5a916af633cf08a725148f55625981624321cf014dacabb18820c5eec801a129

Sharing

Copy URL Twitter E-mail

General

Target

5a916af633cf08a725148f55625981624321cf014dacabb18820c5eec801a129
Size

10.0MB
MD5

a4718554c5ada4db6bca469480e37bbe
SHA1

e3b167089920c541b6960dd921297f745bed4f42
SHA256

5a916af633cf08a725148f55625981624321cf014dacabb18820c5eec801a129
SHA512

98cd04f111ed7fb1c38c8f86057d878b4bb180696a4753f05ca0b98783949c6e4f4dba045d693b200c282ec03ffa85b59d1b21fd51fa5df6ee5f7b6db5dc7d91
SSDEEP

196608:tqUcpO7X5N3GlmjM/rA8IpGsbnV1bUiSzjml/U83wcYkCKf9+BoIpMMaR:J1z5N3BjyA/GsZ1bdSfmicY9KfMBoIaP

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/m147.exe	upx
static1/unpack001/m154.exe	upx
static1/unpack001/m155.exe	upx
static1/unpack001/m174.exe	upx
static1/unpack001/m196.exe	upx

Files

5a916af633cf08a725148f55625981624321cf014dacabb18820c5eec801a129
.zip
m123.exe
.exe windows x86

19c922171e7e6b4e6bf591dceccdb434

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord584
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaI2Var
ord537
_CIlog
__vbaFileOpen
ord647
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord574
__vbaDerefAry1
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord100
__vbaI4Var
__vbaFpCy
__vbaAryLock
ord616
_CIatan
__vbaStrMove
__vbaI4Cy
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
m127.exe
.exe windows x86

6bca49148ba2859daf4de976b05d930b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
ord584
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaLineInputStr
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFpCDblR8
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaR8Cy
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFPException
__vbaI2Var
_CIlog
ord647
__vbaFileOpen
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
ord689
__vbaFpCy
__vbaVarAdd
__vbaAryLock
ord612
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
ord547
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
m147.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m154.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m155.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 579KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m174.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m196.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 495KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
m262.exe
.exe windows x86

b85556ba0d0a840de8b9b1ae4c67c212

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumTimeFormatsW
GetCurrencyFormatW
GetLocaleInfoW
Sleep
FormatMessageW
GetFileAttributesA
SetConsoleMode
CreateSemaphoreA
GetBinaryTypeA
TerminateProcess
GetBinaryTypeW
CompareStringW
GetACP
IsBadStringPtrA
GetTempPathW
LCMapStringA
GetConsoleOutputCP
VerifyVersionInfoW
GetStdHandle
FindFirstFileA
GetProcAddress
GetProcessVersion
CreateSemaphoreW
GetFileType
GetModuleHandleA
CompareStringA
GetCurrentThreadId
LocalSize
GetCurrentProcessId
GetPrivateProfileSectionW
CloseHandle
GetSystemInfo
VirtualProtect
GetDateFormatA
LCMapStringW
GetStringTypeW
GetStringTypeA
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetStdHandle
GetCPInfo
GetOEMCP
LoadLibraryA
WideCharToMultiByte
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
SetFilePointer
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetCurrencyFormatA
EscapeCommFunction
IsBadReadPtr
SleepEx
SetCommBreak
OpenSemaphoreA
FlushConsoleInputBuffer
SetConsoleActiveScreenBuffer
GetCurrentProcess
GetLocaleInfoA
IsBadStringPtrW
GetDateFormatW
GetCommandLineW
FlushFileBuffers
ExitProcess
GetEnvironmentStrings
MultiByteToWideChar
HeapFree
HeapAlloc
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA

user32

DestroyWindow
SetWindowPlacement
SetCursor
PostQuitMessage
TrackPopupMenu
IsIconic
SetKeyboardState
KillTimer
GetParent
LoadIconA
MessageBoxIndirectA
GetClientRect
GetWindowTextLengthA
SendMessageA
DrawEdge
ShowCaret
RegisterWindowMessageA
WinHelpA
IsDialogMessageA
GetKeyboardState
GetWindowPlacement
RegisterClipboardFormatA
SetWindowLongA
GetWindowLongA
SetClassLongA
EndDialog
DefWindowProcA
DestroyCaret
GetDesktopWindow
GetCursorPos
CheckDlgButton
AppendMenuA
DefDlgProcA
CheckRadioButton
SetClipboardData
FindWindowA
LoadCursorA
SetScrollInfo
GetMessageA

gdi32

SetTextColor
GetCharacterPlacementW
DeleteDC
CreateFontA
CreateBitmap
SelectObject
CreateCompatibleBitmap
GetCharWidthA
SelectPalette
SetTextAlign
IntersectClipRect
GetPixel
GetStockObject
GetTextExtentPoint32A

shell32

CommandLineToArgvW

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
m266.exe
.exe windows x86

ff51f908db3cffdade3a7bf79cb6f946

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EscapeCommFunction
GetCurrencyFormatA
GetDateFormatA
EnumTimeFormatsW
GetCurrencyFormatW
GetLocaleInfoW
Sleep
FormatMessageW
GetFileAttributesA
SetConsoleMode
CreateSemaphoreA
GetBinaryTypeA
TerminateProcess
GetBinaryTypeW
CompareStringW
GetACP
IsBadStringPtrA
GetTempPathW
LCMapStringA
GetConsoleOutputCP
VerifyVersionInfoW
GetStdHandle
FindFirstFileA
GetProcAddress
GetProcessVersion
CreateSemaphoreW
GetFileType
GetModuleHandleA
CompareStringA
GetCurrentThreadId
LocalSize
GetCurrentProcessId
GetPrivateProfileSectionW
IsBadReadPtr
GetSystemInfo
VirtualProtect
FlushFileBuffers
LCMapStringW
GetStringTypeW
GetStringTypeA
HeapSize
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetStdHandle
GetCPInfo
GetOEMCP
LoadLibraryA
WideCharToMultiByte
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
SetFilePointer
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetStartupInfoA
SleepEx
SetCommBreak
OpenSemaphoreA
FlushConsoleInputBuffer
SetConsoleActiveScreenBuffer
GetCurrentProcess
GetLocaleInfoA
IsBadStringPtrW
GetDateFormatW
GetCommandLineW
CloseHandle
ExitProcess
SetHandleCount
GetCommandLineA
HeapFree
HeapAlloc
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW

user32

ToAsciiEx
GetSystemMenu
GetWindowRect
GetParent
MessageBeep
GetClientRect
CreateMenu
SetFocus
GetWindowTextLengthA
SendMessageA
DrawEdge
WinHelpA
TranslateMessage
GetKeyboardState
RegisterClipboardFormatA
MessageBoxA
ReleaseDC
GetDlgItem
DefWindowProcA
SetWindowPos
CheckDlgButton
ShowWindow
CreatePopupMenu
IsWindow
FlashWindow
OpenClipboard
GetSystemMetrics
SetCaretPos
SetWindowTextA
GetDlgItemTextA
GetCaretBlinkTime
RegisterClassA
MoveWindow
SetTimer

gdi32

CreateFontA
SetBkColor
DeleteObject
CreateCompatibleDC
Rectangle
RealizePalette
SelectPalette
SetTextAlign
GetPixel
TextOutA
GetCharWidthW

shell32

CommandLineToArgvW

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
m271.exe
.exe windows x86

5b869658dc6672f0e141be7a7bc58cc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FlushFileBuffers
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
SetStdHandle
LoadLibraryA
GetCPInfo
GetOEMCP
WideCharToMultiByte
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
UnhandledExceptionFilter
GetModuleFileNameA
WriteFile
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetSystemTimeAsFileTime
CloseHandle
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
CompareStringA
GetModuleHandleA
ExitProcess
GetProcAddress
GetLastError
GetStdHandle
GetConsoleOutputCP
GetTempPathW
IsBadStringPtrA
GetACP
CompareStringW
TerminateProcess
Sleep
GetLocaleInfoW
GetCurrencyFormatW
GetDateFormatA
GetCurrencyFormatA
GetCurrentProcess
GetLocaleInfoA
IsBadStringPtrW
GetDateFormatW
GetCommandLineW
GetCommandLineA
HeapAlloc
HeapFree

user32

GetMessageTime
RegisterClassA
CheckMenuItem
SetDlgItemTextA
DialogBoxParamA
GetDlgItemTextA
LoadCursorA
ToAsciiEx
DestroyWindow
SetWindowPlacement
SetCursor
CloseClipboard
GetSystemMenu
SetTimer
ScreenToClient
MapDialogRect
CreateDialogParamA
PostQuitMessage
SendDlgItemMessageA
SetKeyboardState
SetCapture
KillTimer
MsgWaitForMultipleObjects
LoadIconA
MessageBeep
MessageBoxIndirectA
CreateMenu
SendMessageA
DrawEdge
ShowCaret
RegisterWindowMessageA
GetDC
GetKeyboardState
GetWindowPlacement
GetKeyboardLayout
RegisterClipboardFormatA
MessageBoxA
GetWindowLongA
GetClipboardData
CreateWindowExA
PeekMessageA
EmptyClipboard
GetDlgItem
EndDialog
DestroyCaret
GetSysColor
GetCursorPos
CheckDlgButton
ShowWindow
IsDlgButtonChecked
AppendMenuA
CheckRadioButton
OpenClipboard
InsertMenuA
SetWindowTextA
UpdateWindow
SetClipboardData

gdi32

SetTextAlign
MoveToEx
LineTo
SetTextColor
GetCharacterPlacementW
DeleteDC
CreateFontIndirectA
SetBkColor
ExcludeClipRect
SetPixel
UnrealizeObject
DeleteObject
SetMapMode
Rectangle
ExtTextOutW
RealizePalette
SelectPalette
SetPaletteEntries
CreatePen
GetTextMetricsA
IntersectClipRect
GetPixel
GetObjectA
GetStockObject
ExtTextOutA
UpdateColors
TextOutA

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA
ChooseFontA

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19c922171e7e6b4e6bf591dceccdb434

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 292KB - Virtual size: 291KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 108KB - Virtual size: 104KB

6bca49148ba2859daf4de976b05d930b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 292KB - Virtual size: 290KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 108KB - Virtual size: 106KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 492KB - Virtual size: 492KB

.rsrc Size: 85KB - Virtual size: 88KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 492KB - Virtual size: 492KB

.rsrc Size: 81KB - Virtual size: 84KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 579KB - Virtual size: 580KB

.rsrc Size: 90KB - Virtual size: 92KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 554KB - Virtual size: 556KB

.rsrc Size: 93KB - Virtual size: 96KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 495KB - Virtual size: 496KB

.rsrc Size: 79KB - Virtual size: 80KB

b85556ba0d0a840de8b9b1ae4c67c212

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 512KB - Virtual size: 510KB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 296KB - Virtual size: 300KB

.rsrc Size: 32KB - Virtual size: 30KB

ff51f908db3cffdade3a7bf79cb6f946

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 488KB - Virtual size: 484KB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 260KB - Virtual size: 264KB

.rsrc Size: 32KB - Virtual size: 30KB

5b869658dc6672f0e141be7a7bc58cc3

.text
Size: 292KB - Virtual size: 291KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 108KB - Virtual size: 104KB

.text
Size: 292KB - Virtual size: 290KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 108KB - Virtual size: 106KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 492KB - Virtual size: 492KB

.rsrc
Size: 85KB - Virtual size: 88KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 492KB - Virtual size: 492KB

.rsrc
Size: 81KB - Virtual size: 84KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 579KB - Virtual size: 580KB

.rsrc
Size: 90KB - Virtual size: 92KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 554KB - Virtual size: 556KB

.rsrc
Size: 93KB - Virtual size: 96KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 495KB - Virtual size: 496KB

.rsrc
Size: 79KB - Virtual size: 80KB

.text
Size: 512KB - Virtual size: 510KB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 296KB - Virtual size: 300KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 488KB - Virtual size: 484KB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 260KB - Virtual size: 264KB

.rsrc
Size: 32KB - Virtual size: 30KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1024KB - Virtual size: 1020KB

.data
Size: 60KB - Virtual size: 64KB

.rsrc
Size: 32KB - Virtual size: 30KB