TextPad 4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

TextPad 4.zip
Size

4.3MB
MD5

2f74dcd3cfadedc6e39a2d1d4770179e
SHA1

d88b07df291f48a4d89fa844d8d0e08a8f0fa8da
SHA256

8a21a212abf588d654c435e15ce803bf732cd5295ec335db677d671192bb462c
SHA512

53bac3055669960a042b839523da448fa7383a9184ba09ccc84d4244893c3ccb0b918e4620bd19a33fb3d46d55ad764579167cd5fa3d945e5e5111993ffaee14
SSDEEP

98304:x1h5nXq+JBsn2PQu+XTC5weZcLJbjNszysNCMTgYx4VmlQH:LTn6+Ju2QDmFZojN61gYx1mH

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TextPad 4/TextPad.exe
unpack001/TextPad 4/system/DDEOPN32.EXE
unpack001/TextPad 4/system/plumb.exe
unpack001/TextPad 4/system/shellext.dll
unpack001/TextPad 4/txpeng542.exe

Files

TextPad 4.zip
.zip
TextPad 4/README.TXT
TextPad 4/Samples/AutoLISP.syn
.vbs
TextPad 4/Samples/CTRLCHAR.TCL
TextPad 4/Samples/HELIOS01.TPM
TextPad 4/Samples/HELIOS02.TPM
TextPad 4/Samples/HELIOS03.TPM
TextPad 4/Samples/HELIOS04.TPM
TextPad 4/Samples/HELIOS05.TPM
TextPad 4/Samples/HELIOS06.TPM
TextPad 4/Samples/HELIOS07.TPM
TextPad 4/Samples/HELIOS08.TPM
TextPad 4/Samples/HELIOS09.TPM
TextPad 4/Samples/HELIOS10.TPM
TextPad 4/Samples/HELIOS11.TPM
TextPad 4/Samples/LaTeX.syn
TextPad 4/Samples/Runjava.bat
TextPad 4/Samples/SMS.tcl
TextPad 4/Samples/ansichar.tcl
TextPad 4/Samples/asp.syn
.vbs
TextPad 4/Samples/awk.syn
TextPad 4/Samples/cobol.syn
TextPad 4/Samples/csharp.syn
TextPad 4/Samples/dcl.syn
TextPad 4/Samples/dna.syn
TextPad 4/Samples/doschar.tcl
TextPad 4/Samples/f.syn
.vbs
TextPad 4/Samples/htmlchar.tcl
TextPad 4/Samples/htmltags.tcl
TextPad 4/Samples/lisp.syn
.vbs
TextPad 4/Samples/pascal.syn
.vbs
TextPad 4/Samples/pbasic.syn
.vbs
TextPad 4/Samples/perl.syn
TextPad 4/Samples/php.syn
TextPad 4/Samples/resource.syn
TextPad 4/Samples/syn.syn
TextPad 4/Samples/verilog.syn
TextPad 4/Samples/vhdl.syn
TextPad 4/Spelling/ssceam.tlx
.vbs
TextPad 4/Spelling/ssceam2.clx
TextPad 4/Spelling/sscebr.tlx
.vbs
TextPad 4/Spelling/sscebr2.clx
TextPad 4/Spelling/ssceca.tlx
.vbs
TextPad 4/Spelling/ssceca2.clx
TextPad 4/TextPad.exe
.exe windows:4 windows x86

1dfbc2d93e68d417720c02113152c9ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextA
IsDlgButtonChecked
SendDlgItemMessageA
GetDlgItemTextA
CheckRadioButton
UnhookWindowsHookEx
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetClassLongA
LockWindowUpdate
GetDCEx
ValidateRect
CallWindowProcA
IntersectRect
DrawStateA
DrawFrameControl
EqualRect
UnionRect
LoadImageA
DestroyIcon
WindowFromPoint
SystemParametersInfoA
RegisterWindowMessageA
IsCharAlphaA
DrawTextA
LoadBitmapA
GetClassInfoA
GetDlgCtrlID
TileWindows
InvalidateRgn
IsCharAlphaNumericA
MoveWindow
AdjustWindowRectEx
SetDlgItemTextA
IsRectEmpty
GetActiveWindow
CreateWindowExA
MapDialogRect
FrameRect
ReleaseDC
GetDC
EnumChildWindows
GetSysColorBrush
CharToOemA
TrackPopupMenu
DestroyMenu
GetMessagePos
ReuseDDElParam
UnpackDDElParam
LoadMenuA
SetMenu
GetMenu
ChangeClipboardChain
GetSystemMenu
GetForegroundWindow
GetWindowTextA
AppendMenuA
RemoveMenu
CheckMenuItem
FlashWindow
MessageBeep
SendNotifyMessageA
SetClipboardViewer
RedrawWindow
OffsetRect
GetKeyboardState
ToAscii
GetKeyNameTextA
MapVirtualKeyA
GetSubMenu
TranslateAcceleratorA
GetMessageA
DestroyAcceleratorTable
CopyAcceleratorTableA
CreateAcceleratorTableA
GetDoubleClickTime
BringWindowToTop
GetClassNameA
ScrollWindowEx
MessageBoxA
keybd_event
GetKeyboardLayout
InflateRect
SetMenuDefaultItem
IsWindowEnabled
SetCursor
RegisterClassA
LoadIconA
LoadCursorA
DefWindowProcA
SetActiveWindow
SetFocus
OemToCharA
GetMenuStringA
GetDesktopWindow
EnableMenuItem
wvsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
ScreenToClient
GetDlgItem
IsCharUpperA
CharLowerA
SetWindowPos
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetCursorPos
IsWindowVisible
GetCursorPos
GetSystemMetrics
GetSysColor
DrawFocusRect
GetDialogBaseUnits
CopyRect
GetWindowLongA
SetClipboardData
GetClipboardData
CloseClipboard
OpenClipboard
RegisterClipboardFormatA
CharToOemBuffA
OemToCharBuffA
ReleaseCapture
SetCapture
SetTimer
ClientToScreen
GetWindowTextLengthA
GetWindowPlacement
SetWindowPlacement
UnregisterClassA
SetScrollInfo
GetScrollInfo
ShowScrollBar
GetScrollPos
GetScrollRange
SetScrollRange
ScrollWindow
MapWindowPoints
GetTopWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
ShowOwnedPopups
DestroyCursor
DrawIcon
SetWindowRgn
GetWindowThreadProcessId
KillTimer
SetRect
GetCaretPos
HideCaret
ShowCaret
DestroyCaret
CreateCaret
FillRect
PtInRect
GetAsyncKeyState
GetMessageTime
IsChild
GetFocus
GetClientRect
SetCaretPos
SetRectEmpty
IsWindow
ReplyMessage
InSendMessage
GetWindowRect
GetMenuState
InsertMenuA
GetMenuItemID
GetMenuItemInfoA
GetWindow
GetLastActivePopup
FindWindowA
WinHelpA
GetCapture
GetMenuItemCount
DeleteMenu
ModifyMenuA
LoadStringA
wsprintfA
ShowWindow
CharUpperA
IsCharLowerA
WaitMessage
PostThreadMessageA
SetWindowLongA
InvalidateRect
EnableWindow
GetParent
SetParent
CreateMenu
GetTabbedTextExtentA
IsDialogMessageA
DrawIconEx
IsMenu
DrawEdge
SetMenuItemInfoA
GetMenuDefaultItem
GetKeyState
SetForegroundWindow
IsZoomed
IsIconic
SetScrollPos
PostMessageA
UpdateWindow
IsClipboardFormatAvailable
EmptyClipboard
SendMessageA

kernel32

_lwrite
_lopen
_lcreat
_lread
_llseek
_lclose
GetLocaleInfoW
IsBadCodePtr
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetTimeZoneInformation
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapSize
TerminateProcess
ExitProcess
CreateThread
ExitThread
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
VirtualQuery
VirtualAlloc
HeapReAlloc
HeapCompact
IsBadReadPtr
SetErrorMode
FindResourceExA
GetOEMCP
LocalFileTimeToFileTime
GetProfileIntA
GlobalFlags
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
GetTickCount
lstrcmpA
lstrlenA
lstrcpyA
CreateFileA
CreateFileMappingA
MapViewOfFile
CloseHandle
UnmapViewOfFile
SuspendThread
ResumeThread
GetLastError
GlobalAddAtomA
FreeLibrary
GetModuleFileNameA
GetLogicalDrives
GetShortPathNameA
CreateProcessA
GlobalLock
GlobalUnlock
GlobalHandle
GlobalFree
GlobalAlloc
MulDiv
MultiByteToWideChar
WaitForSingleObject
ReleaseMutex
CreateMutexA
FindFirstFileA
GetFullPathNameA
FindNextFileA
FindClose
lstrcmpiA
GetDriveTypeA
GetFileAttributesA
HeapAlloc
GetProcessHeap
HeapFree
lstrcatA
DeleteFileA
lstrcpynA
GetTempPathA
GetTempFileNameA
SetFileAttributesA
Sleep
GetFileSize
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileTime
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
ResetEvent
FindFirstChangeNotificationA
FormatMessageA
LocalFree
SetCurrentDirectoryA
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
CopyFileA
GetVolumeInformationA
GetSystemTime
SystemTimeToFileTime
GetUserDefaultLCID
LoadLibraryA
GetCurrentThread
GetCurrentProcess
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetCurrentProcessId
CreateEventA
GetUserDefaultLangID
GetCPInfo
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalReAlloc
SetThreadLocale
EnumResourceLanguagesA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
SetEnvironmentVariableA
GetTimeFormatA
GetDateFormatA
GetSystemInfo
FreeResource
CompareStringW
lstrlenW
GetStringTypeExA
CompareStringA
GetVersion
SetLastError
DuplicateHandle
GetExitCodeProcess
ReadFile
CreatePipe
SetThreadPriority
GetCurrentThreadId
GlobalSize
lstrcmpW
GlobalFindAtomA
ConvertDefaultLocale
VirtualProtect
RaiseException
WriteFile
LockFile
UnlockFile
LocalAlloc
TlsGetValue

gdi32

CreatePen
PatBlt
CreateHatchBrush
CreateSolidBrush
GetStockObject
CreateFontIndirectA
StretchBlt
GetRgnBox
SetPaletteEntries
Polygon
CreateHalftonePalette
GetDIBits
SetROP2
GetWindowOrgEx
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
StretchDIBits
LPtoDP
CreateEllipticRgn
Rectangle
GetViewportOrgEx
SetRectRgn
SelectPalette
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CopyMetaFileA
ExtCreatePen
GetTextExtentPointA
GetPaletteEntries
CreateFontA
CreateDIBitmap
Ellipse
GetCurrentObject
ExtFloodFill
SetDIBitsToDevice
SetStretchBltMode
RealizePalette
CreatePalette
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
CreateICA
GetTextFaceA
EnumFontFamiliesExA
DeleteDC
ExtTextOutA
GetTextAlign
GetTextExtentPoint32A
EnumObjects
GetCharWidthA
GetTextCharset
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextColor
GetBkColor
PtInRegion
GetTextExtentExPointA
GetNearestColor
DeleteObject
GetTextMetricsA
SelectObject
RectInRegion
AbortDoc
EndDoc
EndPage
StartPage
DPtoLP
GetDeviceCaps
StartDocA
SetAbortProc
FillRgn
CreatePolygonRgn
GetObjectA

oleaut32

VariantClear
SysAllocStringLen
VariantInit
VariantChangeType

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsTextUnicode
GetFileSecurityA
SetFileSecurityA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

mpr

WNetGetUniversalNameA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qnk
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TextPad 4/system/Brief.bnd
TextPad 4/system/DDEOPN32.EXE
.exe windows:4 windows x86

7b6a627bb18ae2ce772b15ffab940d7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetLastError
lstrlenA
GetModuleHandleA
HeapDestroy
ExitProcess
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
HeapAlloc
lstrcpyA
GetStartupInfoA
GetCommandLineA
GetVersion
MultiByteToWideChar
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc

user32

DdeUninitialize
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
DdeCreateStringHandleA
DdeConnect
DdeGetLastError
WaitForInputIdle
DdeCreateDataHandle
DdeClientTransaction
DdeFreeDataHandle
DdeDisconnect
DdeFreeStringHandle
MessageBeep
wvsprintfA
MessageBoxA
DefWindowProcA
DestroyWindow
PostQuitMessage
DdeInitializeA
CreateWindowExA
PostMessageA
RegisterClassA

gdi32

GetStockObject

advapi32

RegQueryValueA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TextPad 4/system/Ibmpe.bnd
TextPad 4/system/MSAPPS.BND
TextPad 4/system/TXPADENG.TIP
TextPad 4/system/Textpad2.bnd
TextPad 4/system/TxPadEng.chm
.chm
TextPad 4/system/Wordstar.bnd
TextPad 4/system/c.syn
.vbs
TextPad 4/system/cpp.syn
.vbs
TextPad 4/system/css.syn
TextPad 4/system/dostext.syn
TextPad 4/system/html.syn
TextPad 4/system/java.syn
TextPad 4/system/perl5.syn
TextPad 4/system/plumb.exe
.exe windows:4 windows x86

0cf814bb053a8bcc427cefc36dde214a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetStdHandle
CloseHandle
TerminateProcess
GetExitCodeProcess
GenerateConsoleCtrlEvent
WaitForMultipleObjects
lstrlenA
WriteFile
GetVersionExA
OpenEventA
ExitProcess
GetCommandLineA
CreateProcessA
SetConsoleCtrlHandler

user32

MessageBeep

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TextPad 4/system/shellext.dll
.dll windows:4 windows x86

6acc43f57a579cbd2fb1166b8eefa3ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
lstrcpynA
UnhandledExceptionFilter
WriteFile
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualFree
MultiByteToWideChar

shell32

DragQueryFileA

user32

DdeInitializeA
DdeFreeStringHandle
DdeDisconnect
WaitForInputIdle
DdeGetLastError
DdeConnect
LoadStringA
wsprintfA
DdeFreeDataHandle
DdeClientTransaction
DdeCreateDataHandle
DdeUninitialize
InsertMenuA
DdeCreateStringHandleA

advapi32

RegQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TextPad 4/system/text.syn
TextPad 4/txpeng542.exe
.exe windows:4 windows x86

f7a2fb3684e82dabbd2d00732b102dae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
SHGetMalloc

comctl32

ord17

kernel32

lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetTempPathW
ExpandEnvironmentStringsW
LockResource
SizeofResource
LoadResource
FindResourceW
GetTickCount
GetExitCodeThread
CreateThread
CopyFileW
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventW
lstrcatW
GetTempFileNameW
CompareStringA
CompareStringW
GetVersionExW
LoadLibraryW
FreeLibrary
GetProcAddress
lstrcmpW
lstrcmpiW
GetSystemDefaultLCID
GlobalHandle
VerLanguageNameW
MoveFileW
SetCurrentDirectoryW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
GetSystemTimeAsFileTime
SetFileAttributesW
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
IsValidCodePage
GetVersion
GetModuleHandleW
GetCommandLineW
GetFileAttributesW
IsBadReadPtr
VirtualQuery
lstrcmpiA
lstrcpyA
FlushFileBuffers
SetEndOfFile
GetDiskFreeSpaceW
GetDriveTypeW
CreateDirectoryW
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoW
QueryPerformanceCounter
SetEvent
ResetEvent
VirtualProtect
GetCurrentProcessId
CreateProcessW
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
GetLocalTime
GetProcessTimes
OpenProcess
lstrlenW
SetEnvironmentVariableA
GetOEMCP
GetACP
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
LoadLibraryA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
FatalAppExitA
TlsGetValue
GetDateFormatA
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetStartupInfoW
GetModuleHandleA
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection
lstrcmpA
GetTimeFormatA
CreateFileA
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileW
Sleep
RemoveDirectoryW
SetFilePointer
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
lstrcpynW
FindResourceExW
GetModuleFileNameW
GetLastError
SetLastError
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenA
CreateFileW
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
SearchPathW
WideCharToMultiByte
SystemTimeToFileTime
lstrcpynA
LocalAlloc
LoadLibraryExW

user32

GetClassInfoW
UpdateWindow
SetCursor
GetWindow
GetDlgItemTextW
SetFocus
EnableWindow
GetParent
GetWindowTextLengthW
GetWindowTextW
MoveWindow
SetWindowTextW
GetWindowPlacement
DestroyIcon
GetDlgCtrlID
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageW
SendMessageW
GetWindowRect
GetSystemMetrics
SetRect
FindWindowW
IntersectRect
SubtractRect
IsWindow
DestroyWindow
wvsprintfW
WaitForInputIdle
GetWindowLongW
BeginPaint
EndPaint
SetWindowLongW
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
EndDialog
GetDlgItem
ShowWindow
GetDesktopWindow
wsprintfW
MsgWaitForMultipleObjects
PeekMessageW
MessageBoxW
CreateDialogIndirectParamW
CreateDialogParamW
DialogBoxIndirectParamW
DialogBoxParamW
DefWindowProcW
PostMessageW
KillTimer
PostQuitMessage
SetTimer
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
GetDC
ReleaseDC
LoadStringW
CharPrevW
ExitWindowsEx
SendDlgItemMessageW
CharNextW
SetDlgItemTextW
CharUpperW
DrawIcon

gdi32

CreateFontW
GetTextExtentPoint32W
SetBkMode
SetTextColor
GetObjectW
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
SelectPalette
RealizePalette
CreateDIBitmap
TranslateCharsetInfo

advapi32

RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

ole32

CLSIDFromProgID
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoInitializeSecurity
CreateItemMoniker
GetRunningObjectTable
ProgIDFromCLSID
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysStringLen
SysReAllocStringLen
CreateErrorInfo
RegisterTypeLi
LoadTypeLi
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringLen

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW
UuidCreate

Sections

.text
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mjg
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1dfbc2d93e68d417720c02113152c9ca

Headers

File Characteristics

Imports

user32

kernel32

gdi32

oleaut32

advapi32

winspool.drv

mpr

version

shlwapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 320KB - Virtual size: 316KB

.data Size: 28KB - Virtual size: 44KB

.rsrc Size: 304KB - Virtual size: 304KB

.qnk Size: - Virtual size: 1B

7b6a627bb18ae2ce772b15ffab940d7a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 24KB

0cf814bb053a8bcc427cefc36dde214a

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 540B

.data Size: - Virtual size: 148B

.rsrc Size: 24KB - Virtual size: 24KB

6acc43f57a579cbd2fb1166b8eefa3ad

Headers

File Characteristics

Imports

kernel32

shell32

user32

advapi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

f7a2fb3684e82dabbd2d00732b102dae

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 424KB - Virtual size: 420KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 320KB - Virtual size: 316KB

.data
Size: 28KB - Virtual size: 44KB

.rsrc
Size: 304KB - Virtual size: 304KB

.qnk
Size: - Virtual size: 1B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 540B

.data
Size: - Virtual size: 148B

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 424KB - Virtual size: 420KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 40KB - Virtual size: 63KB

.rsrc
Size: 88KB - Virtual size: 87KB

.mjg
Size: - Virtual size: 1B