royal | 1014[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1014.zip
Size

1.3MB
MD5

2a97c4138ae969e69e0f440048dfe6dd
SHA1

d646bb988a6ac171c7083480c4773a09b7960b57
SHA256

ddb0aa14f00f562d9e8a3356fded94ee24d458a6fe11269df63ec6844274e43c
SHA512

b6d867f998c8fe9d881c717728e9f7ac7d12a71b8cffe31dfce2bf2faf38d652340ed9cfc3f51eca38add3ab096ceefb81542e016da585aa9fcb8b213dc3395a
SSDEEP

24576:Ykeu0+QzIQkS4dpuopGfcC85QNgSnnXYz6qraLCf6NPvdxQy5XS2uGRK6VBpxSs:YkeuQcn0osE5QNizLUCf6NPV+y9j1fxD

Score

10^/10

ransomware royal

Malware Config

Signatures

Royal Ransomware 1 IoCs

ransomware

Processes:

resource	yara_rule
static1/unpack001/1014/3ab35b6ca9b3a0a62e87a0553dd440f306d7f406b64ea9dff530e4fa8984ab21.bin	family_royal

Royal family
royal

Files

1014.zip
.zip
1014/1311595327d9d002d97380fecc61dced8feb989235ae346b224cec20558e23c3.bin
.exe windows x86

9e6234adb3779546e5c5049677f2807e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LCMapStringEx
GetStringTypeW
CreateFileW
WriteConsoleW
lstrcpyW
DeleteCriticalSection
VirtualProtect
lstrlenW
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
SetStdHandle
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
Sleep
HeapFree
GetModuleHandleW
TerminateProcess
HeapAlloc
ReadFile
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
SetEndOfFile

winmm

midiOutGetDevCapsA
mixerClose
wid32Message
midiOutMessage
midiOutGetNumDevs
midiOutClose

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW

gdi32

SelectClipRgn
EnumObjects
RealizePalette
GetKerningPairsW
PolyBezierTo
GetClipBox
GetEnhMetaFileDescriptionA
SetWindowOrgEx
SetPixel
SetRelAbs

crypt32

CertAddSerializedElementToStore
CryptEncryptMessage
CryptEnumOIDFunction
CertCompareCertificateName
CryptDecodeObject
CertCreateCertificateContext

mapi32

ord171
ord175
ord180
ord81
ord132
ord172
ord23
ord128
ord154
ord13
ord206
ord46
ord178

wsnmp32

ord602
ord905
ord103
ord104
ord101
ord604

Exports

Exports

_CredPackAuthenticationBufferW@20
_CredUIParseUserNameW@20
_CredUIPromptForWindowsCredentialsW@36
_CredUIReadSSOCredW@8
_CredUIStoreSSOCredW@16
_CredUnPackAuthenticationBufferW@36

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/1dbf4645eb319e306c9acc75464d7d911f1b6211949e5a511181fe51ae0135fc.bin
.exe windows x86

7929e822cb087480fe3767ecd0026d3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

ChrCmpIA
PathGetArgsW
PathIsDirectoryA
PathRemoveBlanksA
SHRegQueryInfoUSKeyA
UrlUnescapeW

kernel32

CreateFileW
GetAtomNameW
GetCommandLineW
GetFileSize
GetLongPathNameA
GetProfileStringA
GetTimeFormatW
Heap32ListFirst
IsValidCodePage
MoveFileWithProgressA
Process32NextW
ReadFile
SetConsoleCursor
VirtualAlloc

msi

ord24
ord36
ord47
ord63
ord77

urlmon

CoInternetCompareUrl
HlinkNavigateMoniker
MkParseDisplayNameEx
RegisterMediaTypeClass
RevokeBindStatusCallback
URLOpenBlockingStreamA
UrlMkBuildVersion

winspool.drv

AddJobA
DeletePrinterKeyW
FindNextPrinterChangeNotification
GetJobA
ord204

wsock32

ord1112
WEP
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName

wsnmp32

ord600
ord999
ord104
ord100
ord206

loadperf

LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW

oleaut32

OleSavePictureFile
VarCyFromR4
VarParseNumFromStr
VarR8FromI2
VarRound
VarUI4FromBool
VarUI4FromR4
VariantClear

shell32

CommandLineToArgvW

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/3346a27bd201cb33b49ea9f769f003ec8126b46a299aae4c4b096682f2f675e9.bin
.exe windows x86

4a650766a72f332cc6ab5c9a180866a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetDescriptionW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmIsIME
ImmNotifyIME

resutils

ClusWorkerCheckTerminate
ResUtilGetDwordProperty
ResUtilGetEnvironmentWithNetName
ResUtilGetProperties
ResUtilIsPathValid
ResUtilSetMultiSzValue
ResUtilSetPrivatePropertyList

rpcrt4

I_RpcTransConnectionReallocPacket
NdrByteCountPointerBufferSize
NdrStubCall2
RpcServerUseProtseqEpW

oleaut32

LPSAFEARRAY_Marshal
VarBoolFromUI4
VarCyFromDec
VarDateFromDisp
VarDecFromDate
VarR4FromUI2
VarR8FromI1
VarUI1FromUI4
VarUI4FromDisp
VarUI4FromI1

mswsock

GetNameByTypeA
GetServiceW
GetTypeByNameA
NPLoadNameSpaces
SetServiceA
rresvport

msacm32

acmDriverOpen
acmFormatChooseW
acmFormatTagDetailsA
acmStreamClose
acmStreamPrepareHeader

wsnmp32

ord201
ord901
ord205
ord206
ord204

msvcrt

_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_controlfp
_except_handler3
_exit
_initterm
exit
fopen
fread
fseek
ftell
malloc
memcpy
wcschr
wcsrchr

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualProtect
lstrcpyW
lstrlenW

Exports

Exports

_CredPackAuthenticationBufferW@20
_CredUIParseUserNameW@20
_CredUIPromptForWindowsCredentialsW@36
_CredUIReadSSOCredW@8
_CredUIStoreSSOCredW@16
_CredUnPackAuthenticationBufferW@36

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/3ab35b6ca9b3a0a62e87a0553dd440f306d7f406b64ea9dff530e4fa8984ab21.bin
.exe windows x86

3a45ce41fbc6d362dd2f153d51234462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

ws2_32

WSAStartup
shutdown
setsockopt
connect
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
WSAGetLastError
WSACleanup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
WSASocketW
socket
WSAAddressToStringW
htonl
htons

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

advapi32

CryptGetUserKey
CryptReleaseContext
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptGetProvParam
CryptAcquireContextW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

ShellExecuteW
CommandLineToArgvW

iphlpapi

GetIpAddrTable

netapi32

NetShareEnum
NetApiBufferFree

rstrtmgr

RmStartSession
RmGetList
RmShutdown
RmEndSession
RmRegisterResources

bcrypt

BCryptGenRandom

kernel32

CompareStringW
HeapAlloc
HeapFree
GetModuleFileNameW
SetConsoleCtrlHandler
LCMapStringW
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
WriteConsoleW
WideCharToMultiByte
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLogicalDrives
FindFirstFileW
EnterCriticalSection
FindNextFileW
WriteFile
LeaveCriticalSection
FindClose
CreateFileW
ExitThread
Sleep
CloseHandle
CreateThread
lstrcmpiW
GetDriveTypeW
GetCommandLineW
GetCurrentProcess
lstrlenW
WaitForMultipleObjects
InitializeCriticalSection
InitializeConditionVariable
CreateMutexW
lstrlenA
WaitForSingleObject
GetLastError
GetProcAddress
DeleteCriticalSection
ExitProcess
CreateProcessW
GetModuleHandleW
DecodePointer
lstrcmpW
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepConditionVariableCS
ReadFile
GetFileSizeEx
WakeAllConditionVariable
GetProcessId
SetEndOfFile
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
GetEnvironmentVariableW
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/5edbc4d43f93a21d6cb19cbcccdcec5b7c6a576446e0a962d174610cf82ee64b.bin
.exe windows x86

9e6234adb3779546e5c5049677f2807e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LCMapStringEx
GetStringTypeW
CreateFileW
WriteConsoleW
lstrcpyW
DeleteCriticalSection
VirtualProtect
lstrlenW
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
SetStdHandle
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
Sleep
HeapFree
GetModuleHandleW
TerminateProcess
HeapAlloc
ReadFile
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
SetEndOfFile

winmm

midiOutGetDevCapsA
mixerClose
wid32Message
midiOutMessage
midiOutGetNumDevs
midiOutClose

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW

gdi32

SelectClipRgn
EnumObjects
RealizePalette
GetKerningPairsW
PolyBezierTo
GetClipBox
GetEnhMetaFileDescriptionA
SetWindowOrgEx
SetPixel
SetRelAbs

crypt32

CertAddSerializedElementToStore
CryptEncryptMessage
CryptEnumOIDFunction
CertCompareCertificateName
CryptDecodeObject
CertCreateCertificateContext

mapi32

ord171
ord175
ord180
ord81
ord132
ord172
ord23
ord128
ord154
ord13
ord206
ord46
ord178

wsnmp32

ord602
ord905
ord103
ord104
ord101
ord604

Exports

Exports

_CredPackAuthenticationBufferW@20
_CredUIParseUserNameW@20
_CredUIPromptForWindowsCredentialsW@36
_CredUIReadSSOCredW@8
_CredUIStoreSSOCredW@16
_CredUnPackAuthenticationBufferW@36

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/907443abde67aaa96110d0b80fc67261582602d6242c9cc3d9eb6c2dfc8f94d2.bin
.exe windows x86

525d13db4bb61f39f75c2d13de8c047b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetConsoleWindow
MultiByteToWideChar
lstrcpyW
VirtualAlloc
ExitProcess
GetProcessHeap
HeapFree
HeapAlloc
LCMapStringEx
HeapSize
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
CloseHandle
SetStdHandle
Sleep
GetModuleHandleW
TerminateProcess
GetCurrentProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
SetLastError
WriteFile
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
AreFileApisANSI
GetProcAddress
InterlockedDecrement
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
SetFilePointerEx
SetFilePointer
ReadConsoleW
GetConsoleMode
GetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
SetEndOfFile
GetStdHandle
ReadFile
GetFileSize
CreateFileW
GetCommandLineW
GetStringTypeW
FlushFileBuffers

gdi32

SetTextCharacterExtra
Polyline
SelectClipPath
UnrealizeObject
CreatePen

rtutils

MprSetupProtocolEnum
TraceDeregisterW
TracePutsExA
TraceDumpExW

rtm

RtmDeregisterClient
MgmGetFirstMfe
RtmRegisterClient
RtmGetNextRoute
MgmReleaseInterfaceOwnership
RtmEnumerateGetNextRoute
RtmLookupIPDestination
RtmDeleteRoute

setupapi

SetupDiSetDriverInstallParamsA
SetupPromptForDiskW
SetupAddSectionToDiskSpaceListA
SetupGetInfSections

wsnmp32

ord901
ord602
ord200
ord402
ord906
ord605

user32

wsprintfW
RegisterWindowMessageW
GetMessageW
GetWindowTextLengthA
DispatchMessageW
GetMenuContextHelpId
EnumWindowStationsA
CallMsgFilterW
DdeCmpStringHandles
TranslateMessage
GetMonitorInfoW
MonitorFromRect
GetComboBoxInfo
LoadCursorFromFileA
LoadImageW
LoadIconW
LoadCursorW
GetParent
GetWindowTextLengthW
SetWindowTextW
UpdateWindow
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
SetFocus
IsDialogMessageW
GetDlgItem
ShowWindow
RegisterClassExW
SendMessageW

oleaut32

VariantChangeType
VarBstrFromDisp
VarR4FromUI4
VarBstrFromDate

msi

ord80
ord121
ord79
ord62
ord161
ord131
ord146
ord98
ord134
ord110
ord15
ord91

mscms

InstallColorProfileW
GetColorProfileFromHandle
AssociateColorProfileWithDeviceW
CreateColorTransformA
GetColorDirectoryW
GetColorProfileElement
UninstallColorProfileW

comdlg32

GetSaveFileNameW

advapi32

IsTextUnicode

shell32

DragAcceptFiles

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1014/a1bc51a927820ad2328796b65ccd80f44d7d51287f9febd7f7dc4fb6d2a38167.bin
.exe windows x86

2e4b1188943b93d307a82cce11e357d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
ConnectNamedPipe
CreateEventW
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindCloseChangeNotification
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemTimeAsFileTime
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetConsoleDisplayMode
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetPriorityClass
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
lstrcmpW

gdi32

ExtTextOutW
GetTextColor
PolyTextOutA
RemoveFontResourceExA
SetBkColor

oleaut32

OleLoadPicturePath
SysStringLen
VarI4FromI1

rtm

MgmDeRegisterMProtocol
MgmGetMfe
RtmBlockConvertRoutesToStatic
RtmBlockSetRouteEnable

winmm

CloseDriver
PlaySound
midiOutGetDevCapsW
wod32Message

ws2_32

WSAGetQOSByName
WSAGetServiceClassNameByClassIdA
WSASocketA
WSCGetProviderPath
htons
inet_addr
listen

loadperf

LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA

winspool.drv

AddFormW
ConfigurePortA
DevQueryPrintEx
EXTDEVICEMODE
ord100
GetJobA
SetFormA

user32

BeginPaint
BringWindowToTop
CascadeWindows
CheckMenuItem
CheckMenuRadioItem
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyMenu
DialogBoxParamW
EndDialog
EndPaint
GetClientRect
GetCursorPos
GetDC
GetDlgItem
GetMenu
GetMenuState
GetSubMenu
GetSysColor
GetWindowLongW
GetWindowPlacement
GetWindowThreadProcessId
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadIconW
LoadMenuW
LoadStringA
LoadStringW
MessageBoxW
OpenIcon
PostMessageW
ReleaseDC
SendMessageW
SetForegroundWindow
SetMenuDefaultItem
SetRect
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
TileWindows
TrackPopupMenuEx
WinHelpW
wsprintfW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

Shell_NotifyIconW

comctl32

ord17

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 247B

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6234adb3779546e5c5049677f2807e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

loadperf

gdi32

crypt32

mapi32

wsnmp32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 6KB

7929e822cb087480fe3767ecd0026d3e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

msi

urlmon

winspool.drv

wsock32

wsnmp32

loadperf

oleaut32

shell32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 136B

4a650766a72f332cc6ab5c9a180866a1

Headers

DLL Characteristics

File Characteristics

Imports

imm32

resutils

rpcrt4

oleaut32

mswsock

msacm32

wsnmp32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 136B

.00cfg Size: 512B - Virtual size: 8B

.reloc Size: 512B - Virtual size: 252B

3a45ce41fbc6d362dd2f153d51234462

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

crypt32

advapi32

user32

shell32

iphlpapi

netapi32

rstrtmgr

bcrypt

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 136B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 136B

.00cfg
Size: 512B - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 252B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 78KB - Virtual size: 78KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 98KB