afc6c243572e989981853b39c40ff975a23d94dd930e30c73196bbc2aec814a3

Sharing

Copy URL Twitter E-mail

General

Target

afc6c243572e989981853b39c40ff975a23d94dd930e30c73196bbc2aec814a3
Size

4.2MB
MD5

096b27f5e02e8875ae65fd3d6bc8c1e1
SHA1

de5bbe0180c0e5aa8e154690ea2c70f40f7d553f
SHA256

afc6c243572e989981853b39c40ff975a23d94dd930e30c73196bbc2aec814a3
SHA512

fd0b3c17160067d084f5f2f84f6beca2884e08394680aac13eb38711728440427a6a08c11596af9db808d34e0a2c3837de2aac4f4d1b1347b57640ebc0d8e73a
SSDEEP

98304:PCKVmeTQXOb2Y19QGCuC4M9PLsvffgIoIVuOdnf4266XhXtQ/pWi:PCneP9BhCP4vffgIouVd8nh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64/Release/application/csharp/ExeCallcsharp.exe
unpack001/x64/Release/application/csharp/ICSharpCode.SharpZipLib.dll
unpack001/x64/Release/application/csharp/NPOI.OOXML.dll
unpack001/x64/Release/application/csharp/NPOI.OpenXml4Net.dll
unpack001/x64/Release/application/csharp/NPOI.OpenXmlFormats.dll
unpack001/x64/Release/application/csharp/NPOI.dll
unpack001/x64/Release/application/csharp/ToleranceLib.dll
unpack001/x64/Release/creo2Dview.dll

Files

afc6c243572e989981853b39c40ff975a23d94dd930e30c73196bbc2aec814a3
.zip
protk.dat
x64/Release/BOOLON.sym
x64/Release/application/csharp/ExeCallcsharp.exe
.exe windows x86

e525938c49adbcad40e36809b695b62a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr110

_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__initenv
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__dllonexit
_XcptFilter
fopen
fprintf
fclose
sprintf
__FrameUnwindFilter

kernel32

Sleep
GetModuleHandleA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
EncodePointer
GetModuleFileNameA

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/ExeCallcsharp.exe.metagen
x64/Release/application/csharp/ICSharpCode.SharpZipLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/NPOI.OOXML.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/NPOI.OpenXml4Net.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/NPOI.OpenXmlFormats.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/NPOI.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/application/csharp/NPOI.xml
.xml
x64/Release/application/csharp/ToleranceLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/creo2Dview.dll
.dll windows x64

83e3200c7fef0e8687cf03e1d3cc4655

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ucore46

uloc_getDefault
uloc_setDefault
uloc_getLanguage
uloc_getCountry
uloc_getDisplayLanguage
uloc_getDisplayCountry
uloc_getISOLanguages
uloc_getISOCountries
u_init
u_cleanup
ucnv_cbToUWriteUChars
utf8_prevCharSafeBody
ucase_fold
ucase_toupper
ucase_tolower
ubrk_close
ucnv_cbFromUWriteBytes
ucase_toFullUpper
ucase_toFullLower
ucase_toFullFolding
ucasemap_close
ucasemap_open
u_memcpy
??0UnicodeSet@icu@@QEAA@XZ
u_toupper
u_tolower
u_isprint
u_iscntrl
u_isspace
u_isblank
u_isgraph
u_ispunct
u_isxdigit
u_isalnum
u_isalpha
u_isdigit
u_isupper
u_islower
ucnv_toUCountPending
ucnv_fromUCountPending
ucnv_setFallback
ucnv_getAliases
ucnv_countAliases
ucnv_convertEx
ucnv_fromUChars
ucnv_toUnicode
ucnv_fromUnicode
ucnv_setFromUCallBack
ucnv_setToUCallBack
ucnv_getUnicodeSet
ucnv_getName
ucnv_getMaxCharSize
ucnv_resetFromUnicode
ucnv_resetToUnicode
ucnv_reset
ucnv_close
ucnv_open
ucnv_compareNames
??3UMemory@icu@@SAXPEAX@Z
??2UMemory@icu@@SAPEAX_K@Z
utf8_nextCharSafeBody

kernel32

GetModuleFileNameW
GetModuleHandleW
GetCommandLineA
GetEnvironmentVariableA
OutputDebugStringA
OutputDebugStringW
GlobalFindAtomA
GlobalGetAtomNameA
GetProfileIntA
GetProfileStringA
GetDiskFreeSpaceA
GetVolumeInformationA
VerifyVersionInfoW
ResetEvent
CreateWaitableTimerA
SetWaitableTimer
GetCurrentThread
TryEnterCriticalSection
TlsAlloc
TlsFree
SetEndOfFile
OpenProcess
TerminateProcess
ExitThread
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
GetProcessTimes
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
SetFilePointerEx
DuplicateHandle
SystemTimeToFileTime
GetSystemDirectoryW
GetFileAttributesExW
GenerateConsoleCtrlEvent
LockFile
GetFileSize
SetConsoleCtrlHandler
UnlockFile
SetThreadPriority
ResumeThread
RtlCaptureContext
GetProcessId
OpenThread
ReadProcessMemory
GetThreadContext
SuspendThread
MapViewOfFile
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsWow64Process
GetModuleHandleExW
GlobalUnlock
GlobalLock
GlobalFree
FindResourceA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalAlloc
GlobalSize
MulDiv
EncodePointer
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
CompareStringA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalReAlloc
GlobalHandle
LocalReAlloc
lstrcpyA
VerifyVersionInfoA
GetACP
GlobalFlags
GetThreadLocale
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
lstrcmpiA
GetTempPathA
GetWindowsDirectoryA
SearchPathA
FindResourceExW
GetFileAttributesExA
SetFileTime
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
CreateEventA
OpenMutexW
OpenMutexA
CreateMutexW
CreateMutexA
FreeEnvironmentStringsA
GetEnvironmentStrings
VerSetConditionMask
GetVersionExA
DeviceIoControl
WaitForSingleObjectEx
PeekNamedPipe
CreatePipe
FormatMessageA
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
ReleaseMutex
SetEvent
IsDebuggerPresent
SetErrorMode
CreateThread
LocalFree
LocalAlloc
GetLogicalProcessorInformation
GetTickCount
InitializeCriticalSection
GetCurrentProcessId
HeapSetInformation
HeapCreate
VirtualQuery
VirtualAlloc
GlobalMemoryStatusEx
GetProcAddress
FreeLibrary
GetVersionExW
GetDiskFreeSpaceW
GetProfileStringW
GetEnvironmentVariableW
GetCommandLineW
TlsSetValue
TlsGetValue
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetShortPathNameW
GetComputerNameW
GetComputerNameA
GetVolumeInformationW
SetVolumeLabelW
SetVolumeLabelA
MoveFileExW
MoveFileExA
MoveFileW
MoveFileA
CopyFileExW
CopyFileExA
CopyFileW
CopyFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
DeleteFileW
DeleteFileA
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
SetFileAttributesA
CreateFileW
CreateFileA
GetFullPathNameW
GetFullPathNameA
CreateFileMappingA
RemoveDirectoryW
RemoveDirectoryA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetTempFileNameW
GetTempFileNameA
GetDriveTypeW
GetDriveTypeA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
CreateProcessW
CreateProcessA
LoadLibraryW
LoadLibraryA
GetSystemTimeAsFileTime
GetSystemTime
SetHandleInformation
GetFileTime
FindClose
GetLogicalDrives
FreeConsole
AllocConsole
GetSystemInfo
CloseHandle
SetStdHandle
WaitForSingleObject
GetCurrentThreadId
GetExitCodeProcess
SetConsoleMode
GetConsoleMode
GetUserDefaultLangID
IsDBCSLeadByteEx
GetStdHandle
Sleep
WinExec
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateEventW
LCMapStringEx
GetStringTypeW
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwind
GetConsoleOutputCP
SetEnvironmentVariableW
FindFirstFileExW
GetFileType
GetTempPathW
GetFileInformationByHandle
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
ExitProcess
QueryPerformanceFrequency
ReadConsoleW
FreeLibraryAndExitThread
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
WriteConsoleW

user32

GetWindowRgn
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongPtrA
LockWindowUpdate
BringWindowToTop
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
IsClipboardFormatAvailable
LoadImageW
DestroyIcon
CopyImage
MonitorFromPoint
UnionRect
EnableScrollBar
DestroyMenu
UpdateLayeredWindow
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoA
CreatePopupMenu
NotifyWinEvent
WindowFromPoint
MessageBeep
SetWindowRgn
DeleteMenu
GetSystemMenu
ReleaseCapture
SetCapture
GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
IntersectRect
InflateRect
RealChildWindowFromPoint
EnumDisplayMonitors
GetSysColorBrush
GetSystemMetrics
SetLayeredWindowAttributes
SetCursor
ShowOwnedPopups
GetMessageA
MapDialogRect
SetWindowContextHelpId
OffsetRect
SetRectEmpty
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
GetWindow
GetClassLongPtrA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
UnpackDDElParam
SetWindowPlacement
GetWindowPlacement
GetComboBoxInfo
IsMenu
GetClassInfoExA
CallWindowProcA
GetMessageTime
GetMessagePos
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
GetFocus
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetLastActivePopup
GetParent
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetDlgItem
EndDialog
CreateDialogIndirectParamA
IsWindow
LoadBitmapW
FillRect
InvalidateRect
DrawStateA
GetTopWindow
GetDesktopWindow
UpdateWindow
KillTimer
SetTimer
MsgWaitForMultipleObjects
DestroyWindow
PostQuitMessage
PeekMessageA
TranslateMessage
GetMonitorInfoA
SystemParametersInfoA
LoadIconW
LoadIconA
LoadCursorW
LoadCursorA
GetClassNameA
GetClassLongA
MessageBoxA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RemovePropA
GetPropA
SetPropA
DrawTextExA
DrawTextA
LoadMenuW
LoadMenuA
RegisterClipboardFormatA
CreateWindowExA
GetClassInfoA
RegisterClassA
DefWindowProcA
DispatchMessageA
RegisterWindowMessageA
PostMessageA
GetWindowThreadProcessId
EnumWindows
UnregisterClassA
ShowWindow
SetWindowPos
SetWindowLongA
GetWindowLongA
FindWindowA
GetWindowRect
SetRect
SetParent
GetClientRect
SendMessageA
EnableWindow
InsertMenuItemA
TranslateAcceleratorA
LoadAcceleratorsA
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
DrawIcon
InvertRect
ModifyMenuA
CharUpperBuffA
HideCaret
GetIconInfo
WaitMessage
PostThreadMessageA
FrameRect
CopyIcon
IsChild
ReuseDDElParam
BeginDeferWindowPos
LoadImageA
GetNextDlgTabItem

gdi32

GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
EnumFontFamiliesA
GetTextCharsetInfo
GetTextMetricsA
GetTextExtentPoint32A
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
Escape
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
SetPixelV
GetTextFaceA
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CopyMetaFileA
GetObjectA
GetStockObject
DeleteObject
CreateSolidBrush
ExtTextOutA
TextOutA
CreateDIBitmap
CreateCompatibleBitmap
PatBlt
CreateRectRgnIndirect
GetClipBox
GetWindowOrgEx
ExcludeClipRect
CreateDCA
DeleteDC
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
GetPaletteEntries
CreateFontIndirectA
SetLayout

msimg32

AlphaBlend
TransparentBlt

winspool.drv

EndDocPrinter
DocumentPropertiesA
ClosePrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA

advapi32

RegEnumKeyA
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
OpenThreadToken
AccessCheck
RevertToSelf
ImpersonateSelf
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA
LookupAccountNameA
LookupAccountSidA
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
OpenServiceW
OpenSCManagerW
CreateServiceW
LookupAccountNameW
LookupAccountSidW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
RegQueryValueA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegConnectRegistryW
RegConnectRegistryA
RegCloseKey
GetUserNameW
GetUserNameA

shell32

SHAppBarMessage
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathFindExtensionA

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeParentBackground
IsAppThemed
DrawThemeText
OpenThemeData

ole32

CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoFreeUnusedLibraries
CreateStreamOnHGlobal
OleInitialize
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CoRegisterMessageFilter
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize

oleaut32

SafeArrayDestroy
LoadTypeLi
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
VariantInit
SysAllocStringByteLen
VariantClear
VariantChangeType
SysFreeString
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VariantTimeToSystemTime

oledlg

ord8

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipDrawImageI
GdipAlloc
GdiplusShutdown

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
getpeername
gethostbyaddr
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
getnameinfo
ntohs
htons
ioctlsocket
connect
closesocket
bind
accept
WSACleanup
__WSAFDIsSet
WSAGetLastError
WSAStartup
socket

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

netapi32

NetRemoteTOD
NetApiBufferFree

psapi

GetProcessImageFileNameW
GetModuleInformation
GetModuleFileNameExW
EnumProcessModules
GetModuleFileNameExA

mpr

WNetOpenEnumA
WNetGetConnectionA
WNetEnumResourceA
WNetCloseEnum

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PEBDEB
?PRO_OS_TYPE@@3PEBDEB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PEAVbtkOBSFunc@@EA
dont_ever_call_me_000
dont_ever_call_me_222
dont_ever_call_me_k03_000
dont_ever_call_me_l01_000
dont_ever_call_me_l03_000
dont_ever_call_me_l05_000
dont_ever_call_me_p10_000
dont_ever_call_me_p20_000
i_am_342015090_000
i_am_342015450_000
i_am_342015470_000
i_am_342016090_000
i_am_342016290_000
user_initialize_plus
user_terminate_plus

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 741KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.datapro
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Release/data/config.dat
x64/Release/data/ϲѯ.xlsx
.xlsx office2007
x64/Release/symbol/boolon.sym
x64/Release/symbol/boolon.sym.4
x64/Release/symbol/boolon.sym.6
x64/Release/~tol.txt

Sharing

General

Malware Config

Signatures

Files

e525938c49adbcad40e36809b695b62a

Headers

DLL Characteristics

File Characteristics

Imports

msvcr110

kernel32

mscoree

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 184KB - Virtual size: 183KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 521KB - Virtual size: 521KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 87KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 956B

.reloc Size: 512B - Virtual size: 12B

83e3200c7fef0e8687cf03e1d3cc4655

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 184KB - Virtual size: 183KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 521KB - Virtual size: 521KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 956B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 740KB - Virtual size: 740KB

.data
Size: 741KB - Virtual size: 1008KB

.pdata
Size: 221KB - Virtual size: 220KB

.datapro
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 69KB - Virtual size: 69KB