plugx[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

plugx.zip
Size

1.5MB
MD5

1b6dfabb30dafd6a8a5e4d9afe1c7317
SHA1

e295f0402d349d999f5c9539cfaf20fddb24d698
SHA256

9250660cbb79a033d53de8cf0540982cdd1addbc57f05c8a300eab86c6d1920c
SHA512

c65e31c593b671da0da69944537a81a87aaa08b7b4414ce2f0bf0a14372728710d863ace12b3b3916b67a582a5005d62e281ced968c65ffe60eb9f3f5e7f5fe3
SSDEEP

24576:cFKuD1SndvJa5WtYmXIwBLmz2o6Q8fj43IDW1lB0ZdnxYYqG0qoMkTedjIJDW1l+:cFHodv7tVIwBLo22gDW1lC36YuqoJRJR

Score

1^/10

Malware Config

Signatures

Files

plugx.zip
.zip
plugx/4094db927542c7b1d4a770d30231fcc34687a47058821001f4a46808692fcdba.bin
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugx/5a9468a87997f2363995e264505105f6a235b66543bb28635fb74f78704e9111.bin
.exe windows x86

c9b0729c5000411294ab98e0f2c40744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GetLocalTime
GlobalSize
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
ResetEvent
VirtualProtectEx
CreateThread
lstrcmpA
ExitThread
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
HeapAlloc
GetStringTypeW
GetSystemTimeAsFileTime
HeapCreate
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
DecodePointer
EncodePointer
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
QueueUserAPC
HeapSize
GetQueuedCompletionStatus
GetCurrentThread
TerminateThread
CreateIoCompletionPort
LocalReAlloc
PostQueuedCompletionStatus
LocalUnlock
LocalLock
LocalFree
LocalAlloc
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
LoadLibraryW
DisconnectNamedPipe
VirtualFreeEx
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
DeleteFileW
GetFileAttributesW
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
lstrcmpiW
GetCurrentProcessId
CreateProcessW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
lstrcpynA
Sleep

user32

wsprintfA
wsprintfW
GetSystemMetrics
CreateWindowExW
SetClipboardViewer
SetWindowLongW
ShowWindow
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SendMessageW
ChangeClipboardChain
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcW
GetForegroundWindow
PostMessageA
CloseWindowStation
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
keybd_event
mouse_event
SetCapture
WindowFromPoint
GetDesktopWindow
GetDC
LoadCursorW
DestroyIcon
GetIconInfo
MessageBoxW
ExitWindowsEx
GetKeyState
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
SetCursorPos

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RegOpenCurrentUser
RegEnumValueA
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
GetLengthSid
LookupAccountSidW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusExW
RegEnumKeyExW
RegCreateKeyExW
InitiateSystemShutdownA
DeleteService
QueryServiceStatusEx
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegOverridePredefKey
RevertToSelf
RegEnumValueW
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW
SHFileOperationW
ExtractIconExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord2
ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157

ws2_32

WSARecvFrom
closesocket
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugx/8df2949d77aff0ef84af7c2a892602e05d3518d85b87fa5ed56493199efd2143.bin
.exe windows x86

3c98c11017e670673be70ad841ea9c37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetVersionExW
GetFullPathNameA
GetFullPathNameW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
SetFileAttributesW
GetNumberFormatW
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
SetEnvironmentVariableW
OpenFileMappingW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
CompareStringW
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
FlushFileBuffers
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetLocaleInfoW

user32

GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
IsWindow
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
GetDlgItemTextW
TranslateMessage
DispatchMessageW
wvsprintfW
wvsprintfA
CharUpperA
CharToOemBuffA
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
CharUpperW
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
SendDlgItemMessageW
DestroyIcon
EndDialog
SetFocus
SetDlgItemTextW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
FindWindowExW
GetMessageW
SetWindowLongW

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

VariantInit

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugx/9aff1e12a1b447ca8ab3076f684716a859c906f9b2d0e870d59d0f06fc548d0d.bin
.exe windows x86

505288c5c829a707005acb00142afe9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
GetExitCodeThread
VirtualProtectEx
ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GetLocalTime
GlobalSize
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
ResetEvent
VirtualAlloc
CreateThread
lstrcmpA
ExitThread
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
HeapAlloc
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapCreate
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
SetLastError
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSetInformation
GetCommandLineA
QueueUserAPC
HeapSize
GetQueuedCompletionStatus
GetCurrentThread
TerminateThread
CreateIoCompletionPort
LocalReAlloc
PostQueuedCompletionStatus
LocalUnlock
LocalLock
LocalFree
LocalAlloc
DeleteFileW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
LoadLibraryW
VirtualFreeEx
VirtualAllocEx
DisconnectNamedPipe
GetModuleHandleA
WriteProcessMemory
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
lstrcmpiW
GetCurrentProcessId
CreateProcessW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
lstrcpynA
Sleep

user32

wsprintfA
wsprintfW
GetSystemMetrics
CreateWindowExW
SetClipboardViewer
SetWindowLongW
ShowWindow
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SendMessageW
ChangeClipboardChain
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcW
GetForegroundWindow
PostMessageA
CloseWindowStation
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
keybd_event
mouse_event
SetCapture
WindowFromPoint
GetDesktopWindow
GetDC
LoadCursorW
DestroyIcon
GetIconInfo
MessageBoxW
ExitWindowsEx
GetKeyState
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
SetCursorPos

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RegOpenCurrentUser
RegEnumValueA
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
GetLengthSid
LookupAccountSidW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusExW
RegEnumKeyExW
RegCreateKeyExW
InitiateSystemShutdownA
DeleteService
QueryServiceStatusEx
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegOverridePredefKey
RevertToSelf
RegEnumValueW
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW
SHFileOperationW
ExtractIconExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord2
ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157

ws2_32

WSARecvFrom
closesocket
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugx/a2a0ce67c239385c1ec1d5d29ff91a7daf91cf2b4368dc91d84dbb598becdc5d.bin
.exe windows x86

dfaead406601de199c10ac625c28af71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
VirtualProtect
SetErrorMode
OpenFileMappingW
SetFilePointer
SetEndOfFile
GetLocalTime
GlobalSize
GlobalUnlock
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
CopyFileW
lstrcpyW
QueryPerformanceFrequency
QueryPerformanceCounter
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
GetConsoleCP
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
RemoveDirectoryW
GetComputerNameW
ProcessIdToSessionId
ResetEvent
VirtualProtectEx
CreateThread
lstrcmpA
ExitThread
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
HeapAlloc
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapCreate
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
SetLastError
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSetInformation
GetCommandLineA
QueueUserAPC
HeapSize
GetQueuedCompletionStatus
GetCurrentThread
TerminateThread
CreateIoCompletionPort
LocalReAlloc
PostQueuedCompletionStatus
LocalUnlock
LocalLock
LocalFree
LocalAlloc
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
GetExitCodeThread
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
LoadLibraryW
DisconnectNamedPipe
VirtualFreeEx
ReadProcessMemory
OpenProcess
GetVersionExW
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
WriteFile
DeleteFileW
GetFileAttributesW
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
lstrcpyA
lstrcmpW
lstrcpynW
WaitForMultipleObjects
GetTickCount
CreateEventW
lstrcmpiW
GetCurrentProcessId
CreateProcessW
ExitProcess
GetCurrentProcess
TerminateProcess
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
WaitForSingleObject
SetEvent
GetProcAddress
LoadLibraryA
lstrcpynA
Sleep

user32

wsprintfA
wsprintfW
GetSystemMetrics
CreateWindowExW
SetClipboardViewer
SetWindowLongW
ShowWindow
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SendMessageW
ChangeClipboardChain
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcW
GetForegroundWindow
PostMessageA
CloseWindowStation
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
keybd_event
mouse_event
SetCapture
WindowFromPoint
GetDesktopWindow
GetDC
LoadCursorW
DestroyIcon
GetIconInfo
MessageBoxW
ExitWindowsEx
GetKeyState
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CloseDesktop
CreateDesktopW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
SetCursorPos

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RegOpenCurrentUser
RegEnumValueA
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
GetLengthSid
LookupAccountSidW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW
StartServiceW
ControlService
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusExW
RegEnumKeyExW
RegCreateKeyExW
InitiateSystemShutdownA
DeleteService
QueryServiceStatusEx
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegOverridePredefKey
RevertToSelf
RegEnumValueW
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW
SHFileOperationW
ExtractIconExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear

odbc32

ord2
ord136
ord43
ord13
ord127
ord18
ord61
ord111
ord9
ord141
ord75
ord24
ord171
ord31
ord157

ws2_32

WSARecvFrom
closesocket
setsockopt
WSAIoctl
WSASocketA
getsockname
bind
WSASendTo
WSACleanup
WSAGetLastError
WSAStartup

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugx/a8e2b38c576bf19f6b0bed69c85c2a64445337087257cf566388f7b0d6d583a3.bin
.exe windows x86

3c98c11017e670673be70ad841ea9c37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetVersionExW
GetFullPathNameA
GetFullPathNameW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
SetFileAttributesW
GetNumberFormatW
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
SetEnvironmentVariableW
OpenFileMappingW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
CompareStringW
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
FlushFileBuffers
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetLocaleInfoW

user32

GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
IsWindow
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
GetDlgItemTextW
TranslateMessage
DispatchMessageW
wvsprintfW
wvsprintfA
CharUpperA
CharToOemBuffA
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
CharUpperW
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
SendDlgItemMessageW
DestroyIcon
EndDialog
SetFocus
SetDlgItemTextW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
FindWindowExW
GetMessageW
SetWindowLongW

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

VariantInit

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugx/ac758e6ad91120d1c98248ed2582c1ab472d83ef354f9c4b2f62167a699565f2.bin
.exe windows x86

2824cf908e7442d0887ae967d3f43583

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualFree
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateEventW
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CloseHandle
OutputDebugStringA
GetOEMCP
GetLocalTime
SetLastError
VirtualAlloc
GetLastError
lstrlenW
MultiByteToWideChar
CreateFileW
WriteFile
lstrlenA
SetFilePointer
Sleep
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
HeapAlloc
RaiseException
HeapSize
ExitProcess
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
LoadLibraryW
RtlUnwind
GetCPInfo
GetACP
IsValidCodePage
IsProcessorFeaturePresent

user32

wsprintfW
wsprintfA

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 91KB - Virtual size: 91KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 6KB

c9b0729c5000411294ab98e0f2c40744

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 22KB - Virtual size: 50KB

.reloc Size: 16KB - Virtual size: 15KB

3c98c11017e670673be70ad841ea9c37

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 93KB

.CRT Size: 512B - Virtual size: 32B

.rsrc Size: 16KB - Virtual size: 16KB

505288c5c829a707005acb00142afe9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

odbc32

ws2_32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 22KB - Virtual size: 50KB

.reloc Size: 15KB - Virtual size: 15KB

dfaead406601de199c10ac625c28af71

Headers

DLL Characteristics

File Characteristics

Imports

CODE
Size: 91KB - Virtual size: 91KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 6KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 50KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 93KB

.CRT
Size: 512B - Virtual size: 32B

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 50KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 22KB - Virtual size: 50KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 93KB

.CRT
Size: 512B - Virtual size: 32B

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 109KB - Virtual size: 112KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 5KB - Virtual size: 4KB