07aaa42b737976c65e566acb0ddce375a99322457fad9469ff6f007139dc7fa9

Sharing

Copy URL

Twitter E-mail

General

Target

07aaa42b737976c65e566acb0ddce375a99322457fad9469ff6f007139dc7fa9
Size

970KB
MD5

f0a25b932e8ddbabfc21b36a9a0ebeee
SHA1

f6492203367bb62b0a9ea4be6c7e5c3a41f6c469
SHA256

07aaa42b737976c65e566acb0ddce375a99322457fad9469ff6f007139dc7fa9
SHA512

837f9cde193e3be3689752b9fc911428ebab9d331d649727930b8773e58be264f2eed5de8309639d572f8466e8137a061a2ba08e8b772cbe3de8f81a7f70398d
SSDEEP

24576:bbRB8J1OUBribnu6QxwVPbpATuELIhRRD:ZB8J1bBObnuYP+TuELIh/D

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Usp10.dll	upx

Files

07aaa42b737976c65e566acb0ddce375a99322457fad9469ff6f007139dc7fa9
.rar
AMAZING.HLP
Amazing.GID
Amazing.ini
Cddb.dll
.dll windows x86

e7256de09a89c73208f27b79fe1abd53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACancelBlockingCall
WSAStartup
socket
gethostbyname
htons
connect
send
recv
closesocket
WSACleanup

kernel32

GetModuleHandleA
CloseHandle
FlushFileBuffers
HeapSize
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GlobalFree
GlobalAlloc
lstrlenA
lstrcpynA
GetPrivateProfileIntA
GetWindowsDirectoryA
WritePrivateProfileStringA
lstrcmpiA
lstrcpyA
GetPrivateProfileStringA
GetModuleFileNameA
lstrcmpA
GetLastError
CreateThread
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualProtect
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
SetFilePointer
RtlUnwind
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
TlsGetValue
TlsAlloc
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA

user32

SendMessageA
DialogBoxParamA
GetDlgItem
SetFocus
EndDialog
SetWindowLongA
CheckDlgButton
SetDlgItemTextA
SetDlgItemInt
GetWindowLongA
PostMessageA
SendDlgItemMessageA
GetDlgItemInt
GetDlgItemTextA
MessageBoxA
wsprintfA

Exports

Exports

CDDBGetDiskInfo
CDDBGetServerList
CDDBQuery
CDDBSetOption
CDDBSetValues
CDDBSettingsDialog
MultipleCDDBQueryDlgProc

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DX8Glue.dll
.dll windows x86

abb4626cfd27ec733227e1e76e0a9ca3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord2
ord11

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

GetDirectSoundCreate8
GetDirectSoundEnumerate
GetIDirectSoundNotifyGUID
GetVersionNumber

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IOCTLRead.dll
.dll windows x86

e2feeb879b9dc19b735d142dcba033b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateFileMappingA
ReleaseMutex
CloseHandle
WaitForSingleObject
CreateMutexA
DeviceIoControl
CreateFileA
GetDriveTypeA
LocalFree
FormatMessageA
GetProcAddress
GetModuleHandleA
GetVersionExA
MapViewOfFile
FlushFileBuffers
GetLocaleInfoA
UnmapViewOfFile
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
wsprintfA

Exports

Exports

GetASPI32SupportInfo
SendASPI32Command

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Keyboard.dat
MidiControl.dat
NTRead.dll
.dll windows x86

f3c5e4f0dd127725591cdaa1ae8a104d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
CloseHandle
WaitForSingleObject
CreateMutexA
GetLastError
GetDriveTypeA
CreateFileA
GetVersionExA
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
ReleaseMutex
HeapCreate
VirtualFree
HeapFree
WriteFile
LCMapStringA
LCMapStringW
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

Exports

Exports

GetASPI32SupportInfo
SendASPI32Command

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Recent.dat
Usp10.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
amazing.exe
.exe windows x86

a372c6112d27942508e6eaf12407670c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msacm32

acmStreamClose
acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamSize
acmStreamOpen
acmDriverOpen
acmStreamConvert
acmFormatSuggest
acmMetrics
acmDriverDetailsA
acmDriverEnum
acmFormatEnumA
acmDriverClose

cddb

CDDBSetValues
CDDBSetOption
MultipleCDDBQueryDlgProc
CDDBGetDiskInfo
CDDBQuery
CDDBSettingsDialog

comctl32

ImageList_DragMove
ImageList_DragLeave
ord17
ord6
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Destroy
ImageList_EndDrag

winmm

timeGetTime
midiInGetDevCapsA
midiInGetNumDevs
midiInClose
midiInReset
midiInStop
midiInStart
midiInOpen
mmioClose
mmioSeek
mmioAscend
mmioRead
mmioDescend
mmioOpenA
mmioWrite
mmioCreateChunk
waveOutGetErrorTextA
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutPause
waveOutOpen
waveOutClose
waveOutReset
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutRestart

kernel32

InterlockedExchange
GetVersion
CompareStringA
CompareStringW
lstrlenA
SizeofResource
TlsGetValue
GlobalReAlloc
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
ResumeThread
GetCurrentThreadId
InterlockedIncrement
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
SetLastError
GlobalGetAtomNameA
lstrcmpA
GetThreadLocale
FileTimeToSystemTime
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
FindClose
FindFirstFileA
GetFullPathNameA
FileTimeToLocalFileTime
GetFileAttributesA
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
ExitThread
GetCommandLineA
GetProcessHeap
GetStartupInfoA
VirtualAlloc
VirtualQuery
HeapSize
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetACP
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetVolumeInformationA
WritePrivateProfileStringA
CreateThread
GetWindowsDirectoryA
SetThreadPriority
SetEvent
FindResourceA
LoadResource
LockResource
FreeResource
GetLogicalDrives
GetDriveTypeA
GetVersionExA
GetModuleHandleA
GetLastError
FormatMessageA
GetModuleFileNameA
lstrcatA
WinExec
_lopen
_lclose
ReleaseSemaphore
CreateSemaphoreA
LocalFree
LocalAlloc
MulDiv
lstrcpyA
GlobalHandle
CreateEventA
ResetEvent
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
ReadFile
SetFilePointer
WriteFile
CloseHandle
CreateFileA
GlobalAddAtomA

user32

MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
IsWindow
GetClassNameA
GetClassLongA
GetCapture
RegisterWindowMessageA
TabbedTextOutA
DrawTextExA
GrayStringA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
wsprintfA
DestroyWindow
GetDlgCtrlID
CreateWindowExA
TrackPopupMenu
InflateRect
GetCursorPos
FillRect
DrawTextA
DeleteMenu
AppendMenuA
GetDlgItemTextA
CharUpperA
ReleaseCapture
GetDesktopWindow
SetCapture
GetScrollPos
GetClassInfoExA
GetMenuStringA
GetDlgItemInt
SetDlgItemInt
LoadIconA
RegisterClassExA
CreateDialogParamA
SetScrollRange
SetScrollPos
GetClientRect
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage
BeginPaint
EndPaint
InvalidateRect
GetKeyState
IsWindowEnabled
GetFocus
SetForegroundWindow
PtInRect
ModifyMenuA
GetMenu
EnumChildWindows
MoveWindow
ShowWindow
SetTimer
ClientToScreen
KillTimer
MessageBeep
GetWindowLongA
SetPropA
SetWindowLongA
GetSysColor
GetPropA
DefWindowProcA
RemovePropA
CallWindowProcA
GetAsyncKeyState
ScreenToClient
GetWindowRect
GetSystemMetrics
GetDC
ReleaseDC
SetWindowPos
SetWindowTextA
GetWindowTextA
DialogBoxParamA
GetParent
WinHelpA
IsDlgButtonChecked
EndDialog
SetFocus
EnableWindow
CheckRadioButton
SetDlgItemTextA
PostMessageA
GetDlgItem
SendMessageA
CharUpperBuffA
LoadCursorA
SetCursor
LoadMenuA
GetSubMenu
DestroyMenu
CheckMenuItem
CharLowerA
EnableMenuItem
MessageBoxA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CheckDlgButton
GetWindow
SendDlgItemMessageA

gdi32

CreateBitmap
GetClipBox
CreatePen
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
Rectangle
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
UnrealizeObject
SetBrushOrgEx
CreateSolidBrush
SetTextColor
SetBkColor
GetTextMetricsA
GetTextFaceA
CreateFontIndirectA
SelectObject
DeleteObject
RectVisible
GetDeviceCaps
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA

shell32

DragAcceptFiles
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetMalloc
DragQueryFileA
DragFinish

ole32

CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JGLong
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
asd_rem.dll
.dll windows x86

7e70d095c84c5440ec08a30334be2285

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
GetModuleFileNameA
SetThreadPriority
GetLastError
PurgeComm
SetCommState
BuildCommDCBA
GetCommState
CreateFileA
CreateEventA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetOverlappedResult
WriteFile
ReadFile
EscapeCommFunction
DisableThreadLibraryCalls

user32

SendDlgItemMessageA
CheckDlgButton
GetDlgItem
SendMessageA
IsDlgButtonChecked
EndDialog
PostMessageA
wsprintfA
DialogBoxParamA
ExitWindowsEx
MessageBoxA

msvcrt

_adjust_fdiv
_initterm
free
strlen
malloc
strcat
_beginthreadex

Exports

Exports

winampGetGeneralPurposePlugin

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asd_rem.ini
cddb.ini
decwma9DRM.dll
.dll windows x86

ae166ba3efd52240ed27cbec49a4bf83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateEventA
GetProcAddress
LoadLibraryA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
HeapSize
InterlockedCompareExchange
GetModuleHandleW
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
IsProcessorFeaturePresent
GetFullPathNameW
TlsSetValue
GetCommandLineA
GetCurrentDirectoryW
GetACP
GetOEMCP
CloseHandle
TlsFree
SetLastError
TlsGetValue
TlsAlloc
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
RtlUnwind
SetFilePointer
VirtualAlloc
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
VirtualProtect
GetSystemInfo
VirtualQuery
RaiseException
WaitForSingleObject
SetEvent
MultiByteToWideChar
GetLastError
GetCPInfo
WideCharToMultiByte

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

Exports

Exports

CloseWMAFile
GetVersionNumber
IsFileDRMProtected
OpenWMAFile
ReadWMAFileStart
ResumeWMAFile
SetDRMUser
WMAGetID3TitleArtistString

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
encwma71.dll
.dll windows x86

955cb0c8e7291d2a208d7f4eb96f075a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIStreamInfoW
AVIStreamReadFormat
AVIStreamStart
AVIFileOpenW
AVIFileInit
AVIStreamLength
AVIStreamRead
AVIStreamRelease
AVIFileRelease
AVIFileGetStream
AVIFileExit

wmvcore

WMCreateProfileManager
WMCreateIndexer
WMCreateWriterPriv

kernel32

SetEvent
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
CloseHandle
WaitForSingleObject
CreateEventW
InitializeCriticalSection
EnterCriticalSection
MulDiv
DeleteCriticalSection
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetVersionExA
GetSystemInfo
LocalAlloc
LocalFree
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
CreateFileA
LeaveCriticalSection
WriteConsoleA
SetStdHandle
SetFilePointer
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

SendMessageW

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

Exports

Exports

CancelProcessWMA71
DeInitEncodeFromSamplesWMA71
EncodeFromSamplesWMA71
ExecuteWMA71
GetVersionNumber
InitEncodeFromSamplesWMA71

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lame_enc.dll
.dll windows x86

a5f12ee722d3bff47e96e2a88e2b1d13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameA
GetPrivateProfileIntA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
ExitProcess
TerminateProcess
GetCurrentProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
OutputDebugStringA
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
SetFilePointer
RaiseException
FlushFileBuffers
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
RtlUnwind
SetEndOfFile

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beFlushNoGap
beInitStream
beVersion
beWriteInfoTag
beWriteVBRHeader
lame_close
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_in_samplerate
lame_get_num_channels
lame_get_num_samples
lame_get_out_samplerate
lame_get_scale
lame_get_scale_left
lame_get_scale_right
lame_init
lame_init_params
lame_mp3_tags_fid
lame_set_in_samplerate
lame_set_num_channels
lame_set_num_samples
lame_set_out_samplerate
lame_set_scale
lame_set_scale_left
lame_set_scale_right

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7256de09a89c73208f27b79fe1abd53

Headers

File Characteristics

Imports

wsock32

kernel32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 4KB

abb4626cfd27ec733227e1e76e0a9ca3

Headers

File Characteristics

Imports

dsound

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 988B

.reloc Size: 4KB - Virtual size: 3KB

e2feeb879b9dc19b735d142dcba033b3

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 996B

.reloc Size: 8KB - Virtual size: 5KB

f3c5e4f0dd127725591cdaa1ae8a104d

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 100KB

UPX1 Size: 59KB - Virtual size: 60KB

UPX2 Size: 7KB - Virtual size: 8KB

a372c6112d27942508e6eaf12407670c

Headers

File Characteristics

Imports

version

msacm32

cddb

comctl32

winmm

kernel32

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 988B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 996B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 59KB - Virtual size: 60KB

UPX2
Size: 7KB - Virtual size: 8KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 168KB - Virtual size: 166KB

.data
Size: 144KB - Virtual size: 1.0MB

_RDATA
Size: 4KB - Virtual size: 44B

.rsrc
Size: 32KB - Virtual size: 26KB

.JGLong
Size: 1KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 752B

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 1004B

.reloc
Size: 12KB - Virtual size: 8KB