blackmoon | 43b13189402ad4380145a0dd24f6d04c17cbb60dedde94ff78c96a6db4299908

Sharing

Copy URL Twitter E-mail

General

Target

43b13189402ad4380145a0dd24f6d04c17cbb60dedde94ff78c96a6db4299908
Size

2.3MB
MD5

98a1eac2b6f3421c49707b19270d5c79
SHA1

d011d364ca2452ee203d52ac03db97f7bd37dbc3
SHA256

43b13189402ad4380145a0dd24f6d04c17cbb60dedde94ff78c96a6db4299908
SHA512

d803ca6fae7213ce67b0540b227736a8f66fa44d2f03a62d80c853dcf62728d1197b470610c8c8d1ad424eb440324116b69b25c8e35f25b36fd71eb1354014e1
SSDEEP

49152:FS7nxcQDn7j6UfDE/qRIpH3vVMs6JISb4SHAvrMP8PzvLpl6ja4Lnug:M7nyQDn7zuQQH3Os6JI5SHAvrrLpwja6

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
static1/unpack001/圣剑内网通 V2014/cVpn.dll	family_blackmoon

Files

43b13189402ad4380145a0dd24f6d04c17cbb60dedde94ff78c96a6db4299908
.rar
圣剑内网通 V2014/Skin.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

HTMLayoutAnimateElement
HTMLayoutAppendMasterCSS
HTMLayoutAttachEventHandler
HTMLayoutAttachEventHandlerEx
HTMLayoutCallBehaviorMethod
HTMLayoutClassNameA
HTMLayoutClassNameW
HTMLayoutClearAttributes
HTMLayoutClipboardCopy
HTMLayoutCloneElement
HTMLayoutCombineURL
HTMLayoutCommitUpdates
HTMLayoutControlGetType
HTMLayoutControlGetValue
HTMLayoutControlSetValue
HTMLayoutCreateElement
HTMLayoutDataReady
HTMLayoutDataReadyAsync
HTMLayoutDeclareElementType
HTMLayoutDeleteElement
HTMLayoutDetachElement
HTMLayoutDetachEventHandler
HTMLayoutDialog
HTMLayoutElementGetExpando
HTMLayoutElementSetExpando
HTMLayoutEnqueueMeasure
HTMLayoutEnumElementStyles
HTMLayoutEnumResources
HTMLayoutEnumResourcesEx
HTMLayoutEnumerate
HTMLayoutFindElement
HTMLayoutGetAttributeByName
HTMLayoutGetAttributeCount
HTMLayoutGetCharacterRect
HTMLayoutGetChildrenCount
HTMLayoutGetElementByUID
HTMLayoutGetElementHtml
HTMLayoutGetElementHtmlCB
HTMLayoutGetElementHwnd
HTMLayoutGetElementIndex
HTMLayoutGetElementInnerText
HTMLayoutGetElementInnerText16
HTMLayoutGetElementInnerTextCB
HTMLayoutGetElementIntrinsicHeight
HTMLayoutGetElementIntrinsicWidths
HTMLayoutGetElementLocation
HTMLayoutGetElementState
HTMLayoutGetElementText
HTMLayoutGetElementType
HTMLayoutGetElementUID
HTMLayoutGetFocusElement
HTMLayoutGetGraphin
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutGetNthAttribute
HTMLayoutGetNthChild
HTMLayoutGetParentElement
HTMLayoutGetRootElement
HTMLayoutGetScrollInfo
HTMLayoutGetSelectedHTML
HTMLayoutGetStyleAttribute
HTMLayoutHidePopup
HTMLayoutHttpRequest
HTMLayoutInit
HTMLayoutInsertElement
HTMLayoutIsElementEnabled
HTMLayoutIsElementVisible
HTMLayoutLoadFile
HTMLayoutLoadHtml
HTMLayoutLoadHtmlEx
HTMLayoutMoveElement
HTMLayoutMoveElementEx
HTMLayoutParseValue
HTMLayoutPostEvent
HTMLayoutProc
HTMLayoutProcND
HTMLayoutProcW
HTMLayoutProcessUIEvent
HTMLayoutRangeAdvancePos
HTMLayoutRangeCreate
HTMLayoutRangeFromPositions
HTMLayoutRangeFromSelection
HTMLayoutRangeInsertHtml
HTMLayoutRangeIsEmpty
HTMLayoutRangeRelease
HTMLayoutRangeReplace
HTMLayoutRangeToHtml
HTMLayoutRender
HTMLayoutRenderElement
HTMLayoutRequestElementData
HTMLayoutScrollToView
HTMLayoutSelectElements
HTMLayoutSelectElementsW
HTMLayoutSelectParent
HTMLayoutSelectParentW
HTMLayoutSelectionExist
HTMLayoutSendEvent
HTMLayoutSetAttributeByName
HTMLayoutSetCSS
HTMLayoutSetCallback
HTMLayoutSetCapture
HTMLayoutSetDataLoader
HTMLayoutSetElementHtml
HTMLayoutSetElementInnerText
HTMLayoutSetElementInnerText16
HTMLayoutSetElementState
HTMLayoutSetEventRoot
HTMLayoutSetHttpHeaders
HTMLayoutSetMasterCSS
HTMLayoutSetMediaType
HTMLayoutSetMode
HTMLayoutSetOption
HTMLayoutSetScrollPos
HTMLayoutSetStyleAttribute
HTMLayoutSetTimer
HTMLayoutSetTimerEx
HTMLayoutSetupDebugOutput
HTMLayoutShowPopup
HTMLayoutShowPopupAt
HTMLayoutSortElements
HTMLayoutSwapElements
HTMLayoutTrackPopupAt
HTMLayoutTranslateMessage
HTMLayoutTraverseUIEvent
HTMLayoutUpdateElement
HTMLayoutUpdateElementEx
HTMLayoutUpdateWindow
HTMLayoutUrlEscape
HTMLayoutUrlUnescape
HTMLayoutVisitElements
HTMLayoutWindowAttachEventHandler
HTMLayoutWindowDetachEventHandler
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLiteAdvanceFocus
HTMLiteAttachEventHandler
HTMLiteCreateInstance
HTMLiteDestroyInstance
HTMLiteDetachEventHandler
HTMLiteFindElement
HTMLiteGetDocumentMinHeight
HTMLiteGetDocumentMinWidth
HTMLiteGetElementByUID
HTMLiteGetElementHTMLITE
HTMLiteGetFocusElement
HTMLiteGetNextFocusable
HTMLiteGetRootElement
HTMLiteGetTag
HTMLiteLoadHtmlFromFile
HTMLiteLoadHtmlFromMemory
HTMLiteMeasure
HTMLiteRender
HTMLiteRenderEx
HTMLiteRenderOnBitmap
HTMLiteSetCallback
HTMLiteSetDataReady
HTMLiteSetDataReadyAsync
HTMLiteSetMediaType
HTMLiteSetTag
HTMLiteTraverseUIEvent
HTMLiteUpdateView
HTMPrintCreateInstance
HTMPrintDestroyInstance
HTMPrintGetDocumentHeight
HTMPrintGetDocumentMinWidth
HTMPrintGetRootElement
HTMPrintGetTag
HTMPrintLoadHtmlFromFile
HTMPrintLoadHtmlFromFileW
HTMPrintLoadHtmlFromMemory
HTMPrintMeasure
HTMPrintRender
HTMPrintSetCallback
HTMPrintSetDataReady
HTMPrintSetHyperlinkAreaCallback
HTMPrintSetLoadDataCallback
HTMPrintSetMediaType
HTMPrintSetNextPageCallback
HTMPrintSetTag
ValueBinaryData
ValueBinaryDataSet
ValueClear
ValueCompare
ValueCopy
ValueElementsCount
ValueEnumElements
ValueFloatData
ValueFloatDataSet
ValueFromString
ValueGetValueOfKey
ValueInit
ValueInt64Data
ValueInt64DataSet
ValueIntData
ValueIntDataSet
ValueInvoke
ValueIsolate
ValueNthElementKey
ValueNthElementValue
ValueNthElementValueSet
ValueSetValueToKey
ValueStringData
ValueStringDataSet
ValueToString
ValueType
_HTMLayoutSetMediaVars@8

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
圣剑内网通 V2014/cVpn.dll
.dll windows x86

fe553314c1e51fec32d29a541c39eba6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

kernel32

GetModuleFileNameA
GetCommandLineA
IsBadReadPtr
RtlMoveMemory
lstrcpyA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree

rasapi32

RasSetEntryPropertiesA
RasEnumConnectionsA
RasHangUpA
RasDialA
RasSetCredentialsA
RasGetErrorStringA

msvcrt

sprintf
tolower
strrchr
_ftol
modf

Exports

Exports

ConnectionToStateString
CreateVPN
Disconnect
GetVPNErrorString
VPNConnection
VPNSetUserPass

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
圣剑内网通 V2014/install.dll
.dll windows x86

550517591b688e5b7fda637302beae93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
CreateFileA
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetProcAddress
GetModuleHandleW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetVersionExW
GetFullPathNameA
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
WideCharToMultiByte
IsDBCSLeadByte
GetCPInfo
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetEndOfFile
SetFilePointer
FlushFileBuffers
MoveFileW
SetFileTime
GetCurrentProcess
Sleep
GetLastError
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
EncodePointer
DecodePointer
RaiseException
ExitProcess
DeleteFileA
GetCurrentThreadId
GetCommandLineA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapSize
LoadLibraryW
LCMapStringW
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
WriteConsoleW

user32

CharLowerA
CharToOemA
CharUpperW
CharToOemBuffW
OemToCharA
OemToCharBuffA
CharUpperA

advapi32

SetFileSecurityW
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
圣剑内网通 V2014/skin/skin.dat
.jpg
圣剑内网通 V2014/update.exe
.exe windows x86

2be1d2bcfbc81b740aa39ab7ab5d15e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemAlloc
OleSetContainedObject
StringFromIID
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoRevokeClassObject
MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoLockObjectExternal
CoTaskMemFree
StringFromCLSID
OleCreate
OleUninitialize
OleInitialize

shlwapi

SHDeleteKeyA
StrFormatByteSize64A

kernel32

lstrcpyW
FindResourceA
FreeResource
LoadResource
GetCurrentProcess
SizeofResource
GetConsoleWindow
LockResource
GetModuleHandleA
CloseHandle
CreateFileA
ReadFile
VirtualFree
FreeLibrary
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
GetProcAddress
VirtualAlloc
VirtualAllocEx
LoadLibraryA
GetSystemInfo
GetCurrentThreadId
WriteProcessMemory
GetFileSize
SetFilePointer
WriteFile
Sleep
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformation
GetCurrentThread
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
OpenThread
GetExitCodeThread
DeleteCriticalSection
SuspendThread
ResumeThread
AllocConsole
ReadConsoleA
FlushConsoleInputBuffer
SetConsoleMode
SetConsoleTitleA
GetStdHandle
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
VirtualProtect
GetModuleHandleW
ExitProcess
DebugBreak
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
GetFullPathNameA
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
DuplicateHandle
MoveFileA
CreateProcessA
DeleteFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
RaiseException
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetDriveTypeW
CompareStringW
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
IsProcessorFeaturePresent
CreatePipe
GetExitCodeProcess
HeapSize
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
lstrlenW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
LocalFree
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
GetModuleFileNameA
DecodePointer
GetCPInfo

user32

IsIconic
ModifyMenuA
GetWindowThreadProcessId
GetMessageA
SetActiveWindow
PeekMessageA
DispatchMessageA
SetForegroundWindow
SetWindowRgn
GetWindowRect
GetSystemMenu
TranslateMessage
GetClientRect
WinHelpA
IsWindow
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
wsprintfA
SetFocus
OffsetRect
IntersectRect
MessageBoxA
GetWindowLongA

gdi32

DeleteObject
SetWindowExtEx
SetViewportOrgEx
CreateRectRgnIndirect
SetMapMode
SetViewportExtEx
SetWindowOrgEx

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA

oleaut32

GetActiveObject
VariantInit
VariantCopyInd
VariantClear
LoadTypeLibEx
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
LHashValOfNameSys
SafeArrayCreateVector
VariantTimeToSystemTime
SafeArrayAccessData
VariantCopy
SafeArrayDestroy
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
VariantChangeType
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPutElement
DispGetIDsOfNames
UnRegisterTypeLi

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
圣剑内网通 V2014/圣剑内网通.exe
.exe windows x86

2be1d2bcfbc81b740aa39ab7ab5d15e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemAlloc
OleSetContainedObject
StringFromIID
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoRevokeClassObject
MkParseDisplayName
CreateBindCtx
CoCreateInstance
CoLockObjectExternal
CoTaskMemFree
StringFromCLSID
OleCreate
OleUninitialize
OleInitialize

shlwapi

SHDeleteKeyA
StrFormatByteSize64A

kernel32

lstrcpyW
FindResourceA
FreeResource
LoadResource
GetCurrentProcess
SizeofResource
GetConsoleWindow
LockResource
GetModuleHandleA
CloseHandle
CreateFileA
ReadFile
VirtualFree
FreeLibrary
WaitForSingleObject
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
GetProcAddress
VirtualAlloc
VirtualAllocEx
LoadLibraryA
GetSystemInfo
GetCurrentThreadId
WriteProcessMemory
GetFileSize
SetFilePointer
WriteFile
Sleep
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformation
GetCurrentThread
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
OpenThread
GetExitCodeThread
DeleteCriticalSection
SuspendThread
ResumeThread
AllocConsole
ReadConsoleA
FlushConsoleInputBuffer
SetConsoleMode
SetConsoleTitleA
GetStdHandle
SetConsoleCtrlHandler
SetConsoleWindowInfo
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
VirtualProtect
GetModuleHandleW
ExitProcess
DebugBreak
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
GetFullPathNameA
HeapReAlloc
ExitThread
CreateThread
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
DuplicateHandle
MoveFileA
CreateProcessA
DeleteFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
RaiseException
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetDriveTypeW
CompareStringW
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
IsProcessorFeaturePresent
CreatePipe
GetExitCodeProcess
HeapSize
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
CreateFileW
SetEnvironmentVariableA
lstrlenW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
LocalFree
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
GetModuleFileNameA
DecodePointer
GetCPInfo

user32

IsIconic
ModifyMenuA
GetWindowThreadProcessId
GetMessageA
SetActiveWindow
PeekMessageA
DispatchMessageA
SetForegroundWindow
SetWindowRgn
GetWindowRect
GetSystemMenu
TranslateMessage
GetClientRect
WinHelpA
IsWindow
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
wsprintfA
SetFocus
OffsetRect
IntersectRect
MessageBoxA
GetWindowLongA

gdi32

DeleteObject
SetWindowExtEx
SetViewportOrgEx
CreateRectRgnIndirect
SetMapMode
SetViewportExtEx
SetWindowOrgEx

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA

oleaut32

GetActiveObject
VariantInit
VariantCopyInd
VariantClear
LoadTypeLibEx
SysFreeString
SysStringLen
SysAllocStringLen
LoadRegTypeLi
LHashValOfNameSys
SafeArrayCreateVector
VariantTimeToSystemTime
SafeArrayAccessData
VariantCopy
SafeArrayDestroy
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
VariantChangeType
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPutElement
DispGetIDsOfNames
UnRegisterTypeLi

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 364KB - Virtual size: 360KB

.data Size: 104KB - Virtual size: 118KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 108KB - Virtual size: 106KB

fe553314c1e51fec32d29a541c39eba6

Headers

File Characteristics

Imports

user32

kernel32

rasapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 990B

.rsrc Size: 4KB - Virtual size: 4KB

550517591b688e5b7fda637302beae93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 8KB

2be1d2bcfbc81b740aa39ab7ab5d15e0

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 529KB - Virtual size: 528KB

2be1d2bcfbc81b740aa39ab7ab5d15e0

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 9KB - Virtual size: 18KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 364KB - Virtual size: 360KB

.data
Size: 104KB - Virtual size: 118KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 108KB - Virtual size: 106KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 990B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 529KB - Virtual size: 528KB

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB