Dyre[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Dyre.zip
Size

2.2MB
MD5

6d1f649d90313b7e3624c0e86563b5dd
SHA1

2ab93a242511c38ff7661eb84107ca2ce380d135
SHA256

a6f10947d6c37b62a4c0f5e4d0d32cc826a957c7d1026f316d5651262c4f0b24
SHA512

7313603db16057f68eb3d7db53d7611c9681c57c906fa3e234f1fc6507344aedfab85b755f373f211a34c961914c25ac9d078a75d0619f3245d96db0d184229d
SSDEEP

49152:7lzO5MCEcRPOmqeWozDQvPFq1IYRJRyYkUCJrWVnrxjSYdl:wNEcRPDPq8IYrRyY/CJsnr9SYdl

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dump/dump1.exe
unpack001/Original/999bc5e16312db6abff5f6c9e54c546f.bin
unpack001/Original/Document-772976_829712.scr
unpack001/Original/b44634d90a9ff2ed8a9d0304c11bf612.bin
unpack001/Original/chqpl.file
unpack001/Original/dd207384b31d118745ebc83203a4b04a.bin
unpack001/Original/fax_390392029_072514.exe
unpack001/Original/loader_9b313e9c79921b22b488a11344b280d4cec9dd09c2201f9e5aaf08a115650b25
unpack001/Original/payload_f8eccfebda8a1e0caabbe23a8b94d7ced980353a9b3673a4173e24958a3bdbb9
unpack001/Unpacked/Dyre_Unpacked.file

Files

Dyre.zip
.zip

Password: infected
Dump/dump1.exe
.exe windows x86

22dbb276300404135258818b9af1f7bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

kernel32

GetModuleHandleW
VirtualFree
WriteFile
SizeofResource
ReadFile
CreateFileW
lstrlenW
GetLastError
GetProcAddress
VirtualAlloc
OpenThread
LockResource
lstrcmpiW
CreateToolhelp32Snapshot
GetCurrentProcess
CloseHandle
HeapAlloc
HeapCreate
OutputDebugStringW
ExitProcess
GetCommandLineW
MapViewOfFile
OpenProcess
LoadLibraryW
Sleep
GetModuleFileNameW
lstrcmpW
OpenMutexW
Process32FirstW
GetProcessId
IsWow64Process
CreateFileMappingW
Process32NextW
lstrcatW
DeleteFileW
lstrcpyW
CreateProcessW
LoadResource
FindResourceW
lstrlenA
SetFilePointer
GetFileSize
HeapFree

user32

wsprintfW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/999bc5e16312db6abff5f6c9e54c546f.bin
.exe windows x86

486eda0988c03bbb173c5b351c4e5c49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
GetClientRect
SetWindowTextW
DefWindowProcW
LoadIconW
SendMessageW
PostQuitMessage
LoadCursorW
RegisterClassExW
LoadStringW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
LoadBitmapW
MoveWindow
SetWindowPos
DrawTextW
InvalidateRect
GetKeyboardState
EnableWindow
GetParent
GetClassNameW
GetWindowPlacement
LoadAcceleratorsW
UpdateWindow
GetMenuItemID
EndDeferWindowPos
EnableMenuItem
DeferWindowPos
SetWindowLongW
GetMenu
GetWindowLongW
GetActiveWindow
FrameRect
IsChild
GetScrollRange
DestroyWindow
GetScrollInfo

kernel32

GetModuleFileNameW
GetProcessHeap
HeapAlloc
lstrcatW
SetCurrentDirectoryW
CreateFileW
Sleep
LoadLibraryW
GetCommandLineW
GetProcAddress
GetFileSize
CloseHandle
lstrlenW
GetStartupInfoA
ReadFile
lstrcpyW
GetModuleHandleA

shfolder

SHGetFolderPathW

crtdll

_local_unwind2
_global_unwind2
_fmode_dll
_commode_dll
__GetMainArgs
_initterm
_acmdln_dll
exit
_XcptFilter
_exit

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/Document-772976_829712.scr
.exe windows x86

8bcca895cc1aad9a2d2d4e9ba64a1eda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
EnableWindow
UpdateWindow

kernel32

GetModuleHandleA
GetStartupInfoA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_setmbcp

mfc42

ord2535
ord3262
ord5260
ord560
ord4273
ord1945
ord4613
ord4614
ord4823
ord652
ord338
ord4426
ord4623
ord6175
ord6080
ord3198
ord3454
ord4387
ord2399
ord4858
ord4953
ord4242
ord2575
ord4396
ord5241
ord5261
ord3402
ord4424
ord3574
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4078
ord4403
ord5240
ord5290
ord4441
ord3748
ord1726
ord5253
ord3371
ord4432
ord3641
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5252
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord1576
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord3623
ord609
ord674
ord303
ord567
ord366
ord813
ord800
ord3996
ord2100
ord4457
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2582
ord4402
ord3370
ord3640
ord1168
ord6215
ord2092
ord4159
ord2621
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord693
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/b44634d90a9ff2ed8a9d0304c11bf612.bin
.exe windows x86

f0821047715b8965d331eb551d6e64d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleHandleA
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateEventA
PulseEvent
TerminateProcess
VirtualAlloc
CreateFileA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
CloseHandle
SetStdHandle
GetStringTypeW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapAlloc
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

user32

SendMessageW
DestroyWindow

winmm

auxSetVolume

winscard

SCardForgetCardTypeW

ws2_32

select

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/chqpl.file
.exe windows x86

9a862710bb9677a8f1301763fc289105

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
EndPaint
GetClientRect
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
SendMessageA
DestroyWindow
DrawTextA
FillRect

kernel32

CreateFileA
HeapCreate
GetCommandLineA
HeapAlloc
GetModuleHandleA
CloseHandle
GetCurrentDirectoryA
GetFileSize
lstrlenA
lstrcatA
GetStartupInfoA
ReadFile
lstrcpynA

comctl32

ord17

msvcrt

atof
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
atoi

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/dd207384b31d118745ebc83203a4b04a.bin
.exe windows x86

fb7abd0d6772c1e271d7aae752cbb5da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
LoadAcceleratorsA
SetWindowTextA
DefWindowProcA
DialogBoxParamA
SendMessageA
PostQuitMessage
EndDialog
GetMessageA
TranslateMessage
DispatchMessageA
LoadBitmapA
MoveWindow
SetWindowPos
DrawTextW
InvalidateRect
GetKeyboardState
EnableWindow
GetParent
GetClassNameW
GetWindowPlacement
GetMenuItemID
EndDeferWindowPos
EnableMenuItem
DeferWindowPos
GetMenu
GetActiveWindow
IsChild
GetScrollRange
SetWindowLongA
GetClientRect
GetWindowLongA

kernel32

GetCurrentDirectoryA
CreateFileA
LoadLibraryA
GetProcAddress
lstrcpyA
GetFileSize
CloseHandle
lstrlenA
GetStartupInfoA
ReadFile
GetModuleHandleA

crtdll

_local_unwind2
_global_unwind2
_fmode_dll
_commode_dll
__GetMainArgs
_initterm
_acmdln_dll
exit
_XcptFilter
_exit

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/fax_390392029_072514.exe
.exe windows x86

000c0cc51cebb7ae0df3751e56dc52b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
EnableWindow
UpdateWindow

kernel32

GetStartupInfoA
GetModuleHandleA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_setmbcp

mfc42

ord4234
ord2648
ord641
ord324
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord2621
ord4159
ord296
ord5214
ord2092
ord1168
ord4242
ord2575
ord4396
ord5241
ord5261
ord3402
ord4424
ord3574
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4078
ord4403
ord5240
ord5290
ord4441
ord3748
ord1726
ord5253
ord3371
ord4432
ord3641
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord1576
ord2055
ord6376
ord3749
ord5065
ord1727
ord5252
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord3623
ord609
ord674
ord303
ord567
ord366
ord813
ord800
ord2582
ord4402
ord3370
ord3640
ord2078
ord3996
ord4224
ord2100
ord4457
ord693
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord6215

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/loader_9b313e9c79921b22b488a11344b280d4cec9dd09c2201f9e5aaf08a115650b25
.exe windows x86

08453a6e43fab2a723af5df16c73944f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageW
GetCommandLineA
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount

user32

CharUpperW
CreateWindowExA
DefWindowProcA
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageA
GetClientRect
GetDC
GetForegroundWindow
GetKeyboardLayout
GetMessageA
GetWindowPlacement
IsIconic
LoadCursorA
LoadIconA
LoadMenuA
LoadStringW
MessageBeep
MessageBoxW
RegisterClassExA
ReleaseDC
SetActiveWindow
SetCursor
SetMenu
ShowWindow
TranslateMessage
UpdateWindow
wsprintfW

comctl32

InitCommonControls

Sections

.jddjtkg
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 880B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Original/payload_f8eccfebda8a1e0caabbe23a8b94d7ced980353a9b3673a4173e24958a3bdbb9
.dll windows x86

d125c3c536281dfb67295a264a0c7721

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

ntohs
recvfrom
sendto
bind
WSASetLastError
FreeAddrInfoW
GetAddrInfoW
getsockname
socket
WSACloseEvent
WSAStartup
inet_addr
WSARecv
WSASocketW
WSASend
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
htons
WSAEventSelect
shutdown
WSACreateEvent
select
closesocket
connect
WSAWaitForMultipleEvents

shlwapi

StrStrIA
StrStrIW
StrToIntW
StrTrimA
StrToIntA
StrStrA

wininet

HttpQueryInfoW
InternetSetOptionW
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestExW
InternetQueryOptionW
HttpOpenRequestA
InternetOpenA
HttpEndRequestW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlA
HttpAddRequestHeadersA
HttpSendRequestA
InternetConnectA

advapi32

CryptReleaseContext
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegOpenKeyW
CryptDestroyKey
CryptImportKey
CryptVerifySignatureW
CryptHashData
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
RegOpenKeyExW
CryptCreateHash
DuplicateTokenEx
LookupAccountSidW
LookupPrivilegeValueW
CreateProcessAsUserW
RegQueryValueExW
GetTokenInformation
CryptAcquireContextW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptVerifySignature
BCryptCloseAlgorithmProvider
BCryptImportKeyPair
BCryptDestroyKey
BCryptGetProperty
BCryptCreateHash

kernel32

Process32FirstW
GetLocalTime
GetProcAddress
lstrlenW
CreateFileW
ReadFile
SizeofResource
WideCharToMultiByte
OpenProcess
WriteFile
LockResource
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetCurrentProcessId
SetLastError
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
lstrcpyW
GetComputerNameA
lstrcatW
GetExitCodeProcess
TerminateProcess
GetTempFileNameW
CreateMutexW
GetTempPathW
OpenMutexW
MapViewOfFile
UnmapViewOfFile
CreateRemoteThread
FlushInstructionCache
CreateFileMappingW
MultiByteToWideChar
TryEnterCriticalSection
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcess
SystemTimeToFileTime
LoadResource
FindResourceW
GetFileSize
GetVersionExW
InterlockedDecrement
CreateEventW
InterlockedIncrement
lstrcmpA
lstrlenA
WaitForSingleObject
SetEvent
GetTickCount
Sleep
CreateEventA
GetLastError
CloseHandle
CreateThread
lstrcpyA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
SetThreadPriority
ResetEvent
lstrcmpiA

user32

FindWindowW
GetWindowLongW
GetWindowInfo
wsprintfA
SendMessageW
GetParent
PostMessageW
SetActiveWindow
UpdateWindow
wsprintfW
EnumChildWindows

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unpacked/Dyre_Unpacked.file
.exe windows x86

22dbb276300404135258818b9af1f7bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

kernel32

GetModuleHandleW
VirtualFree
WriteFile
SizeofResource
ReadFile
CreateFileW
lstrlenW
GetLastError
GetProcAddress
VirtualAlloc
OpenThread
LockResource
lstrcmpiW
CreateToolhelp32Snapshot
GetCurrentProcess
CloseHandle
HeapAlloc
HeapCreate
OutputDebugStringW
ExitProcess
GetCommandLineW
MapViewOfFile
OpenProcess
LoadLibraryW
Sleep
GetModuleFileNameW
lstrcmpW
OpenMutexW
Process32FirstW
GetProcessId
IsWow64Process
CreateFileMappingW
Process32NextW
lstrcatW
DeleteFileW
lstrcpyW
CreateProcessW
LoadResource
FindResourceW
lstrlenA
SetFilePointer
GetFileSize
HeapFree

user32

wsprintfW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

22dbb276300404135258818b9af1f7bc

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 5KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 4KB

.data Size: - Virtual size: 4KB

.rsrc Size: 259KB - Virtual size: 259KB

486eda0988c03bbb173c5b351c4e5c49

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shfolder

crtdll

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 37KB - Virtual size: 41KB

.rsrc Size: 128KB - Virtual size: 127KB

8bcca895cc1aad9a2d2d4e9ba64a1eda

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

mfc42

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 19KB - Virtual size: 18KB

f0821047715b8965d331eb551d6e64d1

Headers

File Characteristics

Imports

kernel32

user32

winmm

winscard

ws2_32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 40KB - Virtual size: 43KB

.rsrc Size: 412KB - Virtual size: 411KB

9a862710bb9677a8f1301763fc289105

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

comctl32

msvcrt

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 25KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

fb7abd0d6772c1e271d7aae752cbb5da

Headers

File Characteristics

Imports

.text
Size: 5KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 4KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 259KB - Virtual size: 259KB

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 37KB - Virtual size: 41KB

.rsrc
Size: 128KB - Virtual size: 127KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 40KB - Virtual size: 43KB

.rsrc
Size: 412KB - Virtual size: 411KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 25KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 282KB - Virtual size: 282KB

.data
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 211KB - Virtual size: 211KB

.text
Size: 249KB - Virtual size: 248KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.jddjtkg
Size: 512B - Virtual size: 50B

.text
Size: 309KB - Virtual size: 308KB

.bss
Size: - Virtual size: 880B

.data
Size: 512B - Virtual size: 238B

.idata
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 1024B - Virtual size: 620B

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 56B

.rsrc
Size: 250KB - Virtual size: 250KB