f3aff87710552795d2358b7914cf619e8577a60e3f2b4e587e3cd1429d19f454

Sharing

Copy URL Twitter E-mail

General

Target

f3aff87710552795d2358b7914cf619e8577a60e3f2b4e587e3cd1429d19f454
Size

1.3MB
MD5

9a8f5a85573389590b9b07dbd40240ca
SHA1

9628803f3146c2155d0d19d24a89f12bce64064c
SHA256

f3aff87710552795d2358b7914cf619e8577a60e3f2b4e587e3cd1429d19f454
SHA512

13dc84c033c4c5456a7a124594a9a3052284bac7a4639e5babdb63f0edf9bafa4f3ca3e1c5e0747324b3faabfe004181c4460b7b566c77f45a471ddbf1985d61
SSDEEP

24576:/pdiN7ujsaBEsd7Q0sgG1fG21EgjYKZd9ubd2jbn4yyPKfJL0eVCg0mr+bULMM:/TiNaYaOsdU0sgGoPg3/9hb4Kfy+H9rr

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Notepad2.exe
unpack001/locale/de/Notepad2.dll
unpack001/locale/de/metapath.dll
unpack001/locale/fr-FR/Notepad2.dll
unpack001/locale/fr-FR/metapath.dll
unpack001/locale/it/Notepad2.dll
unpack001/locale/it/metapath.dll
unpack001/locale/ja/Notepad2.dll
unpack001/locale/ja/metapath.dll
unpack001/locale/ko/Notepad2.dll
unpack001/locale/ko/metapath.dll
unpack001/locale/pt-BR/Notepad2.dll
unpack001/locale/pt-BR/metapath.dll
unpack001/locale/zh-Hans/Notepad2.dll
unpack001/locale/zh-Hans/metapath.dll
unpack001/locale/zh-Hant/Notepad2.dll
unpack001/locale/zh-Hant/metapath.dll
unpack001/metapath.exe

Files

f3aff87710552795d2358b7914cf619e8577a60e3f2b4e587e3cd1429d19f454
.zip
License.txt
Notepad2 DarkTheme.ini
Notepad2.exe
.exe windows x86

8a9a13b00f1eeaa583d43185f4a67102

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ord8
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_AddMasked
ord412
ord410
CreateStatusWindowW
ord413

shlwapi

StrCmpLogicalW
UrlUnescapeW
StrFormatByteSizeW
StrRetToBufW
StrStrW
StrCatBuffW
PathFindExtensionW
PathUnquoteSpacesW
PathIsUNCW
StrTrimW
SHAutoComplete
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW
PathQuoteSpacesW
PathCombineW
PathRenameExtensionW
PathIsDirectoryW
StrRChrW
PathRemoveExtensionW
PathCompactPathExW
PathStripToRootW
PathGetDriveNumberW
PathCommonPrefixW
PathCanonicalizeW
PathIsRootW
PathUnExpandEnvStringsW
PathIsPrefixW
PathRelativePathToW
StrDupW
StrStrIA
StrDupA
UrlEscapeW
StrTrimA
PathMatchSpecW
PathIsRelativeW
PathAppendW
StrChrW

imm32

ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmSetCandidateWindow

uxtheme

GetThemeSysFont
IsAppThemed
CloseThemeData
OpenThemeData
SetWindowTheme

kernel32

LoadLibraryExW
Sleep
GlobalSize
GlobalAlloc
GlobalLock
LCMapStringW
WideCharToMultiByte
GetTickCount
GlobalUnlock
HeapFree
lstrlenW
GetLocaleInfoW
lstrcatW
GetLocalTime
GetTimeFormatW
GetDateFormatW
WritePrivateProfileStringW
lstrcpynW
GetPrivateProfileIntW
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
FormatMessageW
GlobalFree
CreateThread
HeapAlloc
GetCurrentDirectoryW
LocalFree
SetEvent
CompareStringW
ReadFile
GetFileSizeEx
IsDBCSLeadByteEx
GetFullPathNameW
WriteFile
SetEndOfFile
LocalAlloc
CreateFileW
GetACP
HeapSize
GetPrivateProfileStringW
GetTimeZoneInformation
GetLastError
GlobalMemoryStatusEx
GetOEMCP
QueryPerformanceCounter
SizeofResource
InterlockedExchange
GetCurrentProcess
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
FreeResource
GetFileInformationByHandle
LockResource
HeapReAlloc
ResetEvent
LoadResource
FindResourceW
GetWindowsDirectoryW
WritePrivateProfileSectionW
GetCommandLineW
GetLongPathNameW
SetErrorMode
FindFirstChangeNotificationW
GetVersion
SetFileAttributesW
GetFileAttributesExW
FindCloseChangeNotification
DeleteFileW
FindNextChangeNotification
SetCurrentDirectoryW
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetSystemTimeAsFileTime
GetSystemTime
CreateEventW
QueueUserWorkItem
SetThreadPriority
GetNativeSystemInfo
CloseHandle
WaitForSingleObject
CreateWaitableTimerW
SetWaitableTimer
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentThreadId
MulDiv
FreeLibrary
GetModuleHandleW
GetProcAddress
QueryPerformanceFrequency
MultiByteToWideChar
InterlockedCompareExchange
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection
IsValidCodePage
GetCurrentThread
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
GetStringTypeW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
lstrcpyW
DecodePointer

user32

GetMenu
FindWindowExW
GetWindow
GetMenuState
GetSystemMenu
DeferWindowPos
DrawAnimatedRects
IsIconic
RegisterWindowMessageW
EnableMenuItem
PostQuitMessage
IsZoomed
CheckMenuItem
TrackPopupMenuEx
FindWindowW
TranslateAcceleratorW
IntersectRect
EnumWindows
SetMenu
GetForegroundWindow
SetMenuDefaultItem
CountClipboardFormats
SetWindowPlacement
ChangeClipboardChain
DestroyIcon
IsDialogMessageW
OffsetRect
IsWindow
GetSubMenu
LoadAcceleratorsW
GetWindowPlacement
ShowOwnedPopups
SetClipboardViewer
EqualRect
IsWindowVisible
CheckMenuRadioItem
MapVirtualKeyW
ShowWindowAsync
LoadMenuW
GetMessageW
GetMessagePos
GetMenuItemInfoW
SetActiveWindow
SetCaretPos
OpenClipboard
SetTimer
GetKeyboardLayoutNameW
GetDlgCtrlID
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
ValidateRect
TrackMouseEvent
DispatchMessageW
GetMessageTime
SetFocus
GetClipboardData
DestroyCaret
SetClipboardData
IsClipboardFormatAvailable
GetCaretBlinkTime
ShowCaret
KillTimer
PtInRect
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
MonitorFromPoint
GetWindowRect
DestroyWindow
InflateRect
GetDC
SetWindowPos
CopyImage
MonitorFromRect
MonitorFromWindow
FillRect
CreateWindowExW
GetIconInfo
SendMessageW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
DestroyCursor
TrackPopupMenu
ShowWindow
DrawTextA
GetMonitorInfoW
CreateIconIndirect
ClientToScreen
MapWindowPoints
GetDoubleClickTime
FrameRect
GetSysColor
DestroyMenu
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
DrawTextW
SystemParametersInfoW
GetParent
ReleaseCapture
InvalidateRect
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
RedrawWindow
PeekMessageW
DialogBoxIndirectParamW
SetLayeredWindowAttributes
GetMenuStringW
TranslateMessage
GetClassNameW
InsertMenuW
SetRect
CreateDialogIndirectParamW
SetForegroundWindow
GetNextDlgTabItem
IsCharLowerW
CharUpperW
CharLowerW
GetFocus
GetCapture
GetComboBoxInfo
ChildWindowFromPoint
IsCharUpperW
GetWindowTextW
GetWindowTextLengthW
CheckRadioButton
GetPropW
MessageBoxExW
EndDialog
RemovePropW
SetWindowTextW
MessageBeep
GetActiveWindow
BeginDeferWindowPos
wvsprintfW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
IsWindowEnabled
IsDlgButtonChecked
IsCharAlphaNumericW
SetPropW
LoadIconW
EndDeferWindowPos
GetDlgItemInt
CheckDlgButton
GetSysColorBrush
SetDlgItemInt
LoadImageW
EnableWindow
LoadStringW
SendDlgItemMessageW
wsprintfW
GetDlgItem
UpdateWindow
MsgWaitForMultipleObjects
SetScrollInfo
RegisterClipboardFormatW
GetKeyState
GetUpdateRgn
PostMessageW
HideCaret
ScreenToClient
NotifyWinEvent
GetKeyboardLayout
GetScrollInfo
SetCursorPos

gdi32

DeleteDC
CreatePatternBrush
GetTextMetricsW
GetDeviceCaps
GetTextExtentExPointA
Polyline
GetStockObject
StretchBlt
GdiAlphaBlend
GetTextExtentExPointW
MoveToEx
GetTextExtentPoint32A
CreateDIBSection
SelectObject
ExtTextOutA
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CombineRgn
CreateBitmap
CreateRectRgn
CreateRectRgnIndirect
EndPage
DPtoLP
StartDocW
CreateFontW
EndDoc
StartPage
TranslateCharsetInfo
SetMapMode
EnumFontFamiliesExW
SetTextColor
SetBkMode
LineTo
CreatePen
ExtCreatePen
GetObjectW
SaveDC
SetBkColor
Ellipse
RestoreDC
DeleteObject
CreateSolidBrush
CreateFontIndirectW
SetTextAlign
RoundRect
ExtTextOutW
Polygon
CreateCompatibleDC
IntersectClipRect

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
PrintDlgW
ChooseColorW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
IsTextUnicode
GetTokenInformation
RegQueryValueExW
OpenProcessToken
RegSetValueExW
RegDeleteValueW

shell32

SHGetPathFromIDListW
SHGetDataFromIDListW
SHGetDesktopFolder
ord180
SHAppBarMessage
SHOpenFolderAndSelectItems
ShellExecuteExW
ord190
DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
DragAcceptFiles
DragFinish
SHAddToRecentDocs
ShellExecuteW
SHBrowseForFolderW
SHGetFileInfoW
SHGetFolderPathW

ole32

OleUninitialize
CoCreateGuid
OleInitialize
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
DoDragDrop
ReleaseStgMedium
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Notepad2.ini
locale/de/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/de/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/fr-FR/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/fr-FR/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/it/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/it/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/ja/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/ja/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/ko/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/ko/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/pt-BR/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/pt-BR/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/zh-Hans/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/zh-Hans/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/zh-Hant/Notepad2.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
locale/zh-Hant/metapath.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
metapath.exe
.exe windows x86

1db6e0328f55a5e354bc308e311b1f54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

comctl32

InitCommonControlsEx
CreateStatusWindowW
ord410
PropertySheetW
ord412
ImageList_AddMasked
ImageList_Create
ord413
ImageList_Destroy

shlwapi

PathUnquoteSpacesW
PathAppendW
PathIsRelativeW
StrTrimW
PathIsDirectoryW
SHAutoComplete
StrStrIW
PathFindFileNameW
PathQuoteSpacesW
StrCatBuffW
PathMatchSpecW
StrChrW
PathRenameExtensionW
StrRChrW
StrFormatByteSizeW
PathCompactPathExW
StrStrW
PathCommonPrefixW
PathFindExtensionW
PathCanonicalizeW
PathIsRootW
PathUnExpandEnvStringsW
PathIsPrefixW
PathRelativePathToW
StrDupW
PathRemoveFileSpecW
PathCombineW
PathRemoveBackslashW
PathAddBackslashW
PathIsSameRootW
StrRetToBufW

uxtheme

GetThemeSysFont
IsAppThemed
CloseThemeData
OpenThemeData
SetWindowTheme

kernel32

GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
GetACP
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
TlsFree
WritePrivateProfileStringW
HeapFree
lstrcpynW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileSectionW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
HeapSize
SetFileAttributesW
GetPrivateProfileStringW
lstrcatW
GetNativeSystemInfo
HeapAlloc
GetCurrentDirectoryW
lstrcpyW
WritePrivateProfileSectionW
CompareStringW
WaitForSingleObject
GlobalAlloc
GlobalFree
CreateThread
SizeofResource
InterlockedExchange
SearchPathW
GetFullPathNameW
GetCurrentProcess
lstrlenW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
GetLocaleInfoW
GetCommandLineA
GetPrivateProfileSectionNamesW
FreeResource
OpenProcess
CreateEventW
GlobalSize
SetEvent
LockResource
CloseHandle
ResetEvent
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
GlobalLock
LocalFree
GetModuleHandleW
GlobalUnlock
MulDiv
LoadLibraryExW
CreateDirectoryW
GetFileSizeEx
GetCommandLineW
WriteFile
SetErrorMode
FindFirstChangeNotificationW
GetVersion
GetFileAttributesExW
FileTimeToSystemTime
FindCloseChangeNotification
FileTimeToLocalFileTime
FindNextChangeNotification
SetCurrentDirectoryW
GetTimeFormatW
GetProcessHeap
FreeLibrary
CopyFileW
GetDateFormatW
GetEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
RtlUnwind
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetCPInfo
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
DecodePointer

user32

FindWindowW
TranslateAcceleratorW
BringWindowToTop
SetFocus
IntersectRect
GetMessageTime
EnumWindows
SetMenuDefaultItem
SetWindowPlacement
SetMenuItemInfoW
SetTimer
OffsetRect
GetSubMenu
TrackPopupMenu
LoadAcceleratorsW
GetWindowPlacement
RegisterClassExW
UnregisterClassW
GetSystemMetrics
DeleteMenu
ShowOwnedPopups
MonitorFromWindow
EqualRect
IsWindowVisible
GetDC
GetFocus
ShowWindowAsync
LoadMenuW
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetMenuItemInfoW
GetMessageW
IsZoomed
CheckRadioButton
MessageBoxExW
CreateWindowExW
SendMessageW
KillTimer
SetWindowTextW
MessageBeep
CreatePopupMenu
WindowFromPoint
DestroyCursor
LoadStringW
GetActiveWindow
ShowWindow
BeginDeferWindowPos
wvsprintfW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
PostQuitMessage
EnableMenuItem
RegisterWindowMessageW
UpdateWindow
IsIconic
ReleaseDC
GetWindowThreadProcessId
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
GetWindow
FindWindowExW
CopyImage
MonitorFromRect
SetActiveWindow
OpenClipboard
DispatchMessageW
RedrawWindow
DdeCreateStringHandleW
DdeConnect
GetMonitorInfoW
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
DdeInitializeW
DdeUninitialize
GetSysColor
IsWindowEnabled
IsDlgButtonChecked
DestroyMenu
GetMenuStringW
LoadIconW
LoadCursorW
GetClassNameW
SetCapture
EndDeferWindowPos
SetCursor
wsprintfW
SetWindowLongW
TrackPopupMenuEx
GetComboBoxInfo
GetDlgItem
AppendMenuW
CheckDlgButton
GetParent
ReleaseCapture
InvalidateRect
ChildWindowFromPoint
GetCursorPos
EnableWindow
GetWindowTextW
DialogBoxIndirectParamW
DdeClientTransaction
SetLayeredWindowAttributes
TranslateMessage
InsertMenuW
SetClipboardData
CheckMenuItem
SetWindowPos
SetRect
DdeDisconnect
SystemParametersInfoW
DdeFreeStringHandle
SetForegroundWindow
LoadImageW
SetCursorPos
GetPropW
RemovePropW
SetPropW
GetWindowLongW
GetWindowTextLengthW
PostMessageW
CheckMenuRadioItem
GetWindowRect
EndDialog
DestroyWindow
GetClientRect

gdi32

GetObjectW
GetDeviceCaps
GetStockObject
CreateFontIndirectW
CreateSolidBrush
DeleteObject

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
OpenProcessToken
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetDataFromIDListW
SHGetDesktopFolder
ord180
SHAppBarMessage
SHOpenFolderAndSelectItems
SHGetFolderPathW
ord190
DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
DragAcceptFiles
DragFinish
ShellExecuteW

ole32

CoCreateInstance
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
metapath.ini

Sharing

General

Malware Config

Signatures

Files

8a9a13b00f1eeaa583d43185f4a67102

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

imm32

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 625KB - Virtual size: 625KB

.data Size: 44KB - Virtual size: 128KB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 50KB - Virtual size: 49KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 96KB - Virtual size: 96KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 45KB - Virtual size: 45KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 109KB - Virtual size: 108KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 45KB - Virtual size: 45KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 106KB - Virtual size: 105KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 48KB - Virtual size: 47KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 81KB - Virtual size: 81KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 160B

.rsrc Size: 41KB - Virtual size: 41KB

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 625KB - Virtual size: 625KB

.data
Size: 44KB - Virtual size: 128KB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 50KB - Virtual size: 49KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 96KB - Virtual size: 96KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 45KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 109KB - Virtual size: 108KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 45KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 106KB - Virtual size: 105KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 48KB - Virtual size: 47KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 81KB - Virtual size: 81KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 41KB - Virtual size: 41KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 81KB - Virtual size: 81KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 42KB - Virtual size: 41KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 96KB - Virtual size: 96KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 45KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 76KB - Virtual size: 76KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 40KB - Virtual size: 39KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 76KB - Virtual size: 76KB

.rdata
Size: 512B - Virtual size: 160B

.rsrc
Size: 40KB - Virtual size: 39KB