privateloader | Trojans[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Trojans.zip
Size

9.1MB
MD5

46e03b10392341881ac9e5421ac88d1c
SHA1

b0d49814b98d7613dc1458546b6b0a23299eb342
SHA256

72073e22e81da454b5ec4028c5ed91e31dd1874b1479d105582a08b1f3b1ee69
SHA512

8ab08f030058e6565aff1b7ab55fe3bfc48de6742e8dd6050f872e230e88fd10b81f33e16486d66dcf9716d65f59464363c81fb1e5d5234cf52acce73df679be
SSDEEP

196608:ecPw5g4R3ZDbW1JnqGqxInYKKIPnJX8eEq9cUJ8DV35gJp:ecPm9Nb8JnqGHYKVJJEq9DJyVeX

Score

10^/10

loader privateloader fabookie socelars

Malware Config

Extracted

Family

privateloader

http://45.133.1.182/proxies.txt

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.znsjis.top/

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
static1/unpack001/Files.exe	family_fabookie

Fabookie family
fabookie
Privateloader family
privateloader
Socelars family
socelars

Socelars payload 1 IoCs

resource	yara_rule
static1/unpack001/Install.exe	family_socelars

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Details.exe
unpack001/File.exe
unpack001/Files.exe
unpack001/Folder.exe
unpack001/FoxSBrowser.exe
unpack001/Install.exe
unpack001/Updbdate.exe
unpack001/md9_1sjm.exe
unpack001/pub2.exe

Files

Trojans.zip
.zip
Details.exe
.exe windows x86

e7d6aacdbba2eaeadcddfcf1af169f5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetEnvironmentStringsW
WaitForSingleObject
SetEvent
GetSystemDefaultLCID
GetEnvironmentStrings
GlobalAlloc
SizeofResource
LeaveCriticalSection
ReadFile
GetModuleFileNameW
GetDevicePowerState
GetConsoleOutputCP
VerLanguageNameA
RemoveDirectoryA
EnterCriticalSection
GlobalGetAtomNameA
PrepareTape
WriteConsoleA
GetProcessId
BeginUpdateResourceA
SetSystemTime
EnumResourceTypesW
GetModuleFileNameA
GetModuleHandleA
FindFirstVolumeA
ReleaseMutex
EndUpdateResourceA
LocalSize
GetWindowsDirectoryW
AddConsoleAliasA
FindActCtxSectionStringW
FindNextVolumeA
lstrcpyA
GetLocaleInfoA
GetCommandLineW
GetProcAddress
GetSystemDefaultLangID
HeapAlloc
GetLastError
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA

user32

RealChildWindowFromPoint

gdi32

GetCharWidthFloatW

advapi32

DeregisterEventSource
CloseEventLog

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
File.exe
.exe windows x86

fcfbb183dda4a3825a0923650518721c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetPriorityClass
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
GetModuleHandleExA
CreateFileA
lstrcpyA
CloseHandle
GetFileSize
GetLastError
GetProcAddress
HeapFree
WriteFile
lstrlenA
lstrcpynA
WriteConsoleW
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
HeapReAlloc
SetFilePointerEx
GetFileType
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetConsoleMode
FlushFileBuffers
GetConsoleOutputCP
HeapSize
CreateFileW
DecodePointer

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Files.exe
.exe windows x64

0e0b1327b851d652046461e0a8be7593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LocalFree
GetLastError
FormatMessageW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetEvent
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
Sleep
OutputDebugStringA
RtlUnwind

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetCredentials

crypt32

CryptUnprotectData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Folder.exe
.exe windows x86

385b4c734448931d8105f2b8af2a40a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
lstrlenW
InterlockedDecrement
LoadLibraryA
GetEnvironmentVariableW
InterlockedIncrement
GetStringTypeW
GetStringTypeA
LocalFree
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FoxSBrowser.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

1{{
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Graphics.exe
.exe windows x86

0f0c12643909b692a9be3510bdc965e8

Code Sign

a3:7e:fc:24:58:c5:7f:46:96:ae:8c:02:1e:51:fa:7b
Certificate

Issuer

POSTALCODE=10202

Not Before

22/09/2021, 11:08

Not After

22/09/2022, 11:08

Subject

POSTALCODE=10202

8f:b9:2b:f3:58:ad:6b:47:21:53:b6:4f:c2:a4:d7:49:b1:32:ff:ba:79:fc:94:d2:b3:f9:df:53:df:a9:73:10
Signer

Actual PE Digest

8f:b9:2b:f3:58:ad:6b:47:21:53:b6:4f:c2:a4:d7:49:b1:32:ff:ba:79:fc:94:d2:b3:f9:df:53:df:a9:73:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
GetConsoleAliasExesLengthA
CallNamedPipeA
GetQueuedCompletionStatus
GetCommState
InterlockedDecrement
CancelWaitableTimer
UnlockFile
SetEvent
FreeEnvironmentStringsA
CreateNamedPipeW
GetNumberFormatA
ReadConsoleOutputA
GetCommandLineA
GetPrivateProfileIntA
GetSystemDirectoryW
HeapCreate
TerminateProcess
FileTimeToSystemTime
GetModuleFileNameW
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
FreeLibraryAndExitThread
GetLastError
SetThreadContext
GetProcAddress
SetStdHandle
EnterCriticalSection
LoadLibraryA
OpenMutexA
CreateSemaphoreW
LocalAlloc
GetProfileStringA
SetThreadIdealProcessor
HeapWalk
FindAtomA
GlobalWire
GetModuleHandleA
FreeEnvironmentStringsW
FindNextFileW
WriteProfileStringW
GetCurrentDirectoryA
GetCPInfoExA
SetFileShortNameA
TlsAlloc
EnumResourceLanguagesW
GetSystemTime
LCMapStringW
CopyFileExA
DeleteFileA
GetVolumeInformationW
GetThreadLocale
GetFileSize
MoveFileA
HeapValidate
IsBadReadPtr
RaiseException
GetModuleHandleW
Sleep
InterlockedIncrement
ExitProcess
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapFree
VirtualFree
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

advapi32

InitiateSystemShutdownA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Install.exe
.exe windows x86

4f0608b5638c60342069764638589dcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
LocalFree
WinExec
GetComputerNameW
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
SetLastError
GetCurrentThread
FindResourceW
GetPrivateProfileStringW
CopyFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
SizeofResource
CreateProcessA
LockResource
LoadResource
FreeLibrary
GetTickCount
TerminateProcess
Sleep
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetLastError
GetTempPathA
CreateDirectoryA
SetCurrentDirectoryW
GetShortPathNameA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
SetFileTime
SetFilePointer
ReadFile
GetFileType
CreateFileW
CreateDirectoryW
CreateEventW
GetCurrentDirectoryW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileSizeEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
RaiseException
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
WriteConsoleW
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
DecodePointer
EncodePointer
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoGetObject
CoUninitialize

wininet

InternetGetCookieExA

netapi32

Netbios

ntdll

RtlInitUnicodeString
NtFreeVirtualMemory
LdrEnumerateLoadedModules
RtlEqualUnicodeString
RtlAcquirePebLock
NtAllocateVirtualMemory
RtlReleasePebLock
RtlNtStatusToDosError
RtlCreateHeap
RtlDestroyHeap
RtlAllocateHeap
RtlFreeHeap
NtClose
NtOpenKey
NtEnumerateValueKey
NtQueryValueKey

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 1024B - Virtual size: 707B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dghhegw
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dghhegw
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Updbdate.exe
.exe windows x86

efb815d76c298dec768e3e4b14d60fd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
SetLocalTime
FindResourceExW
InterlockedIncrement
GetCommState
InterlockedDecrement
UnlockFile
SetEvent
FreeEnvironmentStringsA
CreateNamedPipeW
GetConsoleAliasesLengthA
GetCommandLineA
GetPrivateProfileIntA
LoadLibraryW
GetConsoleAliasExesLengthW
HeapDestroy
CreateSemaphoreA
GetBinaryTypeA
TerminateProcess
GetSystemDirectoryA
lstrlenW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetStdHandle
GetCPInfoExW
FreeLibraryAndExitThread
OpenMutexW
GetLastError
GetCurrentDirectoryW
GetThreadLocale
GetProcAddress
EnterCriticalSection
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetNumberFormatW
GetProfileStringA
SetThreadIdealProcessor
HeapWalk
FindAtomA
SetSystemTime
GlobalWire
GetModuleFileNameA
CreateIoCompletionPort
GetModuleHandleA
FindFirstChangeNotificationA
FindNextFileW
WriteProfileStringW
SetFileShortNameA
TlsAlloc
EnumResourceLanguagesW
UnregisterWaitEx
CopyFileExA
DeleteFileA
GetVolumeInformationW
LocalFileTimeToFileTime
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
LeaveCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleW
ExitProcess
HeapValidate
IsBadReadPtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
MultiByteToWideChar
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
LCMapStringW
GetStringTypeW
CloseHandle
CreateFileW
RaiseException

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
md9_1sjm.exe
.exe windows x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 2.0MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pub2.exe
.exe windows x86

2def91c0581afe8a9028a470a8151c40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
InterlockedIncrement
GetCommState
InterlockedDecrement
UnlockFile
SetEvent
FreeEnvironmentStringsA
CreateNamedPipeW
GetConsoleAliasesLengthA
GetCommandLineA
GetPrivateProfileIntA
LoadLibraryW
GetConsoleAliasExesLengthW
HeapDestroy
CreateSemaphoreA
GetBinaryTypeA
TerminateProcess
GetSystemDirectoryA
lstrlenW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetStdHandle
GetCPInfoExW
FreeLibraryAndExitThread
OpenMutexW
GetLastError
SetLocalTime
GetThreadLocale
GetProcAddress
EnterCriticalSection
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetNumberFormatW
GetProfileStringA
SetThreadIdealProcessor
HeapWalk
FindAtomA
SetSystemTime
GlobalWire
GetModuleFileNameA
CreateIoCompletionPort
GetModuleHandleA
FindFirstChangeNotificationA
FindNextFileW
WriteProfileStringW
SetFileShortNameA
TlsAlloc
EnumResourceLanguagesW
UnregisterWaitEx
CopyFileExA
DeleteFileA
GetVolumeInformationW
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetThreadContext
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
LeaveCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleW
ExitProcess
HeapValidate
IsBadReadPtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
MultiByteToWideChar
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
LCMapStringW
GetStringTypeW
CloseHandle
CreateFileW
RaiseException

advapi32

AbortSystemShutdownA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 39.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

e7d6aacdbba2eaeadcddfcf1af169f5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 9KB - Virtual size: 534KB

.rsrc Size: 32KB - Virtual size: 32KB

fcfbb183dda4a3825a0923650518721c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 298KB - Virtual size: 297KB

.reloc Size: 5KB - Virtual size: 5KB

0e0b1327b851d652046461e0a8be7593

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

winhttp

crypt32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 24KB - Virtual size: 37KB

.pdata Size: 47KB - Virtual size: 47KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 572B

.reloc Size: 9KB - Virtual size: 9KB

385b4c734448931d8105f2b8af2a40a5

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

1{{ Size: 19KB - Virtual size: 18KB

.text Size: 30KB - Virtual size: 29KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

0f0c12643909b692a9be3510bdc965e8

Code Sign

a3:7e:fc:24:58:c5:7f:46:96:ae:8c:02:1e:51:fa:7bCertificate

8f:b9:2b:f3:58:ad:6b:47:21:53:b6:4f:c2:a4:d7:49:b1:32:ff:ba:79:fc:94:d2:b3:f9:df:53:df:a9:73:10Signer

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 9KB - Virtual size: 534KB

.rsrc
Size: 32KB - Virtual size: 32KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 298KB - Virtual size: 297KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 24KB - Virtual size: 37KB

.pdata
Size: 47KB - Virtual size: 47KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 572B

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

1{{
Size: 19KB - Virtual size: 18KB

.text
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

a3:7e:fc:24:58:c5:7f:46:96:ae:8c:02:1e:51:fa:7b
Certificate

8f:b9:2b:f3:58:ad:6b:47:21:53:b6:4f:c2:a4:d7:49:b1:32:ff:ba:79:fc:94:d2:b3:f9:df:53:df:a9:73:10
Signer

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 4.2MB - Virtual size: 43.5MB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 77KB - Virtual size: 77KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.dghhegw
Size: 4KB - Virtual size: 3KB

.dghhegw
Size: 9KB - Virtual size: 9KB

.dghhegw
Size: 1024B - Virtual size: 707B

.dghhegw
Size: 1024B - Virtual size: 598B

.dghhegw
Size: 4KB - Virtual size: 4KB

.dghhegw
Size: 3KB - Virtual size: 3KB

.dghhegw
Size: 3KB - Virtual size: 2KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 11KB - Virtual size: 29KB

.dghhegw
Size: 512B - Virtual size: 80B

.rsrc
Size: 118KB - Virtual size: 118KB

.reloc
Size: 34KB - Virtual size: 33KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 142KB - Virtual size: 39.4MB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 66KB - Virtual size: 66KB

.text
Size: 2.0MB - Virtual size: 5.5MB

.rsrc
Size: 161KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 99KB - Virtual size: 98KB