5706445480890_Metrel HVLink PRO 11[.]8_Elma[.]zip

Resubmissions

07-03-2023 13:26

230307-qpnn8aab39 7

Sharing

Copy URL

Twitter E-mail

General

Target

5706445480890_Metrel HVLink PRO 11.8_Elma.zip
Size

21.8MB
MD5

6d86ddc5899196cf1c4ce558cdd07b7a
SHA1

ed7a279a2fff328d972d0522d5483d3df9113740
SHA256

3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608
SHA512

e81164650f1f9bd3c7890d223504674b2893156f5d4e7f534dadebba94f8cfdfaf2d5b5003399ffc0aabe52d62c5f92f05d3e701d818a4df303540fb0947e0de
SSDEEP

393216:vru3We6R64qGF9O4CN0JSMc/nMBYWKImvnk9ba8YUktMvPpTWXrRkT3d9fV:vgWecN97OqSD/nCIvk9b8Rty2otH

Score

1^/10

Malware Config

Signatures

Files

5706445480890_Metrel HVLink PRO 11.8_Elma.zip
.zip
HVLink PRO 11.8.exe
.exe windows x86

57667c8db8bb51dbd1bd7d19850c11f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

comctl32

ord17

kernel32

CompareStringA
CompareStringW
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
GetLocaleInfoA
GetExitCodeProcess
ExitThread
GetCommandLineA
GetSystemDefaultLangID
lstrcmpA
lstrcmpiA
VerLanguageNameA
MoveFileA
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
GetSystemTimeAsFileTime
SetFileAttributesA
GetPrivateProfileStringA
CreateDirectoryA
LocalFree
FormatMessageA
GetSystemInfo
MulDiv
IsValidLocale
GetVersion
GetModuleHandleA
GetFileAttributesA
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetFileTime
IsBadReadPtr
VirtualQuery
FlushFileBuffers
SetEndOfFile
GetDiskFreeSpaceA
GetTempFileNameA
GetCurrentThread
lstrcatA
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CopyFileA
CreateThread
GetExitCodeThread
GetTickCount
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
SetEnvironmentVariableA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetStartupInfoA
HeapReAlloc
RtlUnwind
FreeResource
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
SystemTimeToFileTime
SetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
ExitProcess
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileA
Sleep
RemoveDirectoryA
IsDBCSLeadByte
SetFilePointer
GetProcessHeap
HeapAlloc
ReadFile
lstrlenW
HeapFree
WriteFile
lstrcpynA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
WritePrivateProfileSectionA
GetPrivateProfileSectionA
MoveFileExA
GetDriveTypeA
QueryPerformanceCounter
SetEvent
ResetEvent
SearchPathA
VirtualProtect
GetCurrentProcessId
FindResourceExA
LoadLibraryExA
GetDateFormatA
GetTimeFormatA
GetLocalTime
TerminateProcess
GetProcessTimes
OpenProcess
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
LocalAlloc

user32

LoadImageA
CreateDialogParamA
GetParent
GetWindowTextA
SetCursor
GetWindow
GetDlgItemTextA
SetFocus
SetDlgItemTextA
SetForegroundWindow
SetActiveWindow
GetDlgCtrlID
GetDC
FillRect
GetSysColor
GetSysColorBrush
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
CreateDialogIndirectParamA
CharNextA
FindWindowExA
IsDialogMessageA
EnableWindow
SendDlgItemMessageA
SendMessageA
GetWindowRect
ScreenToClient
MoveWindow
DestroyWindow
MessageBoxA
WaitForInputIdle
GetWindowLongA
BeginPaint
EndPaint
SetWindowLongA
GetClientRect
ClientToScreen
SetWindowPos
ExitWindowsEx
CharUpperA
RegisterClassExA
InvalidateRect
EnumChildWindows
UpdateWindow
SetPropA
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
RemovePropA
GetPropA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
MapWindowPoints
GetWindowDC
ReleaseDC
EndDialog
SetWindowTextA
GetDlgItem
ShowWindow
DialogBoxIndirectParamA
GetDesktopWindow
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
DefWindowProcA
PostMessageA
KillTimer
PostQuitMessage
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
wvsprintfA
CharPrevA
IsWindow

gdi32

UnrealizeObject
SelectPalette
RealizePalette
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateFontA
GetDIBColorTable
SetTextColor
GetDeviceCaps
CreateSolidBrush
TranslateCharsetInfo
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBitmap
DeleteObject
GetStockObject
DeleteMetaFile
CreateCompatibleBitmap
CreateDCA
RestoreDC
GetTextExtentPoint32A
SaveDC
CreatePatternBrush
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
SetBkColor
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SetBkMode
BitBlt

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

StringFromCLSID
CoCreateInstance
CLSIDFromProgID
ProgIDFromCLSID
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateGuid
CreateItemMoniker
StringFromGUID2
GetRunningObjectTable

oleaut32

SysFreeString
GetErrorInfo
VariantChangeType
VariantClear
SysAllocString
SysStringLen
SysReAllocStringLen
SysAllocStringLen
LoadTypeLi
CreateErrorInfo
SetErrorInfo
RegisterTypeLi

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA
UuidFromStringA

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISSetupPrerequisites/FTDI VCP Driver.exe
.exe windows x86

72f24160f31764a0142cc3ef061ba6c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
GetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
FlushFileBuffers
SetStdHandle
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetProcAddress
HeapSize
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
GetLocalTime
ExitProcess
GetACP
ReadFile
GetFileSize
GetLastError
LocalFree
FormatMessageA
SetFileTime
GetSystemTime
CloseHandle
SetFilePointer
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
GetModuleFileNameW
GetModuleFileNameA
DeleteFileA
CreateDirectoryW
CreateDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetFileAttributesW
SetFileAttributesA
GetFileTime
GetTickCount
WriteFile
GetOEMCP
GetTimeZoneInformation
Sleep
CreateFileA
CreateFileW
GetFileAttributesA
GetFileAttributesW
GetVersionExA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion

user32

SetTimer
GetDlgItemTextW
SetWindowTextW
EnableWindow
EndDialog
PostQuitMessage
MessageBoxW
GetDesktopWindow
PostMessageA
CopyRect
OffsetRect
SetWindowPos
CreateWindowExW
DialogBoxParamA
LoadCursorA
RegisterClassExW
LoadStringW
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
SetDlgItemTextW
GetDlgItem
SendMessageA
EndPaint
BeginPaint
DestroyWindow
DefWindowProcA
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
SetWindowTextA
GetWindowRect

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetMalloc

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISSetupPrerequisites/PnPutil.exe
.exe windows x86

6fc7c4e84669e99777ddc88fecc0153d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
FindFirstFileW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
WideCharToMultiByte
GetConsoleMode
FormatMessageW
WriteConsoleW
lstrlenW
GetStdHandle
SetThreadPreferredUILanguages
GetLastError
SetLastError
FindClose
GetSystemInfo
FindNextFileW
LocalFree
CreateDirectoryW
GetFileAttributesW
Sleep
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateEventW
WaitForSingleObjectEx
CloseHandle
SetEvent
GetSystemWindowsDirectoryW
RaiseException

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
wcschr
wcsrchr
_resetstkoflw
memset

user32

LoadStringW

setupapi

SetupUninstallOEMInfW
SetupCloseInfFile
SetupDiGetClassDescriptionExW
SetupFindFirstLineW
SetupEnumPublishedInfW
SetupCopyOEMInfW
SetupGetStringFieldW
SetupVerifyInfFileW
SetupOpenInfFileW

drvstore

DriverStoreOpenW
DriverStoreClose
DriverStoreGetObjectPropertyW

newdev

DiInstallDriverW

ole32

CLSIDFromString

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISSetupPrerequisites/USBWin8.bat
ISSetupPrerequisites/cdcseries.pfx
ISSetupPrerequisites/certutil.exe
.exe windows x86

e28a6d38f3f5d6c05612160cdfddcf44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptAcquireContextW
ConvertStringSidToSidW
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
ImpersonateSelf
RevertToSelf
IsValidSecurityDescriptor
GetSecurityDescriptorLength
LookupAccountSidW
CryptGetProvParam
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
CryptSetProvParam
CryptGenRandom
CryptCreateHash
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptDecrypt
CryptImportKey
RegOpenKeyW
CryptGetHashParam
CryptDuplicateKey
CryptEncrypt
CryptGenKey
CryptContextAddRef
CryptExportKey
CryptSignHashW
CryptDuplicateHash
CryptSetHashParam
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetAclInformation
GetAce
EqualSid
DeleteAce
GetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
RegCreateKeyExW
OpenThreadToken
DuplicateToken
CheckTokenMembership
FreeSid
LsaOpenPolicy
LsaFreeMemory
LsaClose
MakeSelfRelativeSD
MakeAbsoluteSD
CreateWellKnownSid
ImpersonateLoggedOnUser
CryptGetDefaultProviderW
CryptEnumProvidersA
RegDeleteKeyExW
AdjustTokenPrivileges
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegConnectRegistryW
LsaRetrievePrivateData
LsaStorePrivateData
InitializeAcl
AddAce
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAccessAllowedAce
AddAccessDeniedAce
SetNamedSecurityInfoW
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

GetFileAttributesW
LocalAlloc
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
SetLastError
GetProcAddress
FreeLibrary
DeleteFileW
lstrcmpW
GetProcessHeap
HeapFree
HeapAlloc
FormatMessageW
GetSystemDefaultLangID
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LocalReAlloc
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
OpenEventW
PulseEvent
GetTickCount64
GetLastError
GetCurrentProcess
lstrcmpiW
CompareFileTime
GetFileAttributesExW
EncodePointer
DecodePointer
LoadLibraryW
GetTickCount
Sleep
FindFirstFileW
FindNextFileW
FindClose
ReadFile
CreateFileW
GetFileSize
SetFilePointer
RaiseException
GetComputerNameW
GetComputerNameExW
GetVersionExW
FindResourceW
LoadResource
SizeofResource
LockResource
EnterCriticalSection
SetConsoleCtrlHandler
LeaveCriticalSection
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetTempFileNameW
InterlockedExchange
InterlockedCompareExchange
GetLocaleInfoW
FindResourceExW
SearchPathW
LoadLibraryExA
GetProfileStringA
SetEvent
InterlockedDecrement
ResetEvent
InterlockedIncrement
CreateEventW
GetFileTime
DelayLoadFailureHook
lstrlenW
GetCommandLineW
VirtualFree
VirtualAlloc
GetTempPathW
WriteConsoleW
GetACP
WideCharToMultiByte
GetLocalTime
OpenProcess
HeapSetInformation
LoadLibraryExW
GetSystemDirectoryW
CompareStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
GetCurrentThread
FoldStringW
CreateDirectoryW
RemoveDirectoryW
GetConsoleOutputCP
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
MultiByteToWideChar
WriteFile
FileTimeToSystemTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
GetFullPathNameW

msvcrt

free
wcsncmp
strstr
_wcslwr
_vsnprintf
_wtoi
_stricmp
swscanf
_strnicmp
_wcsicmp
getenv
wcscspn
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsstr
_wcsnicmp
wcsspn
_fgetwchar
fflush
_purecall
fclose
_wfopen_s
_iob
fwprintf
_vsnwprintf
wcstok
memmove
iswspace
gmtime
__isascii
isxdigit
iswalpha
_wsetlocale
_ultow
_wgetenv
vfwprintf
__iob_func
isdigit
atoi
fputws
_wfopen
fgetc
feof
fgetws
wcstoul
_setmode
_fileno
ftell
fwrite
strspn
strcpy_s
strcat_s
strpbrk
memcmp
sscanf
iswupper
towlower
iswlower
towupper
wcscpy_s
memcpy
memset
bsearch
_itoa_s
wcschr
wcsrchr
iswdigit
iswxdigit
_except_handler4_common
_controlfp
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
fprintf
_strlwr
_swab
ferror
strcspn
fseek
fputs
strchr
fgets
fopen
qsort
strncmp

certcli

CAGetCertTypePropertyEx
ord207
ord358
ord359
ord225
ord246
ord223
ord360
ord213
ord206
CAEnumCertTypesEx
CAFindCertTypeByName
ord258
CAGetCertTypeFlagsEx
CAFreeCertTypeProperty
CAGetCertTypeKeySpec
CAGetCertTypeExpiration
CAGetCertTypeExtensions
CAFreeCertTypeExtensions
CAEnumCertTypesForCAEx
CAGetCertTypeProperty
CACertTypeAccessCheckEx
CAEnumNextCertType
CACloseCertType
ord373
CAEnumFirstCA
CAFindByName
CAGetCAProperty
CAFreeCAProperty
CAEnumNextCA
CACloseCA
ord362
CAGetCAFlags
CAGetCAExpiration
CAAccessCheck
ord361
CAGetCACertificate
CAGetCASecurity
CASetCAProperty
CAUpdateCAEx
CAFindByCertType
ord256
ord218
ord254
ord356
CAEnumCertTypesForCA
CACountCertTypes
CACertTypeAccessCheck
CACountCAs
ord217
ord245
ord370
CACreateNewCA
CASetCAFlags
CASetCACertificate
CASetCASecurity
ord210
ord247
ord205
ord203
ord253
ord260
ord261
ord252
CAUpdateCA
CAAddCACertificateTypeEx
CARemoveCACertificateTypeEx
ord208
ord366
ord357

cabinet

ord23
ord22
ord21
ord20

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

NCryptIsKeyHandle
BCryptFreeBuffer
NCryptFreeObject
NCryptOpenStorageProvider
NCryptImportKey
NCryptSetProperty
NCryptFinalizeKey
NCryptEnumAlgorithms
NCryptIsAlgSupported
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptOpenKey
NCryptCreatePersistedKey
NCryptGetProperty
NCryptEncrypt
NCryptDecrypt
NCryptExportKey
NCryptSignHash
NCryptVerifySignature
NCryptDeleteKey
NCryptSecretAgreement
NCryptDeriveKey
BCryptOpenAlgorithmProvider
BCryptEnumAlgorithms
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDecrypt
BCryptExportKey
BCryptDestroyKey
BCryptSignHash
BCryptVerifySignature
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptQueryProviderRegistration
BCryptEnumContexts
BCryptQueryContextConfiguration
BCryptEnumContextFunctions
BCryptResolveProviders

netapi32

NetApiBufferFree
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetUserGetGroups
DsGetSiteNameW
DsGetDcNameW

normaliz

IdnToUnicode

ntdll

WinSqmIncrementDWORD
NtQuerySystemTime
RtlTimeToSecondsSince1970

ntdsapi

DsCrackNamesW
DsUnBindW
DsFreeNameResultW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsBindW

setupapi

SetupGetIntField
SetupCloseInfFile
SetupGetStringFieldW
SetupFindNextLine
SetupGetFieldCount
SetupFindFirstLineW
SetupGetLineCountW
SetupOpenInfFileW

shell32

SHGetFolderPathW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wldap32

ord113
ord140
ord224
ord142
ord79
ord127
ord167
ord147
ord203
ord36
ord26
ord27
ord41
ord65
ord155
ord210
ord13
ord145
ord14
ord73
ord208
ord16
ord12
ord18

crypt32

CertCompareCertificateName
CryptDecodeObject
CryptRegisterOIDInfo
CertCreateCertificateContext
CertCreateCRLContext
CertFreeCRLContext
CertEnumCRLsInStore
CertCloseStore
CertGetCertificateContextProperty
CryptFindOIDInfo
CryptEncodeObjectEx
CertFreeCertificateContext
CertFindExtension
CertDuplicateCertificateContext
CertGetPublicKeyLength
PFXIsPFXBlob
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptMsgControl
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgClose
CryptQueryObject
CertOpenStore
CertGetNameStringW
CertDeleteCertificateFromStore
CertEnumCTLsInStore
CryptExportPublicKeyInfo
CertComparePublicKeyInfo
CertSetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertSetStoreProperty
CertEnumCTLContextProperties
CertGetCTLContextProperty
CertEnumCRLContextProperties
CertGetCRLContextProperty
CertEnumCertificateContextProperties
CryptAcquireCertificatePrivateKey
CryptFindCertificateKeyProvInfo
CertSetCRLContextProperty
CertSetCTLContextProperty
CertFreeCTLContext
CertAddEncodedCertificateToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CryptEnumOIDInfo
CryptFindLocalizedName
CertSaveStore
CertControlStore
CertEnumPhysicalStore
CertEnumSystemStoreLocation
CertEnumSystemStore
CertAddCRLContextToStore
CertAddCTLContextToStore
CertDuplicateCRLContext
CertDeleteCRLFromStore
CryptImportPublicKeyInfo
CryptEnumKeyIdentifierProperties
CryptVerifyCertificateSignature
CertVerifyTimeValidity
CertVerifyRevocation
CertVerifyCRLTimeValidity
CertGetEnhancedKeyUsage
CryptVerifyCertificateSignatureEx
CertVerifySubjectCertificateContext
CryptMemFree
CertVerifyCertificateChainPolicy
CertAddStoreToCollection
CertCreateCTLContext
CryptMsgOpenToEncode
CryptMsgUpdate
CertDuplicateStore
CryptSignAndEncodeCertificate
CryptStringToBinaryW
CryptDecodeObjectEx
CryptMsgOpenToDecode
CryptSignCertificate
CryptHashPublicKeyInfo
CertGetIntendedKeyUsage
CertAddCertificateLinkToStore
CryptSignMessage
CryptHashCertificate2
CryptEncryptMessage
CryptDecryptMessage
CryptHashCertificate
CertCreateContext
CryptFormatObject
PFXImportCertStore
CertStrToNameW
CertFindAttribute
CertAddSerializedElementToStore
PFXExportCertStoreEx
PFXExportCertStore
CryptFreeOIDFunctionAddress
CertNameToStrW
CryptInitOIDFunctionSet
CryptGetOIDFunctionAddress
CryptGetKeyIdentifierProperty

ole32

PropVariantClear
StgOpenStorageEx
CoSetProxyBlanket
CoCreateInstanceEx
CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitializeEx

oleaut32

SafeArrayPutElement
SafeArrayCreate
SysAllocString
SysStringByteLen
SysFreeString
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetElement
SafeArrayUnaccessData
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopyInd
CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
SafeArrayGetDim

rpcrt4

I_RpcExceptionFilter
NdrClientCall2
UuidCreate

secur32

TranslateNameW
GetUserNameExW
GetComputerObjectNameW

user32

SetWindowTextW
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked
GetDlgItemInt
GetWindowLongW
SetDlgItemInt
CheckDlgButton
SendDlgItemMessageA
EnableWindow
GetDlgItem
CallWindowProcW
GetWindowTextW
ShowWindow
SetFocus
SetWindowLongW
UpdateWindow
CharLowerW
LoadStringW
DispatchMessageW
PostQuitMessage
DefWindowProcW
LoadIconW
RegisterClassW
CreateWindowExW
PostMessageW
GetMessageW
TranslateMessage
EndDialog
GetDesktopWindow
SetCursor
SendMessageW
MessageBoxW
LoadCursorW
SetDlgItemTextW

Sections

.text
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISSetupPrerequisites/metrel_dd.pfx
ISSetupPrerequisites/usbser.cat
ISSetupPrerequisites/usbser.inf

Resubmissions

Sharing

General

Malware Config

Signatures

Files

57667c8db8bb51dbd1bd7d19850c11f9

Headers

DLL Characteristics

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 648KB - Virtual size: 647KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 47KB - Virtual size: 62KB

.rsrc Size: 320KB - Virtual size: 320KB

72f24160f31764a0142cc3ef061ba6c5

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 244KB - Virtual size: 240KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 68KB - Virtual size: 83KB

.rsrc Size: 408KB - Virtual size: 404KB

6fc7c4e84669e99777ddc88fecc0153d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

setupapi

drvstore

newdev

ole32

ntdll

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

e28a6d38f3f5d6c05612160cdfddcf44

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

certcli

cabinet

comctl32

cryptui

gdi32

ncrypt

netapi32

normaliz

ntdll

ntdsapi

setupapi

shell32

version

wldap32

crypt32

.text
Size: 648KB - Virtual size: 647KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 47KB - Virtual size: 62KB

.rsrc
Size: 320KB - Virtual size: 320KB

.text
Size: 244KB - Virtual size: 240KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 68KB - Virtual size: 83KB

.rsrc
Size: 408KB - Virtual size: 404KB

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 875KB - Virtual size: 875KB

.data
Size: 31KB - Virtual size: 40KB

.idata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 52KB - Virtual size: 51KB