bec18398db1e590b69e5346daf6a1847d2a9fbc11e75c91e7e2a14d43c71bd58

Sharing

Copy URL Twitter E-mail

General

Target

bec18398db1e590b69e5346daf6a1847d2a9fbc11e75c91e7e2a14d43c71bd58
Size

5.2MB
MD5

9cedaccaa229334172d79a9a2a18802e
SHA1

9a1df8ba9746f42489509cd12da223267ac23837
SHA256

bec18398db1e590b69e5346daf6a1847d2a9fbc11e75c91e7e2a14d43c71bd58
SHA512

4420fc0d33ac4554c985b8d05b4aa5e94dcceb594a26f1a035fe71194bd13e6d3143243e1328faf40b34f25f1b9d3eadc79ab5df3c765e8908212a8b09b94546
SSDEEP

98304:75W0j2qR7PK+/xvrik0DTt1/pct+SGOawyYiYDTuicRqDHbDaxQ+o6p0H54ax:Ni+oTt1/ChGOarYigTuT2bD+zo6p0H5N

Score

N/A

Malware Config

Signatures

Files

bec18398db1e590b69e5346daf6a1847d2a9fbc11e75c91e7e2a14d43c71bd58
.zip
SIMpjgjb/01 SimSearch(ki)/MSCOMM32.OCX
.dll regsvr32 windows x86

981c4b05d92d1681a5f459ad4e52b1b8

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCommModemStatus
WriteFile
GetCommProperties
ResetEvent
GetOverlappedResult
IsBadWritePtr
MultiByteToWideChar
Sleep
ReadFile
SetCommState
GetCommState
ClearCommError
lstrcpynA
lstrlenA
CreateThread
WaitCommEvent
GlobalUnlock
GlobalLock
GlobalAlloc
ClearCommBreak
SetCommBreak
GetVersion
GetFileAttributesA
lstrcatA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
CompareStringA
CompareStringW
lstrcmpA
CreateEventA
CreateFileA
GetLastError
SetupComm
SetCommTimeouts
SetCommMask
WaitForSingleObject
DisableThreadLibraryCalls
GlobalFree
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
lstrcpyA
EscapeCommFunction
PurgeComm

user32

ShowWindow
SetWindowRgn
PtInRect
IsDialogMessageA
GetWindowLongA
IsWindowEnabled
IsChild
GetKeyState
OffsetRect
IntersectRect
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
DestroyWindow
GetSystemMetrics
GetDlgItemInt
GetDlgItemTextA
GetDlgItem
SendMessageA
SetDlgItemInt
SetDlgItemTextA
DialogBoxParamA
wsprintfA
CreateWindowExA
SetWindowLongA
DefWindowProcA
EqualRect
GetWindowRect
GetParent
ClientToScreen
MoveWindow
GetActiveWindow
GetWindow
GetClientRect
SetFocus
BeginPaint
IsWindowVisible
EndPaint
SetParent
CheckDlgButton
SetWindowPos
CharNextA
EndDialog
LoadIconA
DrawEdge
CreateDialogIndirectParamA
PostMessageA
WinHelpA
GetNextDlgTabItem
LoadStringA
UnregisterClassA
ReleaseDC
GetDC
IsDlgButtonChecked
MessageBoxA
RegisterClipboardFormatA

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

OleCreatePropertyFrame
VariantChangeType
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
GetErrorInfo
RegisterTypeLi
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
SafeArrayGetDim
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantClear
SysFreeString
VariantInit
SysAllocString
CreateErrorInfo

gdi32

DeleteDC
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetMapMode
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIMpjgjb/01 SimSearch(ki)/SimSearchki.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/02 WoronScan(V1)/woron_scan.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 2.3MB - Virtual size: 4B

��
Size: - Virtual size:
SIMpjgjb/03 SimScan(V0)/sim_scan.cfg
SIMpjgjb/03 SimScan(V0)/sim_scan.exe
.exe windows x86

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
CreateThread
DeleteFileA
EscapeCommFunction
ExitProcess
ExitThread
GetCommState
GetCommTimeouts
GetExitCodeThread
GetFileSize
GetModuleHandleA
GetTickCount
GlobalAlloc
GlobalFree
ReadFile
SetCommState
SetCommTimeouts
SetFilePointer
CloseHandle

user32

LoadIconA
CreateDialogParamA
DestroyIcon
DestroyWindow
DialogBoxParamA
EndDialog
GetDlgItem
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
MessageBoxA
PostMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
ShowWindow
UpdateWindow

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/03 SimScan(V0)/sim_scan_v202.exe
.exe windows x86

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
CreateThread
DeleteFileA
EscapeCommFunction
ExitProcess
ExitThread
GetCommState
GetCommTimeouts
GetExitCodeThread
GetFileSize
GetModuleHandleA
GetTickCount
GlobalAlloc
GlobalFree
ReadFile
SetCommState
SetCommTimeouts
SetFilePointer
CloseHandle

user32

LoadIconA
CreateDialogParamA
DestroyIcon
DestroyWindow
DialogBoxParamA
EndDialog
GetDlgItem
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
MessageBoxA
PostMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
ShowWindow
UpdateWindow

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/03 SimScan(V0)/sim_scan_v202cs.exe
.exe windows x86

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
CreateThread
DeleteFileA
EscapeCommFunction
ExitProcess
ExitThread
GetCommState
GetCommTimeouts
GetExitCodeThread
GetFileSize
GetModuleHandleA
GetTickCount
GlobalAlloc
GlobalFree
ReadFile
SetCommState
SetCommTimeouts
SetFilePointer
CloseHandle

user32

LoadIconA
CreateDialogParamA
DestroyIcon
DestroyWindow
DialogBoxParamA
EndDialog
GetDlgItem
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
MessageBoxA
PostMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
ShowWindow
UpdateWindow

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/04 SimEmu(д)/SIM_EMU_6.01_CFG_v2.1.exe
.exe windows x86

ed4817bd12c7cb91fdcfb0ad265f5af2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerLanguageNameA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord17

kernel32

QueryPerformanceFrequency
CreateEventA
Sleep
InterlockedDecrement
MoveFileA
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
WriteFile
SizeofResource
FindResourceA
CreateProcessA
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalHandle
SetLastError
lstrlenW
InterlockedIncrement
GetPrivateProfileSectionA
WaitForSingleObject
GetSystemInfo
IsValidCodePage
FlushFileBuffers
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetPrivateProfileStringA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
WideCharToMultiByte
DeleteFileA
GetLastError
CreateThread
CopyFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetExitCodeThread
lstrcmpiA
SetErrorMode
GetPrivateProfileIntA
GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetTempFileNameA
lstrcmpA
lstrcpyA
SetCurrentDirectoryA
LoadResource
GetStdHandle
RaiseException
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
SetHandleCount
GetACP
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
SetStdHandle
HeapAlloc
HeapFree
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose
IsBadReadPtr
GetStringTypeA
GetStringTypeW
LCMapStringW
LCMapStringA
IsBadCodePtr
GetFileType

user32

MessageBoxA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
BeginPaint
GetWindowLongA
WaitForInputIdle
CharNextA
SendDlgItemMessageA
ExitWindowsEx
CharPrevA
LoadStringA
wvsprintfA
GetClassInfoA
UpdateWindow
SetCursor
GetDlgItemTextA
EnableWindow
GetParent
GetWindowTextLengthA
GetWindowTextA
MoveWindow
GetWindowPlacement
DrawIcon
GetDlgCtrlID
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageA
SendMessageA
GetWindowRect
GetSystemMetrics
FindWindowA
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogParamA
SetRect
DestroyIcon
CharLowerBuffA

gdi32

CreateDIBitmap
GetDeviceCaps
CreatePalette
SelectPalette
GetStockObject
DeleteObject
GetSystemPaletteEntries
BitBlt
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
RealizePalette

advapi32

FreeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
EqualSid
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

CreateItemMoniker
CoCreateGuid
StringFromCLSID
StgIsStorageFile
StgOpenStorage
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
GetRunningObjectTable

oleaut32

SysReAllocStringLen
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/Driver/Vista/DRemover98ME2KXP.exe
.exe windows x86

241051b2fc3892d6650e221209b6486c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller

shlwapi

SHDeleteKeyA

kernel32

GetFileAttributesA
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
RaiseException
HeapReAlloc
HeapSize
WriteFile
LCMapStringW
UnhandledExceptionFilter
SetFilePointer
FlushFileBuffers
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedIncrement
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcpyA
SetErrorMode
GetDiskFreeSpaceExA
GetCurrentProcess
GetVersionExA
SetFileAttributesA
DeleteFileA
Sleep
GetLastError
GetOEMCP
GetCPInfo
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
LocalFree
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
LCMapStringA

user32

AdjustWindowRectEx
SetFocus
CopyRect
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
LoadCursorA
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowRect
EndDialog
SetActiveWindow
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
GetCapture
GetMenuItemCount
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
ExitWindowsEx
wsprintfA
GetSystemMetrics
GetSubMenu
CreateDialogIndirectParamA
IsWindow
GetWindowPlacement
UnregisterClassA

gdi32

SetTextColor
GetClipBox
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetObjectA
SetBkColor
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
SaveDC

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA

comctl32

ord17

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SIMpjgjb/Driver/Vista/pl2303.cat
SIMpjgjb/Driver/Vista/ser2pl.inf
SIMpjgjb/Driver/Vista/ser2pl.sys
.exe windows x86

d1f3a060d7fd746d2702e4d3874d3c7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoWMIRegistrationControl
IoDeleteDevice
IoDetachDevice
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
MmUnlockPagableImageSection
DbgPrint
DbgBreakPoint
MmLockPagableDataSection
KeDelayExecutionThread
ZwOpenKey
ExAllocatePoolWithQuotaTag
MmLockPagableSectionByHandle
MmQuerySystemSize
KeWaitForSingleObject
KeQuerySystemTime
KeSetEvent
KeInsertQueueDpc
KeSetTimer
IofCallDriver
PoCallDriver
KeCancelTimer
RtlDeleteRegistryValue
memmove
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeRemoveQueueDpc
IoCreateSymbolicLink
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
wcslen
ZwClose
IoOpenDeviceRegistryKey
KeInitializeEvent
IoCreateDevice
RtlIntegerToUnicodeString
RtlInitUnicodeString
IoAttachDeviceToDeviceStack
IoGetConfigurationInformation
ZwQueryValueKey
PoSetPowerState
PoStartNextPowerIrp
KeClearEvent
PoRequestPowerIrp
IoBuildDeviceIoControlRequest
IoFreeIrp
IoAllocateIrp
_except_handler3
RtlQueryRegistryValues
ExFreePoolWithTag
RtlUnicodeStringToAnsiString
atol
RtlFreeUnicodeString
RtlFreeAnsiString
_allmul
MmUnmapIoSpace
RtlWriteRegistryValue
ExAllocatePoolWithTag
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IoDeleteSymbolicLink
IofCompleteRequest

hal

ExReleaseFastMutex
KfAcquireSpinLock
READ_PORT_UCHAR
ExAcquireFastMutex
KfReleaseSpinLock
KeGetCurrentIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequest
_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 751B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIMpjgjb/Driver/xp/USB-Driver.exe
.exe windows x86

5a9b89741dd0eb9be8754b41c4d30c55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SetFilePointer
GetFileSize
FindFirstFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
lstrcatA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
CloseHandle
IsBadCodePtr
IsBadReadPtr
SetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetCurrentProcess
GetOEMCP
GetACP
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetCPInfo
VirtualFree
HeapCreate
VirtualAlloc
GetVersion
GetCommandLineA
HeapDestroy
RtlUnwind

user32

GetParent
GetDlgItem
SetFocus
SendDlgItemMessageA
EnableWindow
CheckRadioButton
GetWindowLongA
LoadStringA
LoadImageA
MessageBoxA
CharNextA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetDC
GetWindow
PostMessageA
SetWindowTextA
wsprintfA
GetDesktopWindow
GetWindowTextA
DestroyWindow
CreateDialogParamA
FillRect
GetSysColor
GetSysColorBrush
EndPaint
BeginPaint
DrawTextA
MoveWindow
GetClientRect
ScreenToClient
GetNextDlgTabItem
SetParent
MapDialogRect
IsWindow
GetWindowRect
CreateDialogIndirectParamA
ShowWindow
InvalidateRect
IsWindowEnabled
SetWindowPos
UpdateWindow
IsDialogMessageA
SetWindowLongA
GetActiveWindow
SetActiveWindow
LoadIconA
PeekMessageA
SendMessageA
DispatchMessageA
TranslateMessage

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SIMpjgjb/WindowsMobile/STK_Service_4[1].47.cab
.cab
SIMpjgjb/WindowsMobile/WM5stkɫ.rar
.rar
SIMpjgjb/WindowsMobile/WM6stkɫ.rar
.rar
SIMpjgjb/other tools/dump_dat.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 1.3MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
SIMpjgjb/other tools/findki.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 1.0MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
SIMpjgjb/other tools/real_rand.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 68KB - Virtual size: 4B

��
Size: - Virtual size:
SIMpjgjb/other tools/write_ki2dat.exe
.exe windows x86

dd1c40601b712c35527a1cd353701a8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 319KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8
Size: 44KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

10
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SIMpjgjb/.url
.url
SIMpjgjb/.txt

Sharing

General

Malware Config

Signatures

Files

981c4b05d92d1681a5f459ad4e52b1b8

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 5KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 124KB - Virtual size: 124KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 2.3MB - Virtual size: 4B

���� Size: - Virtual size:

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 1024B - Virtual size: 990B

.data Size: 6KB - Virtual size: 224KB

.rsrc Size: 5KB - Virtual size: 4KB

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 1024B - Virtual size: 990B

.data Size: 6KB - Virtual size: 224KB

.rsrc Size: 5KB - Virtual size: 4KB

3b85ca37d01f2faeb20352a370430131

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 1024B - Virtual size: 990B

.data Size: 6KB - Virtual size: 224KB

.rsrc Size: 5KB - Virtual size: 8KB

ed4817bd12c7cb91fdcfb0ad265f5af2

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 1024B - Virtual size: 990B

.data
Size: 6KB - Virtual size: 224KB

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 1024B - Virtual size: 990B

.data
Size: 6KB - Virtual size: 224KB

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 1024B - Virtual size: 990B

.data
Size: 6KB - Virtual size: 224KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 48KB - Virtual size: 46KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 12KB - Virtual size: 28KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 768B - Virtual size: 751B

.data
Size: 512B - Virtual size: 408B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 180KB - Virtual size: 178KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

LoadLi
Size: 4KB - Virtual size: 1830.1MB