504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38

Sharing

Copy URL

Twitter E-mail

General

Target

504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
Size

1.1MB
MD5

c65300475e74c5fe298994ac8a1cd613
SHA1

11fabd6bbaf50545583abeea4eb8781ab4b20e1e
SHA256

504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
SHA512

1c09b7ae1f15d90afa6e363df253afee0e606e6436b82145fb6e436c65bc289c6e6ae265a6aef15adda50e30c3aa711ede2a5ce28717f2a74506e11fb75afa31
SSDEEP

24576:RcwRCjvCLnTSjF/46nqO1H/uIiLxeasBkpn+r:6k7TWasqO1H2jLopky

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/©ɱ/083.vir	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/©ɱ/080.vir	autoit_exe

Files

504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
.zip
©ɱ/008.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

PEp0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PEp1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/017.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_UP_SYSTEM_ONLY

Sections

.�ex�
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size:

IMAGE_SCN_MEM_READ

dat5
Size: 256B - Virtual size: 1KB

IMAGE_SCN_MEM_WRITE

.rsr
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
©ɱ/020.vir
.exe windows x86

522f1022ffb8c4beb46391e52954f8e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ModifyMenuW
LoadMenuW
SetMenuItemInfoW
RegisterClassW
CreateWindowExW
PostQuitMessage
DefWindowProcW
AppendMenuW
LoadBitmapW
GetSysColor
FillRect
SetForegroundWindow
SetFocus
GetAsyncKeyState
GetCursorPos
GetSubMenu
GetParent
DrawMenuBar
TrackPopupMenu
SetTimer
LoadImageW
DestroyMenu
GetMenuItemInfoW
KillTimer
GetSystemMetrics
PostMessageW
ShowWindow
UpdateWindow
FindWindowW
GetWindowTextW
LoadStringW
SetWindowTextW
DispatchMessageW
MessageBoxW
GetWindowLongW
GetMessageW
TranslateMessage
DrawIconEx
IsWindow

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW

kernel32

DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapAlloc
HeapSize
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
FreeLibrary
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
RtlUnwind
GetStartupInfoA
GetLocaleInfoA
GetStringTypeA
ExitProcess
LCMapStringA
WideCharToMultiByte
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
lstrlenW
GetProcessHeap
lstrlenA
LocalFree
OutputDebugStringW
DeleteFileW
FindClose
FindFirstFileW
CloseHandle
LoadLibraryW
CreateProcessW
GetPrivateProfileIntW
ReleaseSemaphore
WaitForSingleObject
GetPrivateProfileStringW
GetVersionExW
CreateSemaphoreW
GetSystemDirectoryW
CreateMutexW
ReleaseMutex
lstrcmpiW
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
GetModuleFileNameA
GetStdHandle
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultLCID
GetStringTypeExW
LocalAlloc
GetTempPathW
GetTempFileNameW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetFilePointer
SetStdHandle
CreateFileW
ReadFile
CreateThread
ExitThread
RaiseException
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersionExA
OpenFileMappingW
GetPrivateProfileSectionW
GlobalFree
GetFileSize
GlobalAlloc
GetStringTypeW
FindFirstFileA
lstrcmpiA
GetPrivateProfileStringA
GetUserDefaultLangID

gdi32

GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
SetTextColor
SetBkColor
GetTextAlign
SetTextAlign
TextOutW
CreateICW
GetTextExtentPoint32W
DeleteDC
DeleteObject
CreateSolidBrush

winspool.drv

OpenPrinterW
GetPrinterW
GetPrinterDataW
EnumPrinterDriversW
GetPrinterDriverW
ClosePrinter
OpenPrinterA
GetPrinterDriverA
EnumPrinterDriversA

comctl32

ord17

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
©ɱ/022.vir
.exe windows x86

d035182a5fccd2afe144375820576548

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Module32Next
OpenProcess
TerminateProcess
Module32First
Process32First
CreateToolhelp32Snapshot
DeleteFileA
FindClose
CloseHandle
GetComputerNameA
GetSystemDirectoryA
GetModuleHandleA
SetFileTime
GetFileTime
CreateFileA
GetCurrentProcess
CopyFileA
GetModuleFileNameA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
GetSystemInfo
FreeLibrary
FindFirstFileA
Sleep
GetSystemTimeAsFileTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
ExitProcess
HeapFree
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
SetEnvironmentVariableA
lstrcmpA
GetACP
GetCPInfo
ReadFile
GetEnvironmentStrings
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
FlushFileBuffers
SetStdHandle
GetLastError
HeapAlloc
WideCharToMultiByte
VirtualAlloc
FreeEnvironmentStringsW
HeapCreate
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
VirtualFree
RtlUnwind
WriteFile
MultiByteToWideChar
SetFilePointer

user32

LoadStringA

advapi32

RegQueryValueExA
RegEnumKeyExA
GetUserNameA
RegEnumValueA
RegCloseKey
RegOpenKeyA
RegSetValueExA

shell32

ShellExecuteA

wsock32

gethostname
WSAStartup
socket
closesocket
WSACleanup
gethostbyname
ntohl
recv
send
WSAGetLastError
connect
htons

rasapi32

RasEnumConnectionsA

Sections

pec1
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/040.vir
.exe windows x86

1a3c64c094dba9db7cb93ebe4033d808

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord5300
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord5240
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2535
ord640
ord323
ord755
ord470
ord3693
ord800
ord5785
ord2818
ord4133
ord4297
ord5788
ord1641
ord3092
ord540
ord3571
ord3626
ord2379
ord2414
ord2405
ord1640
ord2859
ord3663
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord1576
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord4623
ord4615
ord1168

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__CxxFrameHandler
_setmbcp
_ftol
__dllonexit
_onexit
_exit
exit
_XcptFilter

kernel32

GetModuleFileNameW
LoadLibraryA
GetProcAddress
GetFileSize
GetStartupInfoA
GetModuleHandleA
CloseHandle
ReadFile

user32

GetDC
InvalidateRect
GetClientRect
EnableWindow
UpdateWindow
SetTimer

gdi32

CreateCompatibleBitmap
BitBlt
Rectangle
CreatePen
CreateCompatibleDC

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
©ɱ/046.vir
.exe windows x86

ce5d2703561a02b15fa8fab2e3fb9b56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindActCtxSectionStringW
SleepEx
_lopen
ConsoleMenuControl
GetThreadIOPendingFlag
GetExpandedNameA
CreateIoCompletionPort
MulDiv
SetEnvironmentVariableW
GetProcessWorkingSetSize
GetTempFileNameA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/053.vir
.exe windows x86

47e6bcbc85b2b2e91db3152110a28b48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord354
ord2393
ord6010
ord1979
ord6385
ord2764
ord3811
ord924
ord665
ord1988
ord690
ord6883
ord801
ord541
ord926
ord858
ord5572
ord825
ord535
ord540
ord2818
ord823
ord2915
ord537
ord860
ord3337
ord5207
ord389
ord800

msvcrt

exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
_controlfp
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_mbscmp
sprintf
__CxxFrameHandler
?terminate@@YAXXZ
_except_handler3
_initterm

kernel32

Sleep
GetTickCount
CreateMutexA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
WriteProfileStringA
GetProfileIntA
GetModuleHandleA
GetStartupInfoA

user32

SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
FindWindowExA
GetWindowTextA
SetForegroundWindow
keybd_event
ShowWindow
GetActiveWindow
GetForegroundWindow

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/058.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
©ɱ/077.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.te5t
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dat
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
©ɱ/080.vir
.exe windows x86

04b4eec1b14791bf23f31173f27a5df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
lstrcpyW
MultiByteToWideChar
lstrlenW
lstrcmpiW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
GetProcessHeap
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetLocalTime
CompareStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetStartupInfoW
IsProcessorFeaturePresent
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
HeapCreate
SetHandleCount
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
RtlUnwind
SetFilePointer
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
HeapReAlloc
WriteConsoleW
SetEndOfFile
SetSystemPowerState
SetEnvironmentVariableA

user32

GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
SetWindowPos
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
TranslateMessage
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
GetMenuItemID
DispatchMessageW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
PeekMessageW
UnregisterHotKey
CharLowerBuffW
keybd_event
MonitorFromRect
GetWindowThreadProcessId

gdi32

DeleteObject
AngleArc
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
GetDeviceCaps
MoveToEx
DeleteDC
GetPixel
CreateDCW
Ellipse
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
CloseServiceHandle
UnlockServiceDatabase
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
CopySid
LogonUserW
LockServiceDatabase
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
InitiateSystemShutdownExW
OpenSCManagerW
RegCloseKey

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CLSIDFromString
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize
IIDFromString

oleaut32

VariantChangeType
VariantCopyInd
DispCallFunc
CreateStdDispatch
CreateDispTypeInfo
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SysStringLen
SafeArrayAllocData
GetActiveObject
QueryPathOfRegTypeLi
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysAllocString
VariantCopy
VariantClear
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
SafeArrayAccessData
VariantInit

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
©ɱ/083.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/089.vir
.exe windows x86

f78966ea57e383e52db604760a7650ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc

user32

GetSystemMetrics
LoadIconA
LoadCursorW

msvcrt

memcpy

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ata3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ata2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
©ɱ/093.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 336B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/095.vir
.exe windows x86

3662f240187b7ff39b51456b015e8927

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
SetMessageWaitingIndicator
CreateSemaphoreA
PostQueuedCompletionStatus
GetLogicalDriveStringsA
GetConsoleWindow
SetConsoleNumberOfCommandsA
InterlockedDecrement
SetInformationJobObject

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 77KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
©ɱ/098.vir
.exe windows x86

fabafa450d09b6689b567ced7f8cf37f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CancelDC

advapi32

RevertToSelf

lz32

LZClose

msvbvm60

ord513
ord560
DllFunctionCall
__vbaExceptHandler
ProcCallEngine
ord644
ord100
ord430
ord544

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

PEp0 Size: 72KB - Virtual size: 72KB

PEp1 Size: 36KB - Virtual size: 36KB

Headers

File Characteristics

Sections

.�ex� Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size:

dat5 Size: 256B - Virtual size: 1KB

.rsr Size: 56KB - Virtual size: 52KB

522f1022ffb8c4beb46391e52954f8e9

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

advapi32

kernel32

gdi32

winspool.drv

comctl32

Sections

.text Size: 165KB - Virtual size: 164KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 10KB - Virtual size: 10KB

d035182a5fccd2afe144375820576548

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

rasapi32

Sections

pec1 Size: 56KB - Virtual size: 56KB

pec2 Size: 28KB - Virtual size: 28KB

1a3c64c094dba9db7cb93ebe4033d808

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 704B

.rsrc Size: 42KB - Virtual size: 42KB

ce5d2703561a02b15fa8fab2e3fb9b56

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 13KB - Virtual size: 13KB

rdata Size: - Virtual size: 64KB

.data Size: 49KB - Virtual size: 70KB

47e6bcbc85b2b2e91db3152110a28b48

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Sections

PEp0
Size: 72KB - Virtual size: 72KB

PEp1
Size: 36KB - Virtual size: 36KB

.�ex�
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size:

dat5
Size: 256B - Virtual size: 1KB

.rsr
Size: 56KB - Virtual size: 52KB

.text
Size: 165KB - Virtual size: 164KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 10KB - Virtual size: 10KB

pec1
Size: 56KB - Virtual size: 56KB

pec2
Size: 28KB - Virtual size: 28KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 704B

.rsrc
Size: 42KB - Virtual size: 42KB

.text
Size: 13KB - Virtual size: 13KB

rdata
Size: - Virtual size: 64KB

.data
Size: 49KB - Virtual size: 70KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 33KB - Virtual size: 33KB

DATA
Size: 512B - Virtual size: 372B

BSS
Size: - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 976B

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 33KB

.te5t
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 4KB

.dat
Size: 4KB - Virtual size: 256B

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 13KB - Virtual size: 12KB

UPX0
Size: 32KB - Virtual size: 32KB

UPX1
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 54KB - Virtual size: 54KB