Fabookie-eset[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Fabookie-eset.zip
Size

1.8MB
MD5

1fe34a927d8420536ca8a6efff305202
SHA1

8695d1a84edb2fd59de467c4270e9c448bb3ee87
SHA256

e79dfdc0c408bf8ce1012a512845c8d269901ece2c1ea41f0fc99b1bfa2cc0c2
SHA512

2e5cd71037d89a857a537493fd295bbc310e4e16e507572d920b5690d87e7a8c6286a99708fc67cde71370728fdb08d09488d729aff3488b377043de805e1824
SSDEEP

49152:qi8N2Yh/rPi8oYyc8jdEi82jRN/TSZgU0+13Hfi:y2Y12Yyc85z9N/TSV13fi

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/33a6a6fd4d40d8a987cc5614b36b72bc5bd50ccce2dd0a228776793ab9b4d1c3
unpack001/625f3f00c2a47c63b59a89867b89b07026ee3d159a1cc71203d42c291dd527ea
unpack001/c52ecbf84024669e121df61293ab5aace4984fb4bd074ed5ab0ca292e0fa6496
unpack001/f1349f70002b87c991eacf8912b52860af53c67a629202cfbf619dd85cb37425

Files

Fabookie-eset.zip
.zip

Password: infected
33a6a6fd4d40d8a987cc5614b36b72bc5bd50ccce2dd0a228776793ab9b4d1c3
.exe windows x64

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventWrite
EventUnregister

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetSystemDirectoryW
CreateThread
lstrcmpW
GetCommandLineW
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ExpandEnvironmentStringsW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
MulDiv
RaiseException
GetStartupInfoW

gdi32

GetDeviceCaps
SetBkColor
GetBkColor
GetTextExtentPoint32W
BitBlt
SetBrushOrgEx
SetViewportOrgEx
SetLayout
GetLayout
SelectClipRgn
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
CreateDIBSection
SetTextColor
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
GdiAlphaBlend
Polygon

user32

EnumDisplaySettingsExW
SystemParametersInfoW
GetSysColor
QueryDisplayConfig
GetDisplayConfigBufferSizes
EndPaint
DrawEdge
BeginPaint
PtInRect
SetRect
GetWindowLongW
ValidateRect
LoadStringW
UnregisterClassA
SetClassLongPtrW
UnhookWindowsHookEx
GetWindowLongPtrW
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
SetWindowsHookExW
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
LoadCursorW
SetWindowLongPtrW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongPtrW
FrameRect
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
InvalidateRect
GetFocus
MapWindowPoints
GetClientRect
CreateWindowExW
GetParent
OffsetRect
ChangeDisplaySettingsExW
PostMessageW
GetDlgItem
CallWindowProcW
SetWindowTextW
EnumChildWindows
EnableWindow
GetWindowTextW
SetDlgItemTextW
KillTimer
ReleaseDC
GetDC
NotifyWinEvent
CallNextHookEx
GetDlgCtrlID
GetKeyState
DrawIconEx
InflateRect
DestroyWindow
CreateDialogParamW
SendMessageW
DestroyIcon
LoadImageW
AllowSetForegroundWindow
GetIconInfo
PostQuitMessage
EnumDisplayDevicesW
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
DrawFocusRect
DrawTextW
ShowWindow
GetClassInfoW
IsWindowEnabled
FillRect
DefWindowProcW
SetTimer
SetWindowPos
SendDlgItemMessageW
MoveWindow
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW

msvcrt

ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
_purecall
__RTDynamicCast
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
??_U@YAPEAX_K@Z
_vsnwprintf
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_initterm
memcpy

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantClear
VariantInit

powrprof

PowerDeterminePlatformRole
PowerSettingAccessCheck
PowerReadDCValue
PowerSetActiveScheme
PowerGetActiveScheme
PowerReadFriendlyName
GetPwrCapabilities

batmeter

CleanupBatteryData
SubscribeBatteryUpdateNotification
CreateBatteryData
UnsubscribeBatteryUpdateNotification
BatMeterOnDeviceChange
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
SetBatteryLevel

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ShellExecuteW
ord100
SHGetKnownFolderIDList
ord155
DuplicateIcon
ShellExecuteExW

shlwapi

PathFileExistsW
ord618
ord437
StrTrimW
ord219
PathGetArgsW
PathRemoveBlanksW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawLine
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipFillRectangle
GdipImageRotateFlip
GdipFree
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeletePen

uxtheme

OpenThemeData
BufferedPaintInit
BufferedPaintUnInit
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
GetThemeColor
CloseThemeData
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanGetInterfaceCapability
WlanSetInterface
WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanQueryInterface
WlanEnumInterfaces

wmi

WmiOpenBlock
WmiExecuteMethodW
WmiNotificationRegistrationW
WmiCloseBlock
WmiQueryAllDataW
WmiQuerySingleInstanceW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord344
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
625f3f00c2a47c63b59a89867b89b07026ee3d159a1cc71203d42c291dd527ea
.exe windows x64

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventWrite
EventUnregister

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetSystemDirectoryW
CreateThread
lstrcmpW
GetCommandLineW
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ExpandEnvironmentStringsW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
MulDiv
RaiseException
GetStartupInfoW

gdi32

GetDeviceCaps
SetBkColor
GetBkColor
GetTextExtentPoint32W
BitBlt
SetBrushOrgEx
SetViewportOrgEx
SetLayout
GetLayout
SelectClipRgn
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
CreateDIBSection
SetTextColor
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
GdiAlphaBlend
Polygon

user32

EnumDisplaySettingsExW
SystemParametersInfoW
GetSysColor
QueryDisplayConfig
GetDisplayConfigBufferSizes
EndPaint
DrawEdge
BeginPaint
PtInRect
SetRect
GetWindowLongW
ValidateRect
LoadStringW
UnregisterClassA
SetClassLongPtrW
UnhookWindowsHookEx
GetWindowLongPtrW
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
SetWindowsHookExW
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
LoadCursorW
SetWindowLongPtrW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongPtrW
FrameRect
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
InvalidateRect
GetFocus
MapWindowPoints
GetClientRect
CreateWindowExW
GetParent
OffsetRect
ChangeDisplaySettingsExW
PostMessageW
GetDlgItem
CallWindowProcW
SetWindowTextW
EnumChildWindows
EnableWindow
GetWindowTextW
SetDlgItemTextW
KillTimer
ReleaseDC
GetDC
NotifyWinEvent
CallNextHookEx
GetDlgCtrlID
GetKeyState
DrawIconEx
InflateRect
DestroyWindow
CreateDialogParamW
SendMessageW
DestroyIcon
LoadImageW
AllowSetForegroundWindow
GetIconInfo
PostQuitMessage
EnumDisplayDevicesW
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
DrawFocusRect
DrawTextW
ShowWindow
GetClassInfoW
IsWindowEnabled
FillRect
DefWindowProcW
SetTimer
SetWindowPos
SendDlgItemMessageW
MoveWindow
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW

msvcrt

ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
_purecall
__RTDynamicCast
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
??_U@YAPEAX_K@Z
_vsnwprintf
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_initterm
memcpy

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantClear
VariantInit

powrprof

PowerDeterminePlatformRole
PowerSettingAccessCheck
PowerReadDCValue
PowerSetActiveScheme
PowerGetActiveScheme
PowerReadFriendlyName
GetPwrCapabilities

batmeter

CleanupBatteryData
SubscribeBatteryUpdateNotification
CreateBatteryData
UnsubscribeBatteryUpdateNotification
BatMeterOnDeviceChange
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
SetBatteryLevel

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ShellExecuteW
ord100
SHGetKnownFolderIDList
ord155
DuplicateIcon
ShellExecuteExW

shlwapi

PathFileExistsW
ord618
ord437
StrTrimW
ord219
PathGetArgsW
PathRemoveBlanksW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawLine
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipFillRectangle
GdipImageRotateFlip
GdipFree
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeletePen

uxtheme

OpenThemeData
BufferedPaintInit
BufferedPaintUnInit
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
GetThemeColor
CloseThemeData
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanGetInterfaceCapability
WlanSetInterface
WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanQueryInterface
WlanEnumInterfaces

wmi

WmiOpenBlock
WmiExecuteMethodW
WmiNotificationRegistrationW
WmiCloseBlock
WmiQueryAllDataW
WmiQuerySingleInstanceW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord344
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c52ecbf84024669e121df61293ab5aace4984fb4bd074ed5ab0ca292e0fa6496
.exe windows x64

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventWrite
EventUnregister

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetSystemDirectoryW
CreateThread
lstrcmpW
GetCommandLineW
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ExpandEnvironmentStringsW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
MulDiv
RaiseException
GetStartupInfoW

gdi32

GetDeviceCaps
SetBkColor
GetBkColor
GetTextExtentPoint32W
BitBlt
SetBrushOrgEx
SetViewportOrgEx
SetLayout
GetLayout
SelectClipRgn
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
CreateDIBSection
SetTextColor
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
GdiAlphaBlend
Polygon

user32

EnumDisplaySettingsExW
SystemParametersInfoW
GetSysColor
QueryDisplayConfig
GetDisplayConfigBufferSizes
EndPaint
DrawEdge
BeginPaint
PtInRect
SetRect
GetWindowLongW
ValidateRect
LoadStringW
UnregisterClassA
SetClassLongPtrW
UnhookWindowsHookEx
GetWindowLongPtrW
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
SetWindowsHookExW
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
LoadCursorW
SetWindowLongPtrW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongPtrW
FrameRect
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
InvalidateRect
GetFocus
MapWindowPoints
GetClientRect
CreateWindowExW
GetParent
OffsetRect
ChangeDisplaySettingsExW
PostMessageW
GetDlgItem
CallWindowProcW
SetWindowTextW
EnumChildWindows
EnableWindow
GetWindowTextW
SetDlgItemTextW
KillTimer
ReleaseDC
GetDC
NotifyWinEvent
CallNextHookEx
GetDlgCtrlID
GetKeyState
DrawIconEx
InflateRect
DestroyWindow
CreateDialogParamW
SendMessageW
DestroyIcon
LoadImageW
AllowSetForegroundWindow
GetIconInfo
PostQuitMessage
EnumDisplayDevicesW
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
DrawFocusRect
DrawTextW
ShowWindow
GetClassInfoW
IsWindowEnabled
FillRect
DefWindowProcW
SetTimer
SetWindowPos
SendDlgItemMessageW
MoveWindow
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW

msvcrt

ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
_purecall
__RTDynamicCast
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
??_U@YAPEAX_K@Z
_vsnwprintf
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_initterm
memcpy

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantClear
VariantInit

powrprof

PowerDeterminePlatformRole
PowerSettingAccessCheck
PowerReadDCValue
PowerSetActiveScheme
PowerGetActiveScheme
PowerReadFriendlyName
GetPwrCapabilities

batmeter

CleanupBatteryData
SubscribeBatteryUpdateNotification
CreateBatteryData
UnsubscribeBatteryUpdateNotification
BatMeterOnDeviceChange
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
SetBatteryLevel

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ShellExecuteW
ord100
SHGetKnownFolderIDList
ord155
DuplicateIcon
ShellExecuteExW

shlwapi

PathFileExistsW
ord618
ord437
StrTrimW
ord219
PathGetArgsW
PathRemoveBlanksW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawLine
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipFillRectangle
GdipImageRotateFlip
GdipFree
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeletePen

uxtheme

OpenThemeData
BufferedPaintInit
BufferedPaintUnInit
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
GetThemeColor
CloseThemeData
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanGetInterfaceCapability
WlanSetInterface
WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanQueryInterface
WlanEnumInterfaces

wmi

WmiOpenBlock
WmiExecuteMethodW
WmiNotificationRegistrationW
WmiCloseBlock
WmiQueryAllDataW
WmiQuerySingleInstanceW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord344
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f1349f70002b87c991eacf8912b52860af53c67a629202cfbf619dd85cb37425
.exe windows x64

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventWrite
EventUnregister

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CreateProcessW
Sleep
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetVersionExA
GetSystemDirectoryW
CreateThread
lstrcmpW
GetCommandLineW
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
GetModuleHandleW
HeapSetInformation
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ExpandEnvironmentStringsW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
MulDiv
RaiseException
GetStartupInfoW

gdi32

GetDeviceCaps
SetBkColor
GetBkColor
GetTextExtentPoint32W
BitBlt
SetBrushOrgEx
SetViewportOrgEx
SetLayout
GetLayout
SelectClipRgn
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
CreateDIBSection
SetTextColor
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
SelectObject
GetTextMetricsW
DeleteDC
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
GdiAlphaBlend
Polygon

user32

EnumDisplaySettingsExW
SystemParametersInfoW
GetSysColor
QueryDisplayConfig
GetDisplayConfigBufferSizes
EndPaint
DrawEdge
BeginPaint
PtInRect
SetRect
GetWindowLongW
ValidateRect
LoadStringW
UnregisterClassA
SetClassLongPtrW
UnhookWindowsHookEx
GetWindowLongPtrW
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
SetWindowsHookExW
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
LoadCursorW
SetWindowLongPtrW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongPtrW
FrameRect
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
InvalidateRect
GetFocus
MapWindowPoints
GetClientRect
CreateWindowExW
GetParent
OffsetRect
ChangeDisplaySettingsExW
PostMessageW
GetDlgItem
CallWindowProcW
SetWindowTextW
EnumChildWindows
EnableWindow
GetWindowTextW
SetDlgItemTextW
KillTimer
ReleaseDC
GetDC
NotifyWinEvent
CallNextHookEx
GetDlgCtrlID
GetKeyState
DrawIconEx
InflateRect
DestroyWindow
CreateDialogParamW
SendMessageW
DestroyIcon
LoadImageW
AllowSetForegroundWindow
GetIconInfo
PostQuitMessage
EnumDisplayDevicesW
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
DrawFocusRect
DrawTextW
ShowWindow
GetClassInfoW
IsWindowEnabled
FillRect
DefWindowProcW
SetTimer
SetWindowPos
SendDlgItemMessageW
MoveWindow
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW

msvcrt

ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
__C_specific_handler
memset
_purecall
__RTDynamicCast
wcstok
wcscspn
wcstol
_wcsicmp
free
memmove_s
??_U@YAPEAX_K@Z
_vsnwprintf
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_initterm
memcpy

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantClear
VariantInit

powrprof

PowerDeterminePlatformRole
PowerSettingAccessCheck
PowerReadDCValue
PowerSetActiveScheme
PowerGetActiveScheme
PowerReadFriendlyName
GetPwrCapabilities

batmeter

CleanupBatteryData
SubscribeBatteryUpdateNotification
CreateBatteryData
UnsubscribeBatteryUpdateNotification
BatMeterOnDeviceChange
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
SetBatteryLevel

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ShellExecuteW
ord100
SHGetKnownFolderIDList
ord155
DuplicateIcon
ShellExecuteExW

shlwapi

PathFileExistsW
ord618
ord437
StrTrimW
ord219
PathGetArgsW
PathRemoveBlanksW

ole32

CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitialize

ntdll

EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawLine
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight
GdipFillRectangle
GdipImageRotateFlip
GdipFree
GdipCreateBitmapFromStream
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeletePen

uxtheme

OpenThemeData
BufferedPaintInit
BufferedPaintUnInit
BeginBufferedPaint
DrawThemeTextEx
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
GetThemeColor
CloseThemeData
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanGetInterfaceCapability
WlanSetInterface
WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanQueryInterface
WlanEnumInterfaces

wmi

WmiOpenBlock
WmiExecuteMethodW
WmiNotificationRegistrationW
WmiCloseBlock
WmiQueryAllDataW
WmiQuerySingleInstanceW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord344
ord345

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

powrprof

batmeter

winmm

shell32

shlwapi

ole32

ntdll

slc

rpcrt4

gdiplus

uxtheme

wlanapi

wmi

comctl32

dwmapi

wtsapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 780KB - Virtual size: 780KB

.reloc Size: 3KB - Virtual size: 2KB

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

powrprof

batmeter

winmm

shell32

shlwapi

ole32

ntdll

slc

rpcrt4

gdiplus

uxtheme

wlanapi

wmi

comctl32

dwmapi

wtsapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 780KB - Virtual size: 780KB

.reloc Size: 3KB - Virtual size: 2KB

de5ffdef0b7fe6105bfe44941d62fcd6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 780KB - Virtual size: 780KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 780KB - Virtual size: 780KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 780KB - Virtual size: 780KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 143KB - Virtual size: 142KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 780KB - Virtual size: 780KB

.reloc
Size: 3KB - Virtual size: 2KB