Downloads[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Downloads.rar
Size

3.7MB
MD5

d4e6468b79193aad1f568b838eebb2d8
SHA1

03d2719ddcafdfe85792e12be873d45a6da1e099
SHA256

ee17c806a1c41f64ab9b68bbdab802c06a9da8890afb5cea2f66b544b88eaed9
SHA512

54e04338b7eb45107987de70d2fe4cf2270c972dc7a4dbfea40eb0e5f4783e7dc489e680ed5197c3b6ff25d97bd5c0c08be552560525415ca63bb014f49ffc06
SSDEEP

98304:rTPHN6D+geA1R7jXBNrJs8LHPGEqRHZbid1S9Yl9Ca:HNPgeA11F5/GH809Y1

Score

1^/10

Malware Config

Signatures

Files

Downloads.rar
.rar
Downloads/56b5116db18b2599a5ea7f3b2302c709.exe.vir
.exe windows x64

f23d50d2de6ed0bd6c56cc0d1cb4d5ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
HeapSize
WriteConsoleW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/5a45119a2603b6ad08c7f5e44e9588d3.exe.vir
.exe windows x64

15105091e0c153a94814bc60f4592e5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
lstrlenA
CreateFileMappingA
OpenFileMappingA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
QueryPerformanceCounter
LoadLibraryW
FlsFree
FlsAlloc
FlsSetValue
FlsGetValue
GetACP
HeapReAlloc
HeapCreate
HeapSetInformation
RtlVirtualUnwind
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
ExitThread
CreateThread
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsBadReadPtr
HeapValidate
HeapSize
FindResourceExA
SetFileAttributesA
GetShortPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetHandleInformation
GetThreadLocale
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetProfileIntA
VirtualProtect
GetAtomNameA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetErrorMode
GlobalFlags
GetModuleFileNameW
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
CreateEventA
SetEvent
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
lstrcmpA
MulDiv
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
lstrcmpW
FreeLibrary
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetModuleHandleA
FreeResource
SetLastError
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentProcessId
SetFileTime
WriteFile
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
SetFilePointer
CreateFileA
LockResource
WideCharToMultiByte
GetLastError
Sleep
GetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
MultiByteToWideChar
GetVersion
CompareStringW
CompareStringA
GetStringTypeExA
LoadLibraryA
GetProcAddress
SizeofResource
LoadResource
FindResourceA
lstrcmpiA
lstrlenW
OpenEventA

user32

GetKeyNameTextA
CheckMenuRadioItem
SetMenuContextHelpId
LoadMenuIndirectA
ModifyMenuA
InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DeleteMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextExA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
FillRect
DestroyCursor
GetCursorPos
GetMessageA
TranslateMessage
EndDialog
CreateDialogIndirectParamA
RegisterClipboardFormatA
PostQuitMessage
RemoveMenu
IsMenu
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetMenuItemID
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
OpenIcon
CloseWindow
LoadCursorA
PostThreadMessageA
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowExA
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
MapVirtualKeyA
SetCapture
KillTimer
SetTimer
DrawCaption
DrawAnimatedRects
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
GetWindowDC
EndPaint
BeginPaint
ClientToScreen
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
HiliteMenuItem
GetSystemMenu
DrawMenuBar
DragDetect
GetMenuCheckMarkDimensions
LoadBitmapA
SetMenuItemBitmaps
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
DispatchMessageA
SetActiveWindow
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
CopyRect
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassLongPtrA
GetWindowLongPtrA
SetPropA
UnhookWindowsHookEx
CharUpperA
wsprintfA
GetMenuContextHelpId
LoadAcceleratorsA
GetPropA
CallWindowProcA
SetWindowLongPtrA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
BeginDeferWindowPos
EndDeferWindowPos
GetAsyncKeyState
GetClipboardFormatNameA
CharNextA
CopyAcceleratorTableA
MessageBeep
DestroyIcon
GetDialogBaseUnits
PtInRect
InSendMessage
TabbedTextOutA
MapDialogRect
IsRectEmpty
UnregisterClassA
IsClipboardFormatAvailable
WaitMessage
DlgDirListA
TranslateAcceleratorA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
DispatchMessageW
SubtractRect
UnionRect
InflateRect
SetRect
ReleaseCapture
GetCapture
PostMessageA
PeekMessageA
SetCursor
IsWindow
EnableWindow
SendMessageA
IsWindowEnabled
GetWindow
GetDesktopWindow
ShowWindow
GetWindowLongA
GetActiveWindow
GetWindowThreadProcessId
SetFocus
DestroyMenu
LoadMenuA
LoadIconA
GetMenu
SetMenu
WinHelpA
ReuseDDElParam
UnpackDDElParam
GetSubMenu
GetMenuItemCount
GetDlgCtrlID
SetWindowPos
GetKeyState
SetWindowLongA
GetDlgItem
EqualRect
GetParent
GetFocus
GetSysColor
GetClassNameA
BringWindowToTop
GetLastActivePopup
GetClassInfoA
RegisterWindowMessageA
GetSystemMetrics
IsZoomed
SetRectEmpty
ReleaseDC
GetDC

gdi32

RectInRegion
CreateICA
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetFontLanguageInfo
GetCharacterPlacementA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
OffsetRgn
GetArcDirection
PolyPolyline
GetColorAdjustment
PtInRegion
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
EnumFontFamiliesExA
DeleteMetaFile
EqualRgn
CombineRgn
SetRectRgn
GetRegionData
ExtCreateRegion
PathToRegion
CreateRoundRectRgn
CreatePolyPolygonRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateRectRgnIndirect
SetPaletteEntries
CreateRectRgn
ResizePalette
GetCurrentObject
GetRgnBox
GetPaletteEntries
CreateHalftonePalette
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePenIndirect
GetNearestPaletteIndex
AngleArc
CreateBrushIndirect
CreatePalette
CreateDiscardableBitmap
GetBitmapDimensionEx
SetBitmapDimensionEx
GetBitmapBits
SetBitmapBits
CreatePen
UnrealizeObject
GetStockObject
GetDeviceCaps
CreateDCA
CopyMetaFileA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
GetObjectType
GetObjectA
CreateFontA
GetCharWidthA
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchDIBits
DeleteDC
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontIndirectA
CreateBitmapIndirect
AnimatePalette

comdlg32

GetFileTitleA

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetThreadToken
OpenThreadToken
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey
RevertToSelf

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
DragAcceptFiles

comctl32

InitCommonControlsEx

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathIsUNCA
PathFindExtensionA
PathStripToRootA

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

StgIsStorageILockBytes
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleIsRunning
GetRunningObjectTable
CoLockObjectExternal
CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateOleAdviseHolder
CreateDataAdviseHolder
OleGetClipboard
OleQueryCreateFromData
OleQueryLinkFromData
OleSetMenuDescriptor
DoDragDrop
OleCreateFromData
OleSetContainedObject
OleLockRunning
CreateStreamOnHGlobal
GetClassFile
CreateFileMoniker
CreateGenericComposite
CreateItemMoniker
OleRun
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleSave
OleRegGetMiscStatus
OleCreate
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
OleSetClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoRegisterMessageFilter
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
ReleaseStgMedium
CoTaskMemAlloc
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
OleDuplicateData
OleTranslateAccelerator
OleLoad
OleCreateLinkToFile
OleCreateFromFile
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
OleCreateStaticFromData
OleRegEnumVerbs
OleCreateLinkFromData

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantCopy
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VarBstrFromDec
VarDecFromStr
VarDateFromStr
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
LoadTypeLi
DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VarDateFromUdate
SysStringLen

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 966KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/7880a7beae205f43c9f2155785b7959e.exe.vir
.exe windows x64

7b505878ca25aabda9f10a4f300c6790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForSingleObject
Sleep
CreateThread
VirtualAlloc
VirtualProtect
VirtualFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteConsoleW
CreateFileW
CloseHandle
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

MessageBoxW
GetForegroundWindow
ShowWindow

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

winmm

timeGetSystemTime

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/c620d1f1f0d646823126ac3f36c5a780.exe.vir
.exe windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/cde34053c215372ba47c1c8fbd6b25a7.exe.vir
.exe windows x86

b5a014d7eeb4c2042897567e1288a095

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
MulDiv
GlobalFree
GlobalAlloc
lstrcmpiA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
lstrcmpW
GlobalMemoryStatusEx
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadLocale
GetLocalTime
GetSystemTimeAsFileTime
lstrlenW
GetTempPathW
SetEnvironmentVariableW
CloseHandle
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
GetModuleFileNameW
GetCommandLineW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
TerminateThread
ResumeThread
SuspendThread
IsBadReadPtr
LocalFree
lstrcpyW
FormatMessageW
GetSystemDirectoryW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleA
SystemTimeToFileTime
GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
Sleep
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
lstrcatW
ExitProcess
CompareFileTime
GetStartupInfoA

user32

CharUpperW
EndDialog
DestroyWindow
KillTimer
ReleaseDC
DispatchMessageW
GetMessageW
SetTimer
CreateWindowExW
ScreenToClient
GetWindowRect
wsprintfW
GetParent
GetSystemMenu
EnableMenuItem
EnableWindow
MessageBeep
LoadIconW
LoadImageW
wvsprintfW
IsWindow
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
ShowWindow
SystemParametersInfoW
SetFocus
SetWindowLongW
GetSystemMetrics
GetClientRect
GetDlgItem
GetKeyState
MessageBoxA
wsprintfA
SetWindowTextW
GetSysColor
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
GetWindowLongW
GetMenu
SetWindowPos
CopyImage
SendMessageW
GetWindowDC

gdi32

GetCurrentObject
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetDeviceCaps
DeleteObject
CreateFontIndirectW
DeleteDC

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

VariantClear
OleLoadPicture
SysAllocString

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
memset
_wcsnicmp
strncmp
malloc
memmove
_wtol
memcpy
free
memcmp
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
_controlfp

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe.vir
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f23d50d2de6ed0bd6c56cc0d1cb4d5ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 2KB - Virtual size: 1KB

15105091e0c153a94814bc60f4592e5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 966KB - Virtual size: 966KB

.data Size: 21KB - Virtual size: 46KB

.pdata Size: 104KB - Virtual size: 104KB

.rsrc Size: 44KB - Virtual size: 44KB

7b505878ca25aabda9f10a4f300c6790

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

wininet

winmm

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 373KB - Virtual size: 372KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 244KB - Virtual size: 629KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 51KB

.symtab Size: 512B - Virtual size: 4B

b5a014d7eeb4c2042897567e1288a095

Headers

File Characteristics

Imports

comctl32

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 966KB - Virtual size: 966KB

.data
Size: 21KB - Virtual size: 46KB

.pdata
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 44KB - Virtual size: 44KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 373KB - Virtual size: 372KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 244KB - Virtual size: 629KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 51KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 199KB - Virtual size: 198KB

.text
Size: 573KB - Virtual size: 572KB

.rdata
Size: 717KB - Virtual size: 716KB

.data
Size: 94KB - Virtual size: 444KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 15KB - Virtual size: 14KB