381e5a59240867a78d9b3ac3bca7d38c11ad28d2550d6276a281603a3b983868

Sharing

Copy URL Twitter E-mail

General

Target

381e5a59240867a78d9b3ac3bca7d38c11ad28d2550d6276a281603a3b983868
Size

3.5MB
MD5

95f14950f43ad39b2897f7205e5a9276
SHA1

a27b2bd5c09609b0c771ed51e81450de192ca0a8
SHA256

381e5a59240867a78d9b3ac3bca7d38c11ad28d2550d6276a281603a3b983868
SHA512

48e9dd3443d8bc117d4923aae6eaa56568b8bfb2cb0447a5b111854021636202101afe0ffdf98758f42bad365387696e6ab575d2af7abbdb2292538be694d29c
SSDEEP

98304:FBsMxLfaJl2S3xtpK3wGkTTgrkMqsIv1cBBxfyWykN:FSWLfaJlRxE2T8r3HsQBxDH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ef_find_64/EFEP.EXE
unpack001/ef_find_64/EFFNRES.DLL
unpack001/ef_find_64/EFFind.exe

Files

381e5a59240867a78d9b3ac3bca7d38c11ad28d2550d6276a281603a3b983868
.zip
ef_find_64/EFEP.EXE
.exe windows x64

fe160e0dde50c979c5284ced4912c4a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadImageW
LoadCursorW
PostQuitMessage
DefWindowProcW
SetTimer
MessageBoxW
IsWindow
SendMessageW
PostMessageW
CreateWindowExW
GetClassInfoExW
UnregisterClassW
RegisterClassExW
GetWindowLongPtrW

advapi32

RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegSetValueExA
RegOpenKeyExW

kernel32

SetStdHandle
GetConsoleMode
GetConsoleCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
FlsGetValue
GetFileAttributesW
SetFileAttributesW
CreateFileW
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CreateThread
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
DeviceIoControl
SetFileTime
SetLocalTime
FileTimeToSystemTime
SetVolumeLabelW
MoveFileExW
CopyFileW
GetWindowsDirectoryW
Sleep
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ef_find_64/EFFIN_BG.LNG
ef_find_64/EFFIN_BR.LNG
ef_find_64/EFFIN_CA.LNG
ef_find_64/EFFIN_CN.LNG
ef_find_64/EFFIN_CZ.LNG
ef_find_64/EFFIN_DE.CHM
.chm
ef_find_64/EFFIN_FR.LNG
ef_find_64/EFFIN_HE.LNG
ef_find_64/EFFIN_HU.LNG
ef_find_64/EFFIN_IT.LNG
ef_find_64/EFFIN_JA.LNG
ef_find_64/EFFIN_KR.LNG
ef_find_64/EFFIN_LT.LNG
ef_find_64/EFFIN_LV.LNG
ef_find_64/EFFIN_MK.LNG
ef_find_64/EFFIN_NL.LNG
ef_find_64/EFFIN_RO.LNG
ef_find_64/EFFIN_RU.LNG
ef_find_64/EFFIN_SA.LNG
ef_find_64/EFFIN_SE.LNG
ef_find_64/EFFIN_SK.LNG
ef_find_64/EFFIN_SP.LNG
ef_find_64/EFFIN_SR.LNG
ef_find_64/EFFIN_TR.LNG
ef_find_64/EFFIN_TW.LNG
ef_find_64/EFFIN_UA.LNG
ef_find_64/EFFIN_US.CHM
.chm
ef_find_64/EFFIN_US.LNG
ef_find_64/EFFNRES.DLL
.dll windows x64

904ef1c9d10b45a786a6b8cc465e2039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
RtlUnwindEx
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

r

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ef_find_64/EFFind
ef_find_64/EFFind.exe
.exe windows x64

770fcd7b75be78fbf890d8512753bf56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

effnres

r

user32

SetWindowTextA
GetWindowTextW
GetWindowTextLengthW
SetWindowLongPtrW
GetClassLongPtrW
SetClassLongPtrW
PostMessageW
InvalidateRect
DrawTextW
IsWindow
IsWindowVisible
SetFocus
MessageBeep
MessageBoxW
MessageBoxA
CreateDialogParamW
DialogBoxParamW
CheckMenuItem
TrackPopupMenuEx
GetSystemMetrics
GetMenuItemInfoW
PeekMessageW
InsertMenuItemW
SetMenuItemInfoW
ReleaseDC
GetDC
CharLowerA
CharUpperA
CharLowerBuffA
CharUpperBuffA
WindowFromPoint
GetSysColorBrush
GetSysColor
UpdateWindow
LoadBitmapW
GetMessageTime
GetWindowPlacement
SetWindowPlacement
SetClipboardData
FindWindowW
DestroyWindow
ShowWindow
EnableWindow
IsWindowEnabled
DrawStateW
GetWindow
GetTopWindow
CharUpperBuffW
CharLowerBuffW
DrawFocusRect
DrawFrameControl
FrameRect
EndDialog
BringWindowToTop
SetForegroundWindow
SetActiveWindow
SetWindowTextW
GetActiveWindow
CharToOemA
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetWindowsHookExW
UnhookWindowsHookEx
GetScrollInfo
GetForegroundWindow
GetSystemMenu
DeleteMenu
CheckMenuRadioItem
EnableMenuItem
MoveWindow
SetWindowLongW
DestroyIcon
CreateMenu
SetMenu
PostQuitMessage
GetFocus
CreatePopupMenu
InsertMenuW
SetMenuDefaultItem
GetMenuItemCount
EmptyClipboard
LoadImageW
OpenClipboard
GetClipboardData
CloseClipboard
SetTimer
GetDlgItem
CallNextHookEx
CreateAcceleratorTableW
DestroyAcceleratorTable
VkKeyScanW
GetCursorPos
KillTimer
DrawIconEx
SystemParametersInfoW
OemToCharBuffW
FillRect
WinHelpW
GetDesktopWindow
GetWindowRect
ScreenToClient
SetWindowPos
GetDlgItemInt
SetDlgItemInt
DefWindowProcW
GetParent
BeginPaint
CreateWindowExW
GetClassInfoExW
UnregisterClassW
RegisterClassExW
GetWindowLongPtrW
CharPrevExA
CharPrevA
CharToOemBuffW
CharUpperW
CharLowerW
OemToCharBuffA
CharToOemBuffA
GetWindowLongW
GetMenu
IsMenu
DestroyMenu
OemToCharA
CharNextA
IsIconic
SendMessageW
LoadCursorW
SetCursor
ExitWindowsEx
GetMessageW
GetClientRect
EndPaint
GetWindowThreadProcessId
CallWindowProcW

gdi32

DeleteEnhMetaFile
GetEnhMetaFileHeader
CreatePalette
SelectPalette
RealizePalette
GetPaletteEntries
Rectangle
GetTextMetricsW
MoveToEx
LineTo
GetDIBits
CreatePen
GetStockObject
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutA
SetTextColor
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateFontIndirectW
GetObjectW
CreateSolidBrush
SetBkColor
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetEnhMetaFileBits
SetWinMetaFileBits

shell32

ShellExecuteExW
SHGetDataFromIDListW
FindExecutableW
ShellExecuteW
SHBrowseForFolderW
SHGetDesktopFolder
ord727
SHGetFileInfoW
CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW

ole32

CoCreateInstance
CoSetProxyBlanket
OleUninitialize
OleInitialize
DoDragDrop

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

comctl32

InitCommonControlsEx
ord17
ImageList_Destroy
ImageList_GetIcon
ImageList_GetIconSize
CreateToolbarEx
ImageList_Draw
ImageList_AddMasked
ImageList_SetBkColor
ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove

mpr

WNetConnectionDialog
WNetDisconnectDialog
WNetGetConnectionW

kernel32

CreateFileMappingA
GetFullPathNameA
GetVersionExA
lstrlenA
SetEnvironmentVariableW
SetCurrentDirectoryA
ExitThread
GetDriveTypeA
GetExitCodeProcess
GlobalSize
SearchPathW
GetLogicalDrives
GetModuleFileNameW
CompareStringA
CompareStringW
GetCurrentProcessId
Sleep
CreateDirectoryW
DeleteFileW
DeviceIoControl
SetErrorMode
GetLocalTime
SetFilePointer
GetDateFormatW
GetTimeFormatW
FreeLibrary
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetDriveTypeW
GetVersionExW
GetDiskFreeSpaceW
SetLastError
GlobalUnlock
GlobalLock
CreateMutexW
CopyFileW
SetFileTime
GetVolumeInformationW
GetTickCount
GetModuleHandleW
SetCurrentDirectoryW
RemoveDirectoryW
MoveFileW
MoveFileExW
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
MultiByteToWideChar
ReadFile
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetFileType
DeleteCriticalSection
GetProcAddress
ExitProcess
CloseHandle
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
CreateFileW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
LocalFileTimeToFileTime
LoadLibraryW
FindClose
SetThreadPriority
IsDBCSLeadByte
InitializeCriticalSection
GetProcessAffinityMask
GetCurrentDirectoryW
FoldStringW
SetThreadExecutionState
GetSystemDirectoryW
CreateThread
WaitForSingleObject
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
GetFileTime
GetFileAttributesW
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetFullPathNameW
FileTimeToLocalFileTime
SetEvent
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
ExpandEnvironmentStringsW
AreFileApisANSI
DosDateTimeToFileTime
GetFileSize
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
VirtualAlloc
VirtualFree
GetModuleHandleA
CompareFileTime
GetSystemInfo
GlobalMemoryStatus
FileTimeToDosDateTime
ResumeThread
SetThreadAffinityMask
CreateEventA
CreateSemaphoreA
IsProcessorFeaturePresent
GetFileInformationByHandle
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetWindowsDirectoryW
GetTempPathW
WaitForMultipleObjects
ReleaseMutex
GetCommandLineW
GlobalFree
UnmapViewOfFile
VirtualProtect
QueryPerformanceFrequency
MulDiv
GlobalAlloc
LocalFree
FormatMessageW
OpenProcess
GetSystemDefaultLangID
MapViewOfFile
CreateFileMappingW
GetBinaryTypeW
FindFirstFileExW
CreateProcessA

ws2_32

htons
ntohs
ntohl
htonl

advapi32

RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
GetFileSecurityW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
InitiateSystemShutdownW
SystemFunction036
RegSetValueExA
RegQueryValueExA

oleaut32

VariantCopy
SysAllocStringLen
SysStringLen
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 333KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ef_find_64/FILE_ID.DIZ
ef_find_64/LICENSE.TXT
ef_find_64/sqx20u.dll
.dll windows x64

f058b2e2c9d6a387821a42300fe03184

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c1:4b:f7:11:ba:93:38:a3:f5:7e:e5:51:34:f1:46:b7
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/08/2011, 09:31

Not After

03/08/2014, 09:31

Subject

CN=Sven Ritter,O=Sven Ritter,L=Varel,ST=Niedersachsen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:86:ec:e6:7f:f2:2d:f0:70:88:90:d1:40:69:b2:1c:41:6a:9c:7a
Signer

Actual PE Digest

a4:86:ec:e6:7f:f2:2d:f0:70:88:90:d1:40:69:b2:1c:41:6a:9c:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetVolumeInformationW
SetErrorMode
GetEnvironmentVariableW
GetModuleFileNameW
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
UnmapViewOfFile
DosDateTimeToFileTime
MultiByteToWideChar
lstrcmpW
FileTimeToLocalFileTime
lstrlenA
RaiseException
WideCharToMultiByte
LocalFileTimeToFileTime
GetVersionExW
GetThreadLocale
CompareFileTime
GetTempPathW
SetLastError
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetLastError
ReadFile
GetCurrentProcess
BackupSeek
BackupRead
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetDiskFreeSpaceW
IsBadReadPtr
GetFileSize
CompareStringW
GetCurrentProcessId
GetWindowsDirectoryW
WaitForSingleObject
GetCurrentThreadId
CreateEventW
WriteFile
SetFilePointer
SetEndOfFile
SetFileTime
GetFileTime
FlushFileBuffers
GetLocaleInfoA
SetFileAttributesW
MoveFileW
DeleteFileW
RemoveDirectoryW
LocalFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
DecodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
HeapReAlloc
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
GetACP
IsBadWritePtr
CreateDirectoryW
lstrlenW

user32

OemToCharA
CharPrevW
CharNextW
SendMessageW
PostMessageW
EnumWindows
GetWindowLongW
CharUpperW
GetWindowThreadProcessId

shlwapi

PathStripToRootW
PathRemoveFileSpecW
PathIsRootW
PathAppendW

advapi32

GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
GetSecurityDescriptorLength
SetFileSecurityW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CoCreateInstance

Exports

Exports

SqxAddArchiveComment
SqxAddFileComments
SqxAppendFileList
SqxCompressFiles
SqxCreateFolder
SqxDeleteFiles
SqxDoneArcFileList
SqxDoneArchive
SqxDoneFileList
SqxExtractFiles
SqxGetArchiveComment
SqxInitArcFileList
SqxInitArchive
SqxInitFileList
SqxListFiles
SqxRepairArchive
SqxTestArchive

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe160e0dde50c979c5284ced4912c4a7

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 59KB - Virtual size: 59KB

904ef1c9d10b45a786a6b8cc465e2039

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 19KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 3KB - Virtual size: 2KB

770fcd7b75be78fbf890d8512753bf56

Headers

DLL Characteristics

File Characteristics

Imports

effnres

user32

gdi32

shell32

ole32

comdlg32

comctl32

mpr

kernel32

ws2_32

advapi32

oleaut32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 855KB - Virtual size: 855KB

.data Size: 333KB - Virtual size: 456KB

.pdata Size: 187KB - Virtual size: 187KB

.rsrc Size: 944KB - Virtual size: 944KB

f058b2e2c9d6a387821a42300fe03184

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c1:4b:f7:11:ba:93:38:a3:f5:7e:e5:51:34:f1:46:b7Certificate

Extended Key Usages

Key Usages

a4:86:ec:e6:7f:f2:2d:f0:70:88:90:d1:40:69:b2:1c:41:6a:9c:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

shell32

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 59KB - Virtual size: 59KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 19KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 855KB - Virtual size: 855KB

.data
Size: 333KB - Virtual size: 456KB

.pdata
Size: 187KB - Virtual size: 187KB

.rsrc
Size: 944KB - Virtual size: 944KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c1:4b:f7:11:ba:93:38:a3:f5:7e:e5:51:34:f1:46:b7
Certificate

a4:86:ec:e6:7f:f2:2d:f0:70:88:90:d1:40:69:b2:1c:41:6a:9c:7a
Signer

.text
Size: 453KB - Virtual size: 453KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 27KB - Virtual size: 4.1MB

.pdata
Size: 23KB - Virtual size: 22KB

text
Size: 1KB - Virtual size: 1KB

data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB