請求書-Roderick[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

請求書-Roderick.zip
Size

191KB
MD5

f3fd8432bd1ff2b373109b3ffc39cf6e
SHA1

1c0969759bf97ee7b5ef246239f9e18f2cf70f7b
SHA256

30795a87e95ccdb4a5045215607c9a4c53e6061d9c6b893beaaccd614025b116
SHA512

fbd308948724294278c5b0996f4f22636fba72b489000f5ba791dddc5670678c055b17c30778c11d872c8f44e35287c4c74ebdbb3c4e97c22c1dc7ce281ae16b
SSDEEP

3072:nF82mrnPNnW0Z3lXCwPhaV58bI9Zi+K3OQd+D9+22Cep5og+tnGA+BIUus0bJUxw:nFezlPhCwJaV58bIpIAY22Cep5gtnGAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Res/TVPSkin.dll
unpack001/Res/hskin.dll
unpack001/Res/tvp.exe

Files

請求書-Roderick.zip
.zip
Invoices.lnk
.lnk
Res/Settings.ini
Res/TVPSkin.dll
.dll windows x86

d8c83f438c19539f6737a1cfcb85a8f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5290
ord5277
ord3402
ord609
ord556
ord567
ord809
ord4275
ord2405
ord2859
ord4284
ord2379
ord2864
ord2122
ord6358
ord1088
ord4407
ord3797
ord3721
ord795
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2754
ord6194
ord6021
ord5785
ord6197
ord3089
ord5981
ord6453
ord686
ord696
ord699
ord384
ord394
ord397
ord2860
ord2408
ord5590
ord5593
ord4185
ord5781
ord2841
ord2448
ord2863
ord537
ord2450
ord2566
ord2753
ord6605
ord4277
ord4129
ord2763
ord1168
ord2867
ord816
ord562
ord2567
ord2044
ord2107
ord1641
ord5450
ord5834
ord5440
ord6383
ord6394
ord2575
ord6663
ord941
ord5683
ord6283
ord6282
ord2764
ord6778
ord922
ord5710
ord940
ord4234
ord3701
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord500
ord326
ord772
ord324
ord325
ord4710
ord3873
ord2642
ord5860
ord6241
ord2818
ord924
ord6880
ord4774
ord4538
ord6142
ord2243
ord4400
ord3630
ord682
ord2380
ord3754
ord3753
ord613
ord289
ord3370
ord2582
ord4402
ord3640
ord693
ord4243
ord2116
ord6242
ord6696
ord2714
ord3092
ord6320
ord4694
ord5148
ord3293
ord4133
ord5788
ord4297
ord472
ord283
ord1253
ord342
ord1182
ord860
ord800
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord4299
ord470
ord323
ord1640
ord6157
ord6648
ord926
ord939
ord5875
ord6172
ord640
ord755
ord535
ord6199
ord858
ord2414
ord3663
ord3626
ord825
ord923
ord540
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord3619
ord823
ord3571

msvcrt

_ftol
sprintf
atoi
atol
ceil
__dllonexit
__CxxFrameHandler
_onexit
_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv

kernel32

CreateFileA
GetFileSize
ReadFile
CloseHandle
GlobalReAlloc
GetModuleFileNameA
GetFullPathNameA
GlobalAlloc
GlobalLock
lstrlenA
GlobalUnlock
GlobalFree
GetPrivateProfileStringA
GetCurrentThreadId
GetVersionExA
lstrcpyA

user32

AdjustWindowRectEx
FillRect
SetRect
LoadImageA
SetWindowRgn
GetSystemMetrics
UpdateWindow
SetMenuItemInfoA
GetSubMenu
GetSysColor
GetDC
GetKeyState
PostMessageA
GrayStringA
CallWindowProcA
DrawFocusRect
PtInRect
GetActiveWindow
GetParent
GetCapture
SetCapture
ClientToScreen
WindowFromPoint
ReleaseCapture
GetWindowLongA
SendMessageA
ReleaseDC
DrawTextA
KillTimer
GetClientRect
SetTimer
InvalidateRect
EnableWindow
IsWindowVisible
GetWindowRect
GetClassNameA
GetPropA
GetForegroundWindow
SetPropA
SetWindowLongA
RemovePropA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromDC
CopyRect
GetCursorPos
OffsetRect
GetMenuItemCount
TabbedTextOutA
GetMenuItemInfoA

gdi32

GetMapMode
CreateCompatibleBitmap
LPtoDP
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DPtoLP
GetTextExtentPoint32A
DeleteObject
CreateSolidBrush
DeleteDC
CombineRgn
ExtCreateRegion
CreateDIBSection
LineTo
Rectangle
GetBkColor
BitBlt
CreateCompatibleDC
SelectObject
StretchBlt
GetStockObject
CreateFontA
CreateFontIndirectA
GetObjectA

comctl32

FlatSB_EnableScrollBar
ord8
ImageList_Draw
ImageList_DrawEx
InitializeFlatSB

ole32

CreateStreamOnHGlobal

olepro32

ord251

Exports

Exports

??0CSkinDialog@@QAE@IPAVCWnd@@@Z
??0CSkinDialog@@QAE@PBDPAVCWnd@@@Z
??0CSkinDialog@@QAE@XZ
??0CSkinListCtrl@@QAE@XZ
??1CSkinDialog@@UAE@XZ
??1CSkinListCtrl@@UAE@XZ
??_7CSkinDialog@@6B@
??_7CSkinListCtrl@@6B@
?AssignValues@CSkinDialog@@IAEXXZ
?ButtonPressed@CSkinDialog@@UAEXVCString@@@Z
?ChangeProgress@CSkinDialog@@QAEXH@Z
?ChangeTrack@CSkinDialog@@UAEXHII@Z
?ClickText@CSkinDialog@@UAEXH@Z
?EnableHighlighting@CSkinListCtrl@@QAEXPAUHWND__@@H_N@Z
?FreeListCtrlSkin@CSkinListCtrl@@QAEXXZ
?FreeMainwnd@CSkinDialog@@QAEXXZ
?FreeMenuSkin@CSkinDialog@@QAEXXZ
?FreePLwnd@CSkinDialog@@QAEXXZ
?GetButtonCheck@CSkinDialog@@QAEHPBD@Z
?GetDisplayText@CSkinDialog@@QAEPADPBD@Z
?GetHSBarHeight@CSkinListCtrl@@QAEHXZ
?GetMessageMap@CSkinDialog@@MBEPBUAFX_MSGMAP@@XZ
?GetMessageMap@CSkinListCtrl@@MBEPBUAFX_MSGMAP@@XZ
?GetPLBottomHeight@CSkinDialog@@QAEHXZ
?GetPLTopHeight@CSkinDialog@@QAEHXZ
?GetPos@CSkinDialog@@QAEHPBD@Z
?GetProgressPos@CSkinDialog@@QAEHPBD@Z
?GetRGN@CSkinDialog@@QAEPAVCRgn@@XZ
?GetTrackBarPos@CSkinDialog@@QAEHPBD@Z
?GetVSBarWidth@CSkinListCtrl@@QAEHXZ
?Init@CSkinListCtrl@@QAEXXZ
?IsHotItem@CSkinListCtrl@@QAEHPAUHWND__@@@Z
?IsRowHighlighted@CSkinListCtrl@@QAE_NPAUHWND__@@H@Z
?IsRowSelected@CSkinListCtrl@@QAE_NPAUHWND__@@H@Z
?LeftButtonDown@CSkinDialog@@UAEXVCString@@HH@Z
?LoadBitmapA@CSkinDialog@@IAEXPBDPAVCBitmap@@@Z
?LoadListCtrlSkin@CSkinListCtrl@@QAEHPBD0PAVCWnd@@@Z
?LoadMainwndSkin@CSkinDialog@@QAEHPBD0PAVCWnd@@@Z
?LoadMenuSkin@CSkinDialog@@QAEHPAVCMenu@@H@Z
?LoadPLwndSkin@CSkinDialog@@QAEHPBD0PAVCWnd@@@Z
?MouseMoved@CSkinDialog@@UAEXVCString@@HH@Z
?OnCustomDrawList@CSkinListCtrl@@IAEXPAUtagNMHDR@@PAJ@Z
?OnDrawItem@CSkinDialog@@IAEXHPAUtagDRAWITEMSTRUCT@@@Z
?OnEndtrackSkinList@CSkinDialog@@IAEXPAUtagNMHDR@@PAJ@Z
?OnEraseBkgnd@CSkinDialog@@IAEHPAVCDC@@@Z
?OnEraseBkgnd@CSkinListCtrl@@IAEHPAVCDC@@@Z
?OnInitDialog@CSkinDialog@@MAEHXZ
?OnKeyDown@CSkinListCtrl@@IAEXIII@Z
?OnKeyUp@CSkinListCtrl@@IAEXIII@Z
?OnLButtonDown@CSkinDialog@@IAEXIVCPoint@@@Z
?OnMeasureItem@CSkinDialog@@IAEXHPAUtagMEASUREITEMSTRUCT@@@Z
?OnMouseMove@CSkinDialog@@IAEXIVCPoint@@@Z
?OnMouseWheel@CSkinListCtrl@@IAEHIFVCPoint@@@Z
?OnNcCalcSize@CSkinListCtrl@@IAEXHPAUtagNCCALCSIZE_PARAMS@@@Z
?OnPaint@CSkinDialog@@IAEXXZ
?OnPaint@CSkinListCtrl@@IAEXXZ
?OnRButtonDown@CSkinDialog@@IAEXIVCPoint@@@Z
?OnSize@CSkinDialog@@IAEXIHH@Z
?OnSize@CSkinListCtrl@@IAEXIHH@Z
?PositionScrollBars@CSkinListCtrl@@QAEXXZ
?PreSubclassWindow@CSkinListCtrl@@MAEXXZ
?PreTranslateMessage@CSkinListCtrl@@UAEHPAUtagMSG@@@Z
?PressButton@CSkinDialog@@UAEXH@Z
?ProgresChanged@CSkinDialog@@UAEXVCString@@@Z
?ReadButtonSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadLEDStaticSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadListCtrlSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadProgressSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadResizePic@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadSpectrumSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadTextSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?ReadTrackBarSkin@CSkinDialog@@QAEXPAVCIniFile@@PAVCWnd@@@Z
?SetButtonCheck@CSkinDialog@@QAEHPBDH@Z
?SetButtonEnable@CSkinDialog@@QAEHPBDH@Z
?SetButtonToolTip@CSkinDialog@@QAEHPBD0@Z
?SetPageSize@CSkinDialog@@QAEXPBDH@Z
?SetPos@CSkinDialog@@QAEXPBDH@Z
?SetProgressPos@CSkinDialog@@QAEHPBDH@Z
?SetProgressToolTip@CSkinDialog@@QAEHPBD0@Z
?SetRange@CSkinDialog@@QAEXPBDHH@Z
?SetText@CSkinDialog@@QAEHPBD0@Z
?SetTextToolTip@CSkinDialog@@QAEHPBD0@Z
?SetTrackBarPos@CSkinDialog@@QAEHPBDH@Z
?Setup@CSkinDialog@@MAEXAAVCBitmap@@@Z
?SptSetGraphType@CSkinDialog@@QAEXH@Z
?SptSetNumberOfStep@CSkinDialog@@QAEXH@Z
?SptSetYRange@CSkinDialog@@QAEXHH@Z
?SptUpdate@CSkinDialog@@QAEXHPAN@Z
?TextClicked@CSkinDialog@@UAEXVCString@@@Z
?TrackChange@CSkinDialog@@UAEXVCString@@II@Z
?_GetBaseMessageMap@CSkinDialog@@KGPBUAFX_MSGMAP@@XZ
?_GetBaseMessageMap@CSkinListCtrl@@KGPBUAFX_MSGMAP@@XZ
?_messageEntries@CSkinDialog@@0QBUAFX_MSGMAP_ENTRY@@B
?_messageEntries@CSkinListCtrl@@0QBUAFX_MSGMAP_ENTRY@@B
?messageMap@CSkinDialog@@1UAFX_MSGMAP@@B
?messageMap@CSkinListCtrl@@1UAFX_MSGMAP@@B

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/hskin.dll
.dll windows x86

68602e120c3f7eee5e17c2c66749c0b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
RaiseException
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetCommandLineA
HeapAlloc
HeapFree
GetPrivateProfileSectionNamesA
GetVersionExA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleHandleA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateFileMappingA
GetLastError
FlushFileBuffers
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetModuleFileNameA
lstrcmpiA
GetCurrentThreadId
lstrcmpA
lstrcpyA
GetPrivateProfileIntA
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
MulDiv
GetStartupInfoA
lstrlenA

user32

DrawIconEx
GetMenuStringA
WindowFromDC
GetWindowLongW
GetPropA
GetWindowRgn
SetActiveWindow
GetSubMenu
TrackPopupMenuEx
GetClassLongA
SetClassLongA
ShowWindow
ClientToScreen
IsZoomed
GetWindowDC
IsIconic
CallWindowProcW
InvalidateRect
GetMenu
AdjustWindowRect
SetWindowPos
PostMessageA
SetTimer
KillTimer
ScreenToClient
GetMenuItemCount
MoveWindow
RemovePropA
GetDesktopWindow
RedrawWindow
ValidateRect
DefWindowProcA
SystemParametersInfoA
EnumChildWindows
LoadCursorA
SetCursor
EnumWindows
GetWindowRect
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetMenuInfo
GetSystemMenu
IsWindowUnicode
SetWindowLongW
SetPropA
SetWindowRgn
SetWindowsHookExA
wsprintfA
LoadImageA
CharUpperA
GetSystemMetrics
SendMessageA
GetWindowLongA
SetWindowLongA
CallWindowProcA
PtInRect
ReleaseCapture
SetCapture
GetDlgCtrlID
GetParent
IsDlgButtonChecked
GetSysColorBrush
FillRect
GetWindowTextA
SetRect
IsWindowEnabled
OffsetRect
GetSysColor
DrawTextA
GetClientRect
ReleaseDC

gdi32

CreateRectRgn
GetTextExtentPoint32A
CreateFontA
GetDeviceCaps
SetTextColor
SetBkMode
GetObjectA
SetMapMode
AddFontResourceA
CreateSolidBrush
CreatePatternBrush
RemoveFontResourceA
SetStretchBltMode
ExtSelectClipRgn
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
OffsetRgn
CombineRgn
ExtCreateRegion
GetPixel
SetBkColor
CreateBitmap
StretchBlt
SelectClipRgn
CreatePen
SelectObject
Polyline
GetStockObject
DeleteObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

ExtractIconExA

Exports

Exports

TVP_AddFilterHook
TVP_AddFilterUnHook
TVP_AddNoCallWindowProc
TVP_AddNoProcessMsg
TVP_CanFilter
TVP_HookAllWindows
TVP_HookCurrentThread
TVP_InitSkin
TVP_NeedLockWindowUpdateAsNcLBtnDown
TVP_NeedNcLButtonDowMessage
TVP_Quit
TVP_RemoveFilterHook
TVP_RemoveFilterUnHook
TVP_SetMainWindow

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Res/tvp.exe
.exe windows x86

082a55ebf42fcedf596d5338ee0fc679

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hskin

TVP_AddFilterHook
TVP_Quit
TVP_SetMainWindow
TVP_InitSkin
TVP_CanFilter

tvpskin

??1CSkinDialog@@UAE@XZ
?LeftButtonDown@CSkinDialog@@UAEXVCString@@HH@Z
?MouseMoved@CSkinDialog@@UAEXVCString@@HH@Z
?ClickText@CSkinDialog@@UAEXH@Z
?TextClicked@CSkinDialog@@UAEXVCString@@@Z
?ChangeTrack@CSkinDialog@@UAEXHII@Z
?TrackChange@CSkinDialog@@UAEXVCString@@II@Z
?PressButton@CSkinDialog@@UAEXH@Z
?ButtonPressed@CSkinDialog@@UAEXVCString@@@Z
?ProgresChanged@CSkinDialog@@UAEXVCString@@@Z
??0CSkinDialog@@QAE@IPAVCWnd@@@Z
?messageMap@CSkinDialog@@1UAFX_MSGMAP@@B
?SptUpdate@CSkinDialog@@QAEXHPAN@Z
?SptSetYRange@CSkinDialog@@QAEXHH@Z
?SetPageSize@CSkinDialog@@QAEXPBDH@Z
?SetPos@CSkinDialog@@QAEXPBDH@Z
?SetRange@CSkinDialog@@QAEXPBDHH@Z
?LoadMainwndSkin@CSkinDialog@@QAEHPBD0PAVCWnd@@@Z
?OnInitDialog@CSkinDialog@@MAEHXZ
?OnPaint@CSkinDialog@@IAEXXZ
?SetText@CSkinDialog@@QAEHPBD0@Z
?SptSetGraphType@CSkinDialog@@QAEXH@Z
?GetPos@CSkinDialog@@QAEHPBD@Z
?SetButtonCheck@CSkinDialog@@QAEHPBDH@Z
?FreeMainwnd@CSkinDialog@@QAEXXZ
?SetButtonToolTip@CSkinDialog@@QAEHPBD0@Z
?OnMouseMove@CSkinDialog@@IAEXIVCPoint@@@Z
?OnLButtonDown@CSkinDialog@@IAEXIVCPoint@@@Z
?OnSize@CSkinDialog@@IAEXIHH@Z
?Setup@CSkinDialog@@MAEXAAVCBitmap@@@Z

mfc42

ord609
ord323
ord556
ord567
ord825
ord3663
ord3626
ord2414
ord5785
ord4275
ord4284
ord2379
ord2405
ord5053
ord5981
ord2864
ord800
ord3874
ord540
ord5788
ord283
ord5875
ord2859
ord1641
ord1640
ord6880
ord1146
ord2122
ord4160
ord6358
ord1088
ord823
ord1168
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord641
ord324
ord2302
ord4234
ord2642
ord3092
ord4853
ord3803
ord801
ord1200
ord668
ord2770
ord924
ord356
ord535
ord541
ord860
ord6199
ord858
ord537
ord4710
ord5861
ord5572
ord2915
ord2818
ord6143
ord6648
ord6283
ord6282
ord2764
ord1907
ord2582
ord4402
ord3370
ord3640
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord693
ord4258
ord6907
ord3998
ord809
ord4299
ord3181
ord3178
ord2781
ord941
ord922
ord6877
ord5440
ord6383
ord5450
ord6394
ord3721
ord3619
ord795
ord6215
ord2860
ord3873
ord3797
ord3089
ord4171
ord4278
ord6662
ord4129
ord5683
ord5710
ord1232
ord1153
ord1140
ord925
ord6888
ord6874
ord3716
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord790
ord616
ord2754
ord2294
ord2362
ord2358
ord2301
ord2516
ord361
ord6334
ord6111
ord2513
ord293
ord4694
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord2621
ord1576
ord5289
ord4698
ord2725
ord2863
ord755
ord470
ord6311
ord3499
ord2515
ord355
ord1768
ord4204
ord926
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord2528
ord2086
ord939
ord5148
ord3452
ord2380
ord1908
ord3398
ord3733
ord1690
ord5288
ord4439
ord2054
ord4431
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord810
ord771
ord497
ord4259
ord5849
ord3287
ord2881
ord6008
ord4000
ord4715
ord1008
ord3693
ord2566
ord5787
ord5768
ord2152
ord6197
ord6379
ord2714
ord640
ord3571
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord3996
ord1134

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
time
srand
atol
_mbscmp
atoi
sprintf
_ftol
__CxxFrameHandler
_setmbcp
_stricmp

kernel32

GetPrivateProfileIntA
GetSystemDefaultLangID
GlobalAlloc
GlobalLock
lstrlenA
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleFileNameA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
lstrcmpA
lstrcpyA
MulDiv
WinExec
GetCommandLineA
SetCurrentDirectoryA
Sleep
GetModuleHandleA
GetStartupInfoA
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA

user32

LoadCursorA
SetWindowLongA
LoadIconA
SetForegroundWindow
BringWindowToTop
ShowWindow
FindWindowExA
LoadAcceleratorsA
GetActiveWindow
AppendMenuA
GetSystemMenu
DrawIcon
IsIconic
KillTimer
GetMenu
SetTimer
AdjustWindowRect
ModifyMenuA
GetCursorPos
TranslateAcceleratorA
ScreenToClient
RedrawWindow
GetMenuItemCount
InsertMenuA
wsprintfA
CreatePopupMenu
CheckMenuItem
GetDesktopWindow
LockWindowUpdate
SetParent
GetClassNameA
MapWindowPoints
GetWindow
TabbedTextOutA
DrawTextA
GrayStringA
EndPaint
BeginPaint
InvalidateRect
SetCursor
GetParent
ReleaseCapture
SetCapture
GetSystemMetrics
SystemParametersInfoA
IsWindowVisible
PtInRect
GetCapture
MoveWindow
EnableWindow
LoadMenuA
GetDC
ReleaseDC
GetClientRect
GetSysColor
OffsetRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
PostMessageA
ClientToScreen
DeleteMenu
WindowFromPoint
GetNextDlgTabItem
SendMessageA
GetWindowLongA
EnableMenuItem

gdi32

SelectObject
CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
Rectangle
CreateFontA
GetCurrentObject
GetTextMetricsA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontIndirectA
GetObjectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegQueryValueA

shell32

ShellExecuteA
DragFinish
ShellExecuteExA
DragQueryFileA

comctl32

_TrackMouseEvent

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8c83f438c19539f6737a1cfcb85a8f8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

ole32

olepro32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 7KB

68602e120c3f7eee5e17c2c66749c0b5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 61KB

Shared Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 8KB - Virtual size: 7KB

082a55ebf42fcedf596d5338ee0fc679

Headers

File Characteristics

Imports

hskin

tvpskin

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 24KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 61KB

Shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 24KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 15KB