KB

b30081fefb0f0d119756211e2f0695f4

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

kernel32

imm32

ole32

oleaut32

Sections

.text Size: 195KB - Virtual size: 195KB

FE_TEXT Size: 21KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 9KB

09f234c97d832cd4b9afa887485b1401

Headers

DLL Characteristics

File Characteristics

Imports

d3d10_1core

.text
Size: 597KB - Virtual size: 597KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 470KB - Virtual size: 470KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 195KB - Virtual size: 195KB

FE_TEXT
Size: 21KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 130KB - Virtual size: 130KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 620KB - Virtual size: 620KB

.data
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 24KB - Virtual size: 24KB

.text
Size: 472KB - Virtual size: 471KB

.data
Size: 21KB - Virtual size: 25KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 24KB - Virtual size: 24KB