9a290908ffb6b23e019fcbec6a86742f1f517cab2818dd595e0ef7fbd3f2e5a9

Sharing

Copy URL Twitter E-mail

General

Target

9a290908ffb6b23e019fcbec6a86742f1f517cab2818dd595e0ef7fbd3f2e5a9
Size

11.2MB
MD5

96c17d69f567e27d6240b8c0c35016c7
SHA1

e179ec56cd959001f10d5ecee87c9fc08b0b3b44
SHA256

9a290908ffb6b23e019fcbec6a86742f1f517cab2818dd595e0ef7fbd3f2e5a9
SHA512

bc2d8566b5123457c7edc35fcb2ab2a005b83a99a62baa5835d9a185b3f3796a693cce5d7fa20e2a494ca5c77b6ff7f182f5897622a2281aa08c27d08a7c1507
SSDEEP

196608:oQ6Qc4m9pZStnVSb/lnUNo/FGZWtVeCbeKsMY8LYNR9JgptGDHg9dH6AWrPDd:oj9pQlVW2aGaVeCywFLYb9J0tG7kN6Ag

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/APMonUI.dll
unpack001/Activator.exe

Files

9a290908ffb6b23e019fcbec6a86742f1f517cab2818dd595e0ef7fbd3f2e5a9
.zip
APMonUI.dll
.dll windows x64

0aa8e6d7d3c3544c89b26103bac4f14a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
swscanf_s
__C_specific_handler
_XcptFilter
free
_callnewh
malloc
_purecall
memmove_s
memcpy_s
_lock
_unlock
__dllonexit
_onexit
memcmp
_vsnwprintf
_initterm
_amsg_exit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

Sleep
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetProcAddress
GetLastError
SetLastError
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LocalFree

user32

MessageBeep
SendMessageW
GetDlgItem
SetWindowLongPtrW
SetWindowTextW
LoadCursorW
SetCursor
GetWindowTextW
GetWindowLongPtrW
LoadStringW
MessageBoxW

winspool.drv

ClosePrinter
OpenPrinterW

ws2_32

inet_addr
WSAGetLastError
WSAStartup
GetAddrInfoW
WSACleanup
FreeAddrInfoW

shlwapi

StrStrW

wininet

InternetCrackUrlW
InternetCreateUrlW

Exports

Exports

InitializePrintMonitorUI
LocalConfigurePortUI

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Activator.exe
.exe windows x64

f5560decd4672dc0c69ffb0b5191ea1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDateFormatW
SetConsoleCtrlHandler
SetStdHandle
WriteConsoleW
GetFileType
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
HeapValidate
LCMapStringW
GetConsoleMode
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
FormatMessageA
OutputDebugStringW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
VirtualAlloc
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
DebugBreak
RtlUnwind
GetThreadTimes
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetConsoleOutputCP
TryEnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
SetCurrentDirectoryW
CreateDirectoryW
GetDriveTypeW
GetFileInformationByHandle
VirtualQuery
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
LocalUnlock
LocalLock
CreateSemaphoreW
WaitForMultipleObjects
CreateMutexW
ReleaseSemaphore
PulseEvent
ResetEvent
Sleep
SearchPathW
GetTickCount
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
ReplaceFileW
GetTempFileNameW
GetDiskFreeSpaceW
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileAttributesW
GetTempPathW
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
GetHandleInformation
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
VirtualProtect
GetProfileIntW
GetAtomNameW
SetErrorMode
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
InitializeCriticalSectionAndSpinCount
CompareStringW
GlobalGetAtomNameW
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
ResumeThread
GetThreadPriority
SetThreadPriority
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
SuspendThread
CreateEventW
SetEvent
GlobalFree
GlobalUnlock
FreeResource
CompareStringA
WideCharToMultiByte
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
OutputDebugStringA
SetConsoleTitleA
GetModuleFileNameA
SetConsoleTextAttribute
AllocConsole
GetStdHandle
GetModuleFileNameW
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
TerminateProcess
GetFileAttributesA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
Wow64DisableWow64FsRedirection
CreateMutexA
ReleaseMutex
CloseHandle
CreateDirectoryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
RaiseException
DecodePointer
CreateThread
WaitForSingleObject
GetLastError
GetSystemInfo
PeekNamedPipe

user32

CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
IsDialogMessageW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ScrollWindowEx
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
SetWindowPos
MoveWindow
ShowWindow
NotifyWinEvent
ArrangeIconicWindows
DlgDirSelectComboBoxExW
DlgDirListComboBoxW
DlgDirSelectExW
DlgDirListW
GetWindow
GetTopWindow
FindWindowExW
FindWindowW
SetParent
ChildWindowFromPointEx
ChildWindowFromPoint
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetWindowContextHelpId
SetWindowContextHelpId
GetWindowRect
GetClientRect
EnableScrollBar
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
LockWindowUpdate
RedrawWindow
ValidateRgn
InvalidateRgn
InvalidateRect
GetWindowRgn
SetWindowRgn
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowPlacement
GetDCEx
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
DragDetect
GetSystemMenu
DrawMenuBar
HiliteMenuItem
KillTimer
SetTimer
SetCapture
GetCapture
GetOpenClipboardWindow
ChangeClipboardChain
GetClipboardViewer
SetClipboardViewer
GetClipboardOwner
OpenClipboard
GetNextDlgTabItem
GetNextDlgGroupItem
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
CloseWindow
OpenIcon
ShowOwnedPopups
FlashWindow
InSendMessage
GetComboBoxInfo
DestroyCursor
EnumChildWindows
MsgWaitForMultipleObjectsEx
MapVirtualKeyW
SendMessageW
LoadIconW
LoadImageW
SetPropW
PostThreadMessageW
SendNotifyMessageW
DrawAnimatedRects
DrawCaption
SendDlgItemMessageA
CheckMenuRadioItem
InvertRect
FrameRect
DrawFocusRect
GetMenuContextHelpId
SetMenuContextHelpId
ScrollDC
ExcludeUpdateRgn
WindowFromDC
GetPropW
RemovePropW
AdjustWindowRectEx
EqualRect
PtInRect
GetKeyNameTextW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongW
GetClassLongPtrW
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
SetWindowPlacement
GetTabbedTextExtentW
DrawStateW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenu
SetMenu
TrackPopupMenu
TrackPopupMenuEx
GetWindowDC
ScrollWindow
UnregisterClassW
UnregisterClassA
GetSystemMetrics
GetWindowTextA
EnumWindows
PeekMessageW
PostQuitMessage
PostMessageW
IsWindow
TabbedTextOutW
MapDialogRect
GetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetActiveWindow
EnableWindow
IsWindowEnabled
WaitMessage
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
SetCursor
MessageBoxW
GetParent
ReleaseCapture
CopyImage
RealChildWindowFromPoint
GetWindowThreadProcessId
GetLastActivePopup
DefWindowProcW
GetClassInfoW
SetLayeredWindowAttributes
GetSysColor
GetSysColorBrush
SetRectEmpty
CopyRect
IsRectEmpty
LoadCursorW
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayMonitors
RegisterWindowMessageW
FillRect
InflateRect
OffsetRect
DrawIconEx
GetClassNameW
DrawEdge
DrawFrameControl
IsMenu
LoadMenuW
LoadMenuIndirectW
GetMenuStringW
GetMenuState
CreateMenu
CreatePopupMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
DeleteMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
DrawIcon
DrawTextW
DrawTextExW
GrayStringW
LoadAcceleratorsW
DestroyMenu
SetRect
GetAsyncKeyState
IsChild
GetDialogBaseUnits
GetClipboardFormatNameA
GetClipboardFormatNameW
UnpackDDElParam
DestroyIcon
CharUpperW
TranslateAcceleratorW
IntersectRect
GetMenuBarInfo
ReuseDDElParam
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
TrackMouseEvent
MessageBeep
SetCursorPos
SetClassLongPtrW
CloseClipboard
SetClipboardData
EmptyClipboard
MonitorFromPoint
UnionRect
GetDoubleClickTime
GetIconInfo
CopyIcon
UpdateLayeredWindow
IsCharLowerW
MapVirtualKeyExW
RegisterClipboardFormatW
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
SubtractRect
MessageBoxA
MonitorFromRect

gdi32

Chord
BitBlt
Arc
AnimatePalette
GetObjectW
GetTextCharsetInfo
GetStockObject
EnumFontFamiliesW
DeleteObject
CreateDIBitmap
CreateBitmap
ExtTextOutW
CreateEnhMetaFileW
CloseEnhMetaFile
CreateMetaFileW
CloseMetaFile
DeleteDC
CreatePolyPolygonRgn
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
DrawEscape
Ellipse
EnumObjects
EqualRgn
Escape
ExtEscape
ExtCreateRegion
ExtFloodFill
FillRgn
FloodFill
FrameRgn
GetROP2
GetAspectRatioFilterEx
GetBkColor
GetBkMode
GetBitmapBits
GetBitmapDimensionEx
GetBoundsRect
GetBrushOrgEx
GetCharWidthW
GetCharWidthFloatW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetCurrentObject
GetCurrentPositionEx
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetGraphicsMode
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetPolyFillMode
GetRegionData
GetRgnBox
GetStretchBltMode
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextExtentPoint32W
GetFontLanguageInfo
GetCharacterPlacementW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
InvertRgn
MaskBlt
PlgBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PolyPolygon
PtInRegion
PtVisible
RectInRegion
RectVisible
Rectangle
ResetDCW
RealizePalette
RoundRect
ResizePalette
SelectObject
SetBitmapBits
SetBoundsRect
SetPaletteEntries
SetPixel
SetPixelV
StretchBlt
CombineRgn
UpdateColors
PlayEnhMetaFile
GdiComment
GetTextMetricsW
AngleArc
PolyPolyline
GetWorldTransform
GetColorAdjustment
CreateHalftonePalette
StartDocW
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetPath
PathToRegion
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
ExtCreatePen
GetMiterLimit
GetArcDirection
TextOutW
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetBitmapDimensionEx
SetBrushOrgEx
GetTextFaceW
GetKerningPairsW
UnrealizeObject
SetBkColor
SetTextColor
CopyMetaFileW
ExcludeClipRect
GetClipBox
GetClipRgn
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
StretchDIBits
CreateDIBSection
GetDIBits
SetDIBColorTable
EnumFontFamiliesExW
GetSystemPaletteEntries
DeleteMetaFile
GetTextExtentPointW
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateDiscardableBitmap
CreateCompatibleDC
CreateDCW
CreateDIBPatternBrushPt
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateFontIndirectW
CreateFontW
CreateHatchBrush
CreateICW
CreatePalette
CreatePen
SetRectRgn
CreateSolidBrush
CreatePenIndirect

msimg32

GradientFill
TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegEnumKeyExW
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
DragAcceptFiles
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationA
SHGetDesktopFolder

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathFindExtensionW
PathFileExistsA
StrFormatKBSizeW

uxtheme

DrawThemeBackground
GetCurrentThemeName
IsAppThemed
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleRegEnumVerbs
OleRegGetMiscStatus
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLoad
CreateFileMoniker
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
OleRun
OleSetMenuDescriptor
OleGetIconOfClass
OleLockRunning
OleQueryLinkFromData
CoTaskMemFree
OleSaveToStream
OleSave
OleCreateFromFile
OleCreateLinkToFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
CreateItemMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
WriteClassStm
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
PropVariantCopy
CLSIDFromString
StringFromGUID2
OleQueryCreateFromData
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
CoDisconnectObject
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CLSIDFromProgID
OleIsRunning
CoRegisterMessageFilter
GetClassFile
CoGetMalloc
OleSetContainedObject

oleaut32

SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SafeArrayPtrOfIndex
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
VarBstrFromDec
VarDecFromStr
VariantCopy
VarDateFromStr
SystemTimeToVariantTime
VarBstrFromDate
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VarBstrFromCy
VarCyFromStr

oledlg

OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIEditLinksW
OleUIPasteSpecialW
OleUIInsertObjectW
OleUIBusyW

gdiplus

GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdiplusStartup
GdipGetImageWidth
GdipSetInterpolationMode
GdipCreateBitmapFromFileICM
GdipDeleteGraphics
GdipFree
GdipCreateBitmapFromFile
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

Exports

Exports

dummy

Sections

.textbss
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aa8e6d7d3c3544c89b26103bac4f14a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

winspool.drv

ws2_32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 92B

f5560decd4672dc0c69ffb0b5191ea1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

bcrypt

Exports

Exports

Sections

.textbss Size: - Virtual size: 6.4MB

.text Size: 13.3MB - Virtual size: 13.3MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 142KB - Virtual size: 211KB

.pdata Size: 767KB - Virtual size: 767KB

.idata Size: 41KB - Virtual size: 40KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 987B

.00cfg Size: 512B - Virtual size: 337B

_RDATA Size: 1024B - Virtual size: 546B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 229KB - Virtual size: 229KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 92B

.textbss
Size: - Virtual size: 6.4MB

.text
Size: 13.3MB - Virtual size: 13.3MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 142KB - Virtual size: 211KB

.pdata
Size: 767KB - Virtual size: 767KB

.idata
Size: 41KB - Virtual size: 40KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 987B

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 546B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 229KB - Virtual size: 229KB