healer | mkpub_part_g[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

mkpub_part_g.zip
Size

452KB
MD5

d287ef3ca5bc3faad4f6dd38c1378a40
SHA1

5eb9337b868ba9cad3e313b59e3230c2ebc0532b
SHA256

eb25522b7a2bcab8b44846ec951e80e308d32bb166bf01d06ed05c34b51db68a
SHA512

948e337781466f02785ff0f08f34ea8ba2bf648d18f7585441a622ea16637a2d97fe38ab321ad466d059cfc5b586e3f3898ee19cbe629b2f174d8faf482d7b71
SSDEEP

12288:VtjvWPLd5iUVVS05sG3IraRhSLGUVRaKYK:V5vEaaiG4ravRUVRaK

Score

10^/10

healer

Malware Config

Signatures

Detects Healer an antivirus disabler dropper 1 IoCs

resource	yara_rule
static1/unpack001/e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.bin	healer

Healer family
healer

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d6086904aa3c47a04f9651cad2d2d4be3d50ae93b4bbc5b5b7bd63dc86eb2ec6.bin
unpack001/e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.bin
unpack001/eb1a060a2f31ff324b171aa329f0302493bf6d8a573c1142f03b7267fb2a362d.bin
unpack001/f6147edac0f3bf98bf8360176358fe4b4eeeca097325a501dcd32916b60fbe28.bin

Files

mkpub_part_g.zip
.zip

Password: infected
d6086904aa3c47a04f9651cad2d2d4be3d50ae93b4bbc5b5b7bd63dc86eb2ec6.bin
.dll windows:6 windows x64

Password: infected

e8385dfe7f786490db1860559fcd6c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateThread
GetPrivateProfileStringW
GetPrivateProfileIntW
Sleep
GetModuleHandleW
GetCurrentThread
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCommandLineW
CreateDirectoryW
CopyFileW
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
SetStdHandle
GetStringTypeW
GetFileSizeEx
GetProcessHeap
SetLastError
GetCurrentProcess
VirtualProtect
VirtualQuery
LoadLibraryExA
LoadLibraryExW
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
CloseHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW

user32

MessageBoxW

shell32

SHFileOperationW

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpQueryInfoW

Exports

Exports

GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.bin
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eb1a060a2f31ff324b171aa329f0302493bf6d8a573c1142f03b7267fb2a362d.bin
.exe windows:5 windows x86

Password: infected

f707ada0aac189999ec6eb4a5a71dfbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
LockResource
WaitForSingleObject
SizeofResource
FindResourceW
GetModuleHandleW
GetLastError
CreateMutexA
GetModuleHandleA
GlobalFindAtomA
FreeConsole
LoadResource
CreateHardLinkA
GetCommandLineA
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegDeleteKeyA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ktqovk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
f6147edac0f3bf98bf8360176358fe4b4eeeca097325a501dcd32916b60fbe28.bin
.exe windows:6 windows x64

Password: infected

ff082fef3d15cdd142534440e54d6a28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWrite
RegCloseKey
EventRegister
EventUnregister
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
OpenThreadToken
OpenProcessToken

kernel32

GetModuleHandleW
lstrcmpiW
RegEnumValueW
RegGetValueW
CreateFileW
FileTimeToSystemTime
GetFileAttributesW
CompareFileTime
SystemTimeToFileTime
GetTempFileNameW
CreateThread
UnregisterApplicationRecoveryCallback
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
RegisterApplicationRecoveryCallback
UnregisterApplicationRestart
RegisterApplicationRestart
OpenMutexW
DuplicateHandle
GetVersionExW
GetPrivateProfileStringW
DebugBreak
SetEvent
CreateEventW
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
MulDiv
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
FindResourceExW
GetSystemTime
FreeLibrary
LoadLibraryW
GetLastError
LocalAlloc
LocalFree
GetProcAddress
GetProcessHeap
SetUnhandledExceptionFilter
GetStartupInfoW
HeapAlloc
WaitForSingleObject
Sleep
CompareStringW
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
CreateMutexW
DeleteFileW
GetCommandLineW
SetThreadPriority
GetCurrentThread
CreateDirectoryW
OutputDebugStringW
LoadLibraryExA
DelayLoadFailureHook
lstrlenW
CloseHandle
ReleaseMutex

gdi32

GdiAlphaBlend
CreateFontW
GetTextFaceW
CreateRectRgn
CreateDIBSection
GetObjectW
SetLayout
CreateSolidBrush
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetClipRgn
BitBlt
GetTextExtentPoint32W
DeleteDC
GdiGradientFill
DeleteObject

user32

GetAncestor
CreateWindowExW
DestroyAcceleratorTable
GetUpdateRect
ShowWindow
GetScrollInfo
SetScrollInfo
SetScrollRange
ShowScrollBar
OffsetRect
CopyRect
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
ClientToScreen
DefWindowProcW
ReleaseDC
PtInRect
InflateRect
GetDesktopWindow
DestroyMenu
GetSubMenu
SetWindowPos
GetWindowRect
EndDeferWindowPos
BeginDeferWindowPos
PostMessageW
TrackPopupMenu
MapWindowPoints
ReleaseCapture
SystemParametersInfoW
LockWindowUpdate
GetFocus
RegisterClassW
LoadIconW
LoadCursorW
SetGestureConfig
GetWindowLongPtrW
GetSystemMenu
EnableMenuItem
DestroyWindow
GetDC
SetCursor
SendMessageW
GetClientRect
SetWindowLongPtrW
UpdateWindow
GetSystemMetrics
GetSysColor
EnableScrollBar
SetFocus
CreateCaret
SetCaretPos
SetTimer
KillTimer
ScrollWindowEx
SetCapture
ScreenToClient
MessageBoxW
ChangeWindowMessageFilter
RemoveMenu
GetWindowPlacement
SetWindowPlacement
PostQuitMessage
SetActiveWindow
IntersectRect
EqualRect
MonitorFromWindow
GetMonitorInfoW
MonitorFromRect
CopyAcceleratorTableW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
FindWindowW
SetForegroundWindow
SetProcessDPIAware
RegisterClassExW
DeferWindowPos
LoadAcceleratorsW
BeginPaint
HideCaret
ShowCaret
EndPaint
GetMessageExtraInfo
GetKeyboardLayout
LoadImageW
UnregisterClassA
TranslateAcceleratorW
LoadMenuW
UnregisterClassW
IsClipboardFormatAvailable
SetRect
GetScrollBarInfo
GetParent
GetWindowLongW
EnableWindow
FillRect
GetSysColorBrush
IsWindowVisible
GetKeyState
GetAsyncKeyState
SetScrollPos
GetWindowTextLengthW
UpdateLayeredWindow
InvalidateRect
GetWindowTextW

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_unlock
_XcptFilter
__getmainargs
??0exception@@QEAA@XZ
__CxxFrameHandler3
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
?what@exception@@UEBAPEBDXZ
vswprintf_s
_vscwprintf
_wcsicmp
malloc
wcsncpy_s
??0exception@@QEAA@AEBV0@@Z
__dllonexit
_lock
_onexit
realloc
_errno
cos
_vsnwprintf
wcstoul
memcpy
??1exception@@UEAA@XZ
memcpy_s
memmove_s
wcscpy_s
_purecall
calloc
_exit
??0exception@@QEAA@AEBQEBD@Z
free
sin

ntdll

WinSqmAddToStream
WinSqmEndSession
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIsOptedIn
WinSqmStartSession
WinSqmSetIfMaxDWORD

shell32

SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID
SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW
ShellExecuteW

shlwapi

ord212
ord184
PathFileExistsW
ord628
ord16
SHCreateStreamOnFileW
ord154
ord219
SHStrDupW

ole32

CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoUninitialize
OleUninitialize
OleInitialize
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
StgCreateStorageEx
StgOpenStorageEx
OleSaveToStream
WriteClassStm
CoTaskMemRealloc
OleLoadFromStream

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SystemTimeToVariantTime
SysFreeString
SysStringByteLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
VariantInit

comctl32

ord336
ord386
ord334
ord329
ord332
ord328
ord345

slc

SLGetWindowsInformationDWORD

dwmapi

DwmInvalidateIconicBitmaps
DwmSetIconicThumbnail
DwmSetIconicLivePreviewBitmap
DwmSetWindowAttribute

uxtheme

GetThemeFont
CloseThemeData
OpenThemeData

dui70

?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
?SetAbsorbsShortcut@Element@DirectUI@@QEAAJ_N@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z
?GetLocation@Element@DirectUI@@QEAAPEBUtagPOINT@@PEAPEAVValue@2@@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?EnabledProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
?SheetProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetSheet@DUIXmlParser@DirectUI@@QEAAJPEBGPEAPEAVValue@2@@Z
?SetWindowActive@Element@DirectUI@@QEAAJ_N@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?MouseWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetWindowActive@Element@DirectUI@@QEAA_NXZ
?WindowActiveProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?UpdateSheets@DUIXmlParser@DirectUI@@QEAAJPEAVElement@2@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Release@Value@DirectUI@@QEAAXXZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z

gdiplus

GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipFree
GdipCreateTexture
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipDrawImagePoints
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipSetCompositingMode
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipAlloc

rpcrt4

RpcStringFreeW
UuidCreateSequential
UuidToStringW
UuidCreate

windowscodecs

WICCreateImagingFactory_Proxy

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e8385dfe7f786490db1860559fcd6c74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

wininet

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 8KB - Virtual size: 8KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 3KB - Virtual size: 2KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

f707ada0aac189999ec6eb4a5a71dfbc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 34KB - Virtual size: 33KB

.reloc Size: 1KB - Virtual size: 1KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 341KB - Virtual size: 341KB

.ktqovk Size: 4KB - Virtual size: 4KB

Password: infected

ff082fef3d15cdd142534440e54d6a28

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shell32

shlwapi

ole32

oleaut32

comctl32

slc

dwmapi

uxtheme

dui70

gdiplus

rpcrt4

windowscodecs

Sections

.text Size: 188KB - Virtual size: 187KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 8KB - Virtual size: 8KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 34KB - Virtual size: 33KB

.reloc
Size: 1KB - Virtual size: 1KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 341KB - Virtual size: 341KB

.ktqovk
Size: 4KB - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 143KB - Virtual size: 144KB

.reloc
Size: 1KB - Virtual size: 1KB