1948f937592d1037851d68b394bc35f1[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1948f937592d1037851d68b394bc35f1.bin
Size

378KB
MD5

0b840cbea8b7862ace34e0d311a8bafe
SHA1

350c67702147863f455663fa7fddfad5bbf1b60b
SHA256

25d254ff11427f2cf6f269865208b0222ca47b9eb229df8a80a00a4ec804a392
SHA512

360f81ce56b86c7ee65d6db3c2fa09d19ba70d4361085dc966a34bbe6413273793ba0f0486f23b9d13f8f8135ee89622f64c0b7c52bec64f030058c31ee92207
SSDEEP

6144:B4sBO0YmAqPyuMP3UwMvIDAKTFshUwsH2e4Hzszs9t//0037h50BTVswRxrsz6xA:B4spYmhM7DAKKhUnUTsit/cySMz18F/S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/06864a9cd9890f3c1aad6bdc5dfbfb799e68f5f90a99b6146ca70850d0a249a1.dll

Files

1948f937592d1037851d68b394bc35f1.bin
.zip

Password: infected
06864a9cd9890f3c1aad6bdc5dfbfb799e68f5f90a99b6146ca70850d0a249a1.dll
.dll regsvr32 windows x86

Password: infected

85827d535df1600f010d49acac67148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Draw
InitCommonControlsEx
ord6
ord8
ImageList_LoadImageA
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shlwapi

StrChrA
StrRetToBufA

kernel32

SizeofResource
lstrcmpA
lstrcmpiA
lstrcpynW
lstrlenW
IsDBCSLeadByte
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitOnceExecuteOnce
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TerminateProcess
LoadLibraryExA
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
HeapSize
HeapReAlloc
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
VirtualQuery
VirtualProtect
GetSystemInfo
SetThreadStackGuarantee
IsDebuggerPresent
EncodePointer
RtlUnwind
DecodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetProcessHeap
HeapFree
HeapAlloc
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
CreateThread
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WideCharToMultiByte
MultiByteToWideChar
lstrcpyA
FindResourceA
lstrlenA
lstrcpynA
MulDiv
LockResource
LoadResource
GetVersionExA
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
LCMapStringEx
FlsFree

user32

FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
MessageBeep
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetForegroundWindow
DrawTextA
SetMenuDefaultItem
TrackPopupMenuEx
RemoveMenu
FrameRect
SetRectEmpty
InflateRect
OffsetRect
PtInRect
GetClassNameA
ModifyMenuA
AppendMenuA
GetSubMenu
LoadMenuA
GetSystemMetrics
TranslateAcceleratorA
LoadAcceleratorsA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
IsWindowEnabled
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextA
CharLowerA
CallNextHookEx
CallWindowProcA
PostQuitMessage
DefWindowProcA
GetMessagePos
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
DrawFrameControl
DrawEdge
RegisterWindowMessageA
wvsprintfA
LoadStringW
TrackPopupMenu
CreatePopupMenu
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
GetParent
SetWindowLongA
GetWindowLongA
SetRect
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
MessageBoxA
GetWindowRect
GetClientRect
InvalidateRect
UpdateWindow
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
DestroyMenu
SetMenu
GetMenu
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassExA
PostThreadMessageA
PostMessageA
SendMessageA
LoadStringA
SystemParametersInfoA
IsWindow
WindowFromPoint
UnregisterClassA

gdi32

DeleteDC
CreatePatternBrush
PatBlt
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
MoveToEx
SetWindowOrgEx
OffsetWindowOrgEx
SetBrushOrgEx
CreatePen
CreateFontIndirectA
CreateCompatibleDC
DeleteObject
GetStockObject
GetObjectA
BitBlt
CreateBitmap
LineTo
CreateCompatibleBitmap

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey

shell32

SHGetFileInfoA
ShellExecuteExA
ShellAboutA
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize

oleaut32

VarUI4FromStr

Exports

Exports

AAhFMm
AAujdv
AAzOEnP
ABbMwjbxVBskjxsMxcLiL
ACARPOFWhYMAnRKerxlkNzkycN
ACBLotpMvoIjNThLiSpHvI
ACDFPXpaiCAzQeRWnnay
ACGuMWTkNIbb
ACLKbUSCHLbKNYWTHpn
ACOHXkMwSGSKafUMz
ACXjFMZYKwEe
ACeuVSYTRCMe
ACkPkMuguMzPaaalCwZHqlHtnz
ADAgsXqbTeDJEWucFp
ADFyJcxqsOiYOUiBhNWun
ADJIZqFauPgAiwpXhPEXbMq
ADKABaNRhdilZqJKON
ADLxvTQuKaX
ADTEFvuZNsXAUN
ADucRhrBgtZRVvKoSEBZeu
AEPRWBEyaZheyFRrBdYMeAeDy
AERMsYjINnYDxVGCwyQnLjD
AETzMT
AEjQYlbIyEyVkpyfXAXfmKE
AEkBvCrCsDvrRpDzlqMEe
AErTrvidXemgX
AFEACEdNan
AFIiUdAspSlQmUAEyEqBFDilVz
AFKHYYBcPwuPtTLAmmvZJQzq
AFKWWXgfpTvbbFRGPsyooxc
AFOEzvXdJLXTSnpbxmxh
AFTPuaIvCdEKmL
AFeFMLfOx
AFhDzHiarqVMTUGr
AFqDLONUCjqA
AFsyvLtKRAzTtgMbKgfwU
AGCCganEBRd
AGQXknMLYrQrve
AGXLMmIMVPvRCS
AGiqGIoPJ
AGkYfN
AHLcSScJxNmi
AHTOBYMKHyfg
AHcTiqEIkqkcODR
AHgchZxxZrXZiCfSepyPjIfqD
AHhaSwGJwOIrbh
AHnHRNYGOGQvyyAtJBZlaoDxm
AHoEfrCWAPDRXhdaZVNsvbDVV
AHuJmH
AHufZiQyd
AIBsrUslnlztaHquNxiakQB
AIRGrraAkhlZu
AIiRQleBoayXM
AIkzRZSrUmsOWooatfDToel
AIxbTltponIglGKcfmpJCK
AIzMrryLJHVnv
AJBVxndUaCnwXr
AJFmhfhhoawfqQNFYeDQDgFSK
AJHEPSJmniShOQk
AJHTMJsbDXhbUEuafzWWnyT
AJHwIlr
AJuCpsVeguwMoohLYTLYkFpqF
AKCaUBTLrtHsGshwlNb
AKIgMpbrbaEPcsPXf
AKJJYhqWFa
AKLAtyfjswpYFoLXMpsHfqAl
AKqYOhyMjwRjW
AKyZPuXH
ALEoFFKDWVSKvjHXnrkDRROM
ALQJuzi
ALTWhKQmRXHvqlzbsj
ALUIpmvTqIvLUNBBkPByQaEVCr
ALgLiEiHUIIYU
ALpnwYx
ALsHQUm
AMWLfPMhGrduTm
AMepxbFEbumuxGIKK
AMfNkz
AMqfhBigQzduaLmvqzb
AMuioqRKupGqaIg
ANEbIGZDrcqbwxsrxuQQ
ANFLopUVGkShHvyLGizBGsVNF
ANIaIwUACnPuigaASayPs
ANSyeDZXlICVoIAIEVJGo
ANfbegVBdlvoDSqrbNdTuEOP
ANkNPxYjGKeCNMITRUWrI
ANvndSqYUVEWeicUsQRUdrs
AOEFhnxkZbiHGB
AOadLSXLeK
AOfynvqgFx
AOmIbtwIrUeHi
AOnbcsRTlrfzcDFNQ
AOpWCBBs
APBeHmwqyMTwdDoOszgsm
APLgjkXHsVOHoPd
APZiTLThVzyQbPxCql
APZoBmpDKlELnixFirQN
APlFQrZlPFpWG
APmcyihKZHJY
APqUPXpJlVBTxTlYdCpe
AQYkxlsTgdWca
AQouThFJAcwRinEoVZs
AQowEsu
AQtNAAQziopSnDCQlX
ARBWEfGg
ARGLvZFXUnBGWJZNkvkrRcajh
AROBpqoADVtnFgRUtcWQiCYy
AROWaM
ARXhCHrcov
ARmbdpNTKtKXqNVQrGcWrbs
ARnEMOKAE
ARqWEZiJbPvzVWHdqqB
ASAjBSeIGKPbYkATCdtexfWSy
ASdSPSyDvKdGckHpAJEK
ASkVxw
ATCIhpYaPvDriEdcHPZkZrQ
ATGWUlpmxbbyd
ATHoVtxkuzUgwQnP
ATVUrmhgHSvtAzNkOphDYuQHe
ATWerSQWmcZTgeTZTwxfy
ATeLBgXyY
ATenWHdRUFFaW
AThAcREjzYVFyVJxtyIuq
ATtaTBpRPLuuuLLmnhsXmMH
AUYVhgWMQ
AUgbdUpSdjyWkIKPWcS
AUyfNkDBJWEuYQZYHwp
AVFCRATdZZvepDYsXUlHlEE
AVJXAchUaTcHH
AVsXSPAvcmKqIU
AWCLDZBVK
AWNXSlpxIQQBBRWjOZWVM
AWUDKwzuIUixBSOGWxH
AWVjysy
AWccFwtNQXnAJx
AWgLlYlpqV
AWgdjMZPIoEAJiMEHM
AWwfwuYv
AXMRRVVfafiImZMlDMe
AXXbpV
AXYUcDzjv
AXiJLhVSYn
AXrRfhGmvuRaBngpREQnSyCrtk
AYDYYy
AYDgYHEYJeq
AYpAPmOXicmrZn
AYteslABUUVpk
AYyCkhfHlvvUKXKmPz
AZHjNEeJkWktDJkNoGIMoXtr
AZRWKyeDZzXtjDavIzZSbhIN
AZbNUgnuOmfsVJSELeQKMw
AZdONZmpIljZgtFvwQoIfIfikj
AZmKjjVd
AZpzqXEWIbZllbhTHVBMHYuAHQ
AZuWxhOJaKPNIVwudWiTFv
AZvBhXlAzYdW
AaCDgCusD
AaKTqfJw
AaRjKkNHwsOJRuxfzjuQUejY
AakplCZxLzqJfLrRZPflXZHnZL
AazsxObYADWVOj
AbBRGRT
AbCoBgoUXpRlsiw
AbHPmqVYGMzoIqVSqs
AbKokxoHuxgynHtteYNLPM
AbTgREBtmnmz
AbbHBluRAhd
AbdEwvDFvDveOVypz
AbjrPVsLjwlnENwo
AbjulXGtdwYrJLF
AbpSdJCUFRfGaOdEiW
AbrsoqLPMlnKffCiN
AcEzzKhXvLalZA
AcNzHmRJVIsIBJcxmB
AcUhWqmZHxWIvPAKKapMJj
AcVZmlUqK
AcjoKPrV
AcvEUNaic
AdKePSFXHulnfxf
AdSZhzXu
AdaSheCvbp
AdevpmUlDPPIGzYrt
AdiCPmdFcGMEGaPsHTFDYjvc
AdiVZZftTmzVu
AdqnzwNpzgc
AdxzlVE
AdybRh
AeBNLen
AeYvPXmJjPSSeqGEvONKgI
AeabXGZnopInMGhZsEun
AekJkVFUAuxVLVFDuhFDCAhRge
AetYQTTN
AewSdKfZFKZkgvPBdPepucEro
AfDjlcaONOVOqeIUHifgunFZM
AfIsvHipCsUyZyVHXJUQMqHAm
AfKzEtNWSqY
AfLlsztXqXAKYPGD
AfPfmMkBUHLqbBtMXLEVhktRyF
AfaVUlXheVjkouytBEncGPSc
AfhNsqp
AfjvlhgDjDVYvHATLiwqsWIbAL
AfrgxhrcHFAoR
AfseIbazgzeiHMeoD
AfwULvIPgbYzWByBkGDB
AgCOirWaaZUJxpi
AgebfMEcKZPHYoosFWQ
AgtFKWjKRcqJfGNIDiGpcWyuRA
AguEvEemkjbkPWbTnvDHhzDDr
AhIADMfjGOQf
AhOzfT
AhgRMWowFGCEhqxnTbSDQ
AhlCXCIZjnWNs
AhuTYA
AiRnonfRKCKXnKqMsGJNVut
AiRtpzvyo
AiqPIlKdmfrPWQrQE
AjBKkcFXiUUoRck
AjVYekpIvhfY
AjVqaS
AjcWMHZJIfNbPDJdN
AjeKvDYDD
AjglijBuUzLrYWvbeKtF
AkAGndOFkt
AkWCylpl
AkgTChWnXnpc
AkiCDJUHLaaKVf
AlMwFLYnTRsKKW
AlWschvaXAJhXmUNWZHVhk
Alglwjl
AlkTNWTdzNqTdZNaNzDFg
AmEeXnmSOzoW
AmPUtJEpQPzQyvV
AmfafFVRUFdfiUBslioASQatYd
AmlSFe
AmpEgpqVNzmApbo
AnBlkdTpCpzmgnwza
AnMPzoh
AnMVSLthZgLOCirANgJADwO
AnSPeOkBpiukjnsry
AnUuDHykSbbhQCUZBQAaRpfYd
AnphgmmUEybuD
AoCGPtSdHAXMkL
AoPCYwLn
AoRcZC
AoSEhQGbcyWvDxCQxds
AoSFPfqpQhlWfpqfOdgPBXF
AoasfjAV
AodwglIEUHSIa
AojOGuU
AokuETGMTaZGSLmkjlPpdnMPa
AoqKdkNAdyVVGPUhfYx
AoxCBv
ApMDPgbxRArgln
ApOnwHIuyq
AprxJKVybtIDTHcISS
AqAkgKjehPV
AqriQXUfkqrqaL
ArCTqHARhEYVCnPwESa
ArDAHLCdKPxuMKEiultibNpQm
ArEFTWmM
ArJKfROqIhtLrhrh
ArJQiHYuZANHkqIebA
ArjpDUesIjKWssFESLrnXq
ArzXTXEmQYUFwryMM
AsJRSiQaMBMReHclp
AsQduUzuYTQTHAcQhspgcuA
AsXeeuVszZfGtrEtO
AsZjaEIiLxcvKzQfSkMmkEeb
AsmCZIrKqpJCAuvTCfj
AswicxNiwdF
AtFNsGKcBpNxTmgpw
AtFpZPUZWXDbaJg
AtMkDE
AtVlfXhAnHklVEnYLftiO
AtZvDnstGbEQCCHJctlFgHI
AtbikgINzoDqBeXnRpPmbTM
AtfZeLKcQuXHsjK
AtfdnkLRVNpHY
AtgkQtzkfsXS
AtjJgNmrexJlAVT
AtmLuo
AtysTbsNOnpaLmCJhbbVw
AtzCFsE
AuFycXgwGNSjlKKXToT
AuIExUMwADrGiSE
AuLsGKopzBnecbIycXqfUzleuU
AuQUjREnzNWV
AuYdbsUydNiCvwI
AuZnXbHEMmllgKAPBbw
AuiWeCjRY
AulILIL
AuoAqoLbDwzkeH
AvJKemn
AvNijjLkTevkOzt
AvOhnVzSZKofVqcELBEsanezU
AvOmdhc
AvRdQxyUCTOhakQTEMM
AvfEJXCdlFBZY
AvmErlyljCFr
AvrwTXfKPqZxoHHP
AwDmRtIAOCqdCPd
AwENJRqKQYOFHWjtdYrvyRGhP
AwKNxHBvSO
AwnFVZiddLMLq
AxBunMpOwMfZjmvhz
AxDNui
AxEvvNXHLftEOGZyBZf
AxHmSJjGrlMSmuWSg
AxKvkEibjHbsbdDWKerAQ
AxborxlcWAKgFIxT
AxdmRnJ
AxeJupenRA
AxnpfmxAPcgkCzQKvuEGglUIo
AyCPGvuHmLNzLcHQAUTVxX
AyNFQfSxqX
AydmUvNFgWHUWsjFSnGcH
AygHHyvDAZezpy
AyqazXpU
AyqxUDxQgjgJzrCMGhf
AysFaDKUNyOHDUHZS
AzGQseHXqLGpwyKFqKv
AzHYfjiGFr
AzTIqKSRrVVEIupF
AzVQTwbSuqAXvY
AzwbGlitaYHbbCRQgZKPiz
AzzOcIYkHwoBMUwgP
AzzjqXwZzWMMHkzHtWFfQV
BAFXzMwjNa
BAJAeFncL
BATeVgocabaTZjvksgxDSB
BAiYjXkdfnNMjFerUuksNTkWN
BAmoypGmkfwIEPrdSaZlKmNtpc
BAtLzXqBXFJ
BBJsWOaV
BBXNhzBGdsz
BBfmlCB
BBmfvpLzktqoixpqp
BBuwsQrMxH
BBxBUyTaJwWctOphbzGgn
BCEJEiRI
BCFTxUcjYSVVThtM
BCPqiyEC
BCRRFCQaBGPCbK
BChQcqsyPnO
BCjPSHRkI
BCocOLHEzqbQRWtYriqhIM
BCqgroxL
BDHfafvxZAZsAgkBSpOz
BDHfjEQdJ
BDNzxs
BDtLwwvOXsOs
BEavYPqSdAhrc
BEkwLIxE
BElYfqW
BEoMSqmp
BEtAhQsIpsXb
BEwxuHkbOlkVS
BFBWIQdQbfMabjB
BFCVIJWiIVcuNDBclifJgN
BFHagY
BFNhMceSu
BFSESDYabwjlXbALylBj
BFUCAXnbkbeUfnqNvhtCYxf
BFnmFoOyBBSUcjlrTlLfssJfsj
BFqpqoukoZIHzIexi
BGQovIjFmb
BGdMouFuTSkIpSbHBa
BGkqEEb
BHIwbFxUwT
BHQRCKuN
BHhcVVfbfgvIDFyeu
BHnEAhkF
BHpIjKWiiQGnqd
BIYKrv
BIYtkGIZsdndLJobLsn
BIcdcBpn
BIvlSOgrkJFxe
BJEDioEXUwlkLFxw
BJInQzsELaGWVZYXJH
BJOOFFLapljwl
BJPyeDTigTbpEioCDQGauoap
BJYcCBBpRVMR
BJrdmgDRAjNZ
BJtFgwJbyNyjrKlNoYqwOroNom
BKQfKTBCpjxmoPKYeCre
BKYbMWjcsyVrbgBuCQrKHUxu
BKgKHHRVDNHXE
BKuyDu
BKvJjXTy
BLFViTvrnfUkZkqOI
BLTJmBmabj
BLhFTEeQ
BLmYdHrzG
BMDiAby
BMJUzxErUpuRSy
BMLcpdTHAgPnZllUfJivJscgM
BMORkshZkajRYlxZdoPItW
BMXkPUeCZGCnciQvSTMCH
BNLpeIXhO
BNlDWXmvyc
BNoXbLwTyGqYOqbpPgYb
BNvUUfoCTBxJJmhhxkExps
BNxuAkhygsVR
BOSqVjEpNXTnyBEx
BOUkWY
BOdLPxmNw
BOhBMDod
BOqrvSHvpWwwUf
BOyvRTgdo
BPQsaTcVpkuwEHixmoMW
BPQutZzmucuOPfAtFHCdnfz
BPjxUaQv
BPrzyugULUChNRkLqD
BQFrHMnHgXPNiuXizjWLAuTaoa
BQHPKwtrHHMzvwojypkaCJXZDL
BQeUrSMndbd
BQiEmni
BQjRhbeNeeHcLGIvhIQalkQdo
BQluwKGVdnzb
BQraSKSvrhqLnAwAREduYHo
BRAFUkz
BRBDMuycfwgfEsYjJC
BREZTugpxSsjJqG
BRGapftwIFwheWGlOOlRMGdNn
BRKEfQ
BRShLuNiLCbXoaeBoE
BRXkCMHcnXLiJsCCUFytQpZ
BRbPxzaKwNHNSqISXnnOyBlzBm
BRerUvfgvUfuWDpYDanKOEvZ
BRquvCSfLSzpwuisvxhOtFVl
BRyHYGEjPIZM
BSBxbrRsdLkkVEUMZWFmsgxD
BSFNZRbn
BSgVIcWfHkkqsPlA
BStaPYV
BTDchKAOKeYYNOnJNH
BTDeOiJR
BTOBZPljbqORpnitmrwhkirDJ
BTPVkuZFppwep
BTdCNjjibHnMecDPnfngtQ
BThJMSazyqeyxwxUxrzjAI
BTiiFEjfJLCIHkUrYUwLJOIDP
BTqJmLsIPJJM
BTzwGvOMGFTDmMgZvNwctx
BUWcRClooCDtHrEoQi
BUleZib
BVAvQquPxCoUapvYWCqAE
BVSyauejuGBjOtV
BVaiMFHlqavyC
BVoxFnOGTfYMpNDnxZF
BVqpHSgWWgXuB
BWIOgZlaXfuMZVlChyA
BWMkxgKCUeItHUuPQICmU
BWhVmEvAKiKvwNUgczMpCmUA
BWqLyJSnm
BWrawnt
BWxyMululldzLE
BXIUhGIWjGWojXtYGfeWnrhF
BXMnjhRHoqIlImv
BXTTwkdsZszWVIsaFNaIMRQWH
BXVClIfE
BXXpmcRXXGfrAcW
BXqKcsiHroSLAPJHmeq
BYSEwqNgolf
BYSrBYfvuqAc
BYVaiTGbabyGwSLlyZ
BYnbyVEYf
BYqfxQuetodWsex
BZMPFgSlDGmon
BZNoHletfheTV
BZSZOod
BZTpavN
BZWmFlIGWQUFtNCD
BZjSqENhpNdRxIk
BZrdYGUAI
BaaFkDCu
BajqnTWenqI
BavZesEHzkDHBxbVvtQr
BbExCLBmxdGxPl
BbJWoSpagFKEQhExVY
BbLZaegJVSLhXyiF
BbSrWCTmW
BbeRgoiNyeWa
BbsDRmadEhitdxyN
BbuoZHaHPX
BcCwrXBNXnyDJNdvKVLw
BcInHwOkPoSDOuRtsdxg
BcbXeSSkKbSQnA
BceLbNvuTEPzqYgkLuXpOZ
BdBjvvnKwrdfIMfYQP
BdDhmdPginaOnGvUmUhxdsj
BdFFksDEiMrDrmIGvweuZFjFng
BdHSWnXDkMmuKhCSFnJkmIe
BdTaFpiEfSbOciutNhB
BeGzjYuazbfNxwIA
BeNBzgUxnFfBjOOzbFFW
BeRnRXbqiPhAbXOBZU
BeRsIoYBsG
BeSewpdYYtHoQMmPUUKPyf
BeSiYCgInubKovXDHo

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

85827d535df1600f010d49acac67148b

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 463KB - Virtual size: 463KB

.data Size: 59KB - Virtual size: 66KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 463KB - Virtual size: 463KB

.data
Size: 59KB - Virtual size: 66KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 11KB